From sle-updates at lists.suse.com Wed Dec 1 11:20:43 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Dec 2021 12:20:43 +0100 (CET) Subject: SUSE-RU-2021:3818-1: moderate: Recommended update for s390-tools Message-ID: <20211201112043.814E4FD0A@maintenance.suse.de> SUSE Recommended Update: Recommended update for s390-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3818-1 Rating: moderate References: #1192599 Affected Products: SUSE MicroOS 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for s390-tools fixes the following issues: - Fix reading /sys/kernel/mm/page_idle/bitmap could cause hang up on reading offline pages (bsc#1192599) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-3818=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3818=1 Package List: - SUSE MicroOS 5.1 (s390x): libekmfweb1-2.15.1-8.8.1 libekmfweb1-debuginfo-2.15.1-8.8.1 s390-tools-2.15.1-8.8.1 s390-tools-debuginfo-2.15.1-8.8.1 s390-tools-debugsource-2.15.1-8.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (s390x): libekmfweb1-2.15.1-8.8.1 libekmfweb1-debuginfo-2.15.1-8.8.1 libekmfweb1-devel-2.15.1-8.8.1 osasnmpd-2.15.1-8.8.1 osasnmpd-debuginfo-2.15.1-8.8.1 s390-tools-2.15.1-8.8.1 s390-tools-debuginfo-2.15.1-8.8.1 s390-tools-debugsource-2.15.1-8.8.1 s390-tools-hmcdrvfs-2.15.1-8.8.1 s390-tools-hmcdrvfs-debuginfo-2.15.1-8.8.1 s390-tools-zdsfs-2.15.1-8.8.1 s390-tools-zdsfs-debuginfo-2.15.1-8.8.1 References: https://bugzilla.suse.com/1192599 From sle-updates at lists.suse.com Wed Dec 1 11:22:01 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Dec 2021 12:22:01 +0100 (CET) Subject: SUSE-RU-2021:3817-1: important: Recommended update for saptune Message-ID: <20211201112201.873C8FD0A@maintenance.suse.de> SUSE Recommended Update: Recommended update for saptune ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3817-1 Rating: important References: #1190509 #1192053 #1192062 #1192272 #1192460 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP3 SUSE Linux Enterprise Module for SAP Applications 15-SP2 SUSE Linux Enterprise Module for SAP Applications 15-SP1 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for saptune fixes the following issues: - Fix the scheduler settings for multi path devices and suppress missleading warning messages regarding vendor and model information during block device detection (bsc#1192460) - Fix override of custom solutions (bsc#1192062) - Fix Cloud Notes marked as manually reverted after update from saptune2 to saptune3 (bsc#1192053) - saptune_check: degraded system is no longer considered an error (bsc#1192272) - Log missing model and vendor information to the saptune log file (bsc#1190509) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP3-2021-3817=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2021-3817=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2021-3817=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP3 (ppc64le x86_64): saptune-3.0.1-8.19.1 saptune-debuginfo-3.0.1-8.19.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2 (ppc64le x86_64): saptune-3.0.1-8.19.1 saptune-debuginfo-3.0.1-8.19.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1 (ppc64le x86_64): saptune-3.0.1-8.19.1 saptune-debuginfo-3.0.1-8.19.1 References: https://bugzilla.suse.com/1190509 https://bugzilla.suse.com/1192053 https://bugzilla.suse.com/1192062 https://bugzilla.suse.com/1192272 https://bugzilla.suse.com/1192460 From sle-updates at lists.suse.com Wed Dec 1 14:18:08 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Dec 2021 15:18:08 +0100 (CET) Subject: SUSE-OU-2021:3819-1: Optional update for cracklib Message-ID: <20211201141808.1016DFD0A@maintenance.suse.de> SUSE Optional Update: Optional update for cracklib ______________________________________________________________________________ Announcement ID: SUSE-OU-2021:3819-1 Rating: low References: #1191736 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This optional update for cracklib fixes the following issue: - Execute the test while building the package. (bsc#1191736) Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-3819=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3819=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): cracklib-debuginfo-2.9.0-8.5.1 cracklib-debugsource-2.9.0-8.5.1 cracklib-devel-2.9.0-8.5.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): cracklib-2.9.0-8.5.1 cracklib-debuginfo-2.9.0-8.5.1 cracklib-debugsource-2.9.0-8.5.1 cracklib-dict-small-2.9.0-8.5.1 libcrack2-2.9.0-8.5.1 libcrack2-debuginfo-2.9.0-8.5.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libcrack2-32bit-2.9.0-8.5.1 libcrack2-debuginfo-32bit-2.9.0-8.5.1 References: https://bugzilla.suse.com/1191736 From sle-updates at lists.suse.com Wed Dec 1 17:22:38 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Dec 2021 18:22:38 +0100 (CET) Subject: SUSE-RU-2021:3822-1: moderate: Recommended update for virt-manager Message-ID: <20211201172238.789D8FD0A@maintenance.suse.de> SUSE Recommended Update: Recommended update for virt-manager ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3822-1 Rating: moderate References: #1188223 #1190215 #1191358 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for virt-manager fixes the following issues: - DomU won't boot after adding phys hard drive (bsc#1188223) - Virtual Machine Manager shows disconnected after rebooting virtual machine in Xen mode (bsc#1191358) - Add Support for SUSE Product SLE-HPC to virt-install (bsc#1190215) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-3822=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): virt-install-3.2.0-7.7.1 virt-manager-3.2.0-7.7.1 virt-manager-common-3.2.0-7.7.1 References: https://bugzilla.suse.com/1188223 https://bugzilla.suse.com/1190215 https://bugzilla.suse.com/1191358 From sle-updates at lists.suse.com Wed Dec 1 17:24:15 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Dec 2021 18:24:15 +0100 (CET) Subject: SUSE-RU-2021:3825-1: moderate: Recommended update for grub2 Message-ID: <20211201172415.4210CFD0A@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3825-1 Rating: moderate References: #1167756 #1186975 Affected Products: SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for grub2 fixes the following issues: - Fix boot failure as journaled data not get drained due to abrupt power off after grub-install (bsc#1167756) - Fix boot failure after kdump due to the content of grub.cfg to pending modificaton in xfs journal (bsc#1186975) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-3825=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-3825=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-3825=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-3825=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-3825=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-3825=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): grub2-2.02-123.7.17 grub2-debuginfo-2.02-123.7.17 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): grub2-debugsource-2.02-123.7.17 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): grub2-i386-pc-2.02-123.7.17 grub2-powerpc-ieee1275-2.02-123.7.17 grub2-snapper-plugin-2.02-123.7.17 grub2-systemd-sleep-plugin-2.02-123.7.17 grub2-x86_64-efi-2.02-123.7.17 grub2-x86_64-xen-2.02-123.7.17 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): grub2-2.02-123.7.17 grub2-debuginfo-2.02-123.7.17 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 s390x x86_64): grub2-debugsource-2.02-123.7.17 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): grub2-arm64-efi-2.02-123.7.17 grub2-i386-pc-2.02-123.7.17 grub2-powerpc-ieee1275-2.02-123.7.17 grub2-snapper-plugin-2.02-123.7.17 grub2-systemd-sleep-plugin-2.02-123.7.17 grub2-x86_64-efi-2.02-123.7.17 grub2-x86_64-xen-2.02-123.7.17 - SUSE Linux Enterprise Server 15-SP1-LTSS (s390x): grub2-s390x-emu-2.02-123.7.17 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): grub2-i386-pc-2.02-123.7.17 grub2-snapper-plugin-2.02-123.7.17 grub2-systemd-sleep-plugin-2.02-123.7.17 grub2-x86_64-efi-2.02-123.7.17 grub2-x86_64-xen-2.02-123.7.17 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): grub2-2.02-123.7.17 grub2-debuginfo-2.02-123.7.17 grub2-debugsource-2.02-123.7.17 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): grub2-2.02-123.7.17 grub2-debuginfo-2.02-123.7.17 grub2-debugsource-2.02-123.7.17 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): grub2-arm64-efi-2.02-123.7.17 grub2-i386-pc-2.02-123.7.17 grub2-snapper-plugin-2.02-123.7.17 grub2-systemd-sleep-plugin-2.02-123.7.17 grub2-x86_64-efi-2.02-123.7.17 grub2-x86_64-xen-2.02-123.7.17 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): grub2-2.02-123.7.17 grub2-debuginfo-2.02-123.7.17 grub2-debugsource-2.02-123.7.17 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): grub2-arm64-efi-2.02-123.7.17 grub2-i386-pc-2.02-123.7.17 grub2-snapper-plugin-2.02-123.7.17 grub2-systemd-sleep-plugin-2.02-123.7.17 grub2-x86_64-efi-2.02-123.7.17 grub2-x86_64-xen-2.02-123.7.17 - SUSE Enterprise Storage 6 (aarch64 x86_64): grub2-2.02-123.7.17 grub2-debuginfo-2.02-123.7.17 grub2-debugsource-2.02-123.7.17 - SUSE Enterprise Storage 6 (noarch): grub2-arm64-efi-2.02-123.7.17 grub2-i386-pc-2.02-123.7.17 grub2-snapper-plugin-2.02-123.7.17 grub2-systemd-sleep-plugin-2.02-123.7.17 grub2-x86_64-efi-2.02-123.7.17 grub2-x86_64-xen-2.02-123.7.17 - SUSE CaaS Platform 4.0 (x86_64): grub2-2.02-123.7.17 grub2-debuginfo-2.02-123.7.17 grub2-debugsource-2.02-123.7.17 - SUSE CaaS Platform 4.0 (noarch): grub2-i386-pc-2.02-123.7.17 grub2-snapper-plugin-2.02-123.7.17 grub2-systemd-sleep-plugin-2.02-123.7.17 grub2-x86_64-efi-2.02-123.7.17 grub2-x86_64-xen-2.02-123.7.17 References: https://bugzilla.suse.com/1167756 https://bugzilla.suse.com/1186975 From sle-updates at lists.suse.com Wed Dec 1 17:25:46 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Dec 2021 18:25:46 +0100 (CET) Subject: SUSE-RU-2021:3820-1: moderate: Recommended update for suse-module-tools Message-ID: <20211201172546.8C193FD0A@maintenance.suse.de> SUSE Recommended Update: Recommended update for suse-module-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3820-1 Rating: moderate References: #1158817 #1189841 #1189879 #1190598 #1191200 #1191260 #1191480 #1191804 #1191922 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has 9 recommended fixes can now be installed. Description: This update for suse-module-tools fixes the following issues: Update to version 15.0.10: * Add kernel rpm scriptlets * rpm-script: fix bad exit status in OpenQA (bsc#1191922) * cert-script: Deal with existing $cert.delete file (bsc#1191804). * cert-script: Ignore kernel keyring for kernel certificates (bsc#1191480). * cert-script: Only print mokutil output in verbose mode. * inkmp-script(postun): don't pass existing files to weak-modules2 (bsc#1191200) * kernel-scriptlets: skip cert scriptlet on non-UEFI systems (bsc#1191260) * rpm-script: link config also into /boot (bsc#1189879) * Import kernel scriptlets from kernel-source. (bsc#1189841, bsc#1190598) * Provide "suse-kernel-rpm-scriptlets" Update to version 15.0.7: * 00-system.conf: move br_netfilter softdep to separate file (bsc#1158817) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-3820=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-3820=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3820=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3820=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): suse-module-tools-15.0.10-3.12.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): suse-module-tools-15.0.10-3.12.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): suse-module-tools-15.0.10-3.12.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): suse-module-tools-15.0.10-3.12.1 References: https://bugzilla.suse.com/1158817 https://bugzilla.suse.com/1189841 https://bugzilla.suse.com/1189879 https://bugzilla.suse.com/1190598 https://bugzilla.suse.com/1191200 https://bugzilla.suse.com/1191260 https://bugzilla.suse.com/1191480 https://bugzilla.suse.com/1191804 https://bugzilla.suse.com/1191922 From sle-updates at lists.suse.com Wed Dec 1 17:31:01 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Dec 2021 18:31:01 +0100 (CET) Subject: SUSE-RU-2021:3821-1: moderate: Recommended update for subversion Message-ID: <20211201173101.730B4FD0A@maintenance.suse.de> SUSE Recommended Update: Recommended update for subversion ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3821-1 Rating: moderate References: #1191282 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for subversions fixes the following issue: - the kde wallet plugin is now built and shipped again for openSUSE Leap 15.3 (bsc#1191282) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-3821=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-3821=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3821=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): subversion-debuginfo-1.10.6-10.5.1 subversion-debugsource-1.10.6-10.5.1 subversion-server-1.10.6-10.5.1 subversion-server-debuginfo-1.10.6-10.5.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): subversion-debuginfo-1.10.6-10.5.1 subversion-debugsource-1.10.6-10.5.1 subversion-perl-1.10.6-10.5.1 subversion-perl-debuginfo-1.10.6-10.5.1 subversion-python-1.10.6-10.5.1 subversion-python-debuginfo-1.10.6-10.5.1 subversion-tools-1.10.6-10.5.1 subversion-tools-debuginfo-1.10.6-10.5.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): subversion-bash-completion-1.10.6-10.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): subversion-1.10.6-10.5.1 subversion-debuginfo-1.10.6-10.5.1 subversion-debugsource-1.10.6-10.5.1 subversion-devel-1.10.6-10.5.1 References: https://bugzilla.suse.com/1191282 From sle-updates at lists.suse.com Wed Dec 1 17:32:22 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Dec 2021 18:32:22 +0100 (CET) Subject: SUSE-RU-2021:3829-1: moderate: Recommended update for rmt-server Message-ID: <20211201173222.E77A4FD0A@maintenance.suse.de> SUSE Recommended Update: Recommended update for rmt-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3829-1 Rating: moderate References: #1176628 #1186798 #1188043 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for rmt-server fixes the following issues: - Fix for Rails 6.1 zeitwerk autoloading errors (bsc#1186798) - Fix: Don't create symlinks at install stage, instead only link them at the post stage if they don't exist. (bsc#1188043) - Update translations. - Additional debug output for mirroring subcommand with '--debug' flag. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-3829=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2021-3829=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): rmt-server-2.6.11-3.9.3 rmt-server-config-2.6.11-3.9.3 rmt-server-debuginfo-2.6.11-3.9.3 rmt-server-debugsource-2.6.11-3.9.3 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (aarch64 ppc64le s390x x86_64): rmt-server-debuginfo-2.6.11-3.9.3 rmt-server-debugsource-2.6.11-3.9.3 rmt-server-pubcloud-2.6.11-3.9.3 References: https://bugzilla.suse.com/1176628 https://bugzilla.suse.com/1186798 https://bugzilla.suse.com/1188043 From sle-updates at lists.suse.com Wed Dec 1 17:34:00 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Dec 2021 18:34:00 +0100 (CET) Subject: SUSE-RU-2021:3823-1: moderate: Recommended update for yast2-registration Message-ID: <20211201173400.69D03FD0A@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-registration ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3823-1 Rating: moderate References: #1188211 #1188717 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2-registration fixes the following issues: - Report properly that no product is selected in autoinstallation (bsc#1188211) - Fixed evaluating the update repositories: (bsc#1188717) The SUSE Manager update repositories were not disabled when installing the system without updates. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3823=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): yast2-registration-4.3.25-3.9.1 References: https://bugzilla.suse.com/1188211 https://bugzilla.suse.com/1188717 From sle-updates at lists.suse.com Wed Dec 1 17:38:21 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Dec 2021 18:38:21 +0100 (CET) Subject: SUSE-RU-2021:3832-1: moderate: Recommended update for hwdata Message-ID: <20211201173821.53C13FD0A@maintenance.suse.de> SUSE Recommended Update: Recommended update for hwdata ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3832-1 Rating: moderate References: #1191375 Affected Products: SUSE Manager Tools 15 SUSE Linux Enterprise Module for SUSE Manager Server 4.2 SUSE Linux Enterprise Module for SUSE Manager Server 4.1 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for hwdata fixes the following issue: - Update to version 0.353 (bsc#1191375) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 15: zypper in -t patch SUSE-SLE-Manager-Tools-15-2021-3832=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2021-3832=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2021-3832=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2021-3832=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.1-2021-3832=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3832=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3832=1 Package List: - SUSE Manager Tools 15 (noarch): hwdata-0.353-3.36.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (noarch): hwdata-0.353-3.36.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch): hwdata-0.353-3.36.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (noarch): hwdata-0.353-3.36.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (noarch): hwdata-0.353-3.36.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): hwdata-0.353-3.36.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): hwdata-0.353-3.36.1 References: https://bugzilla.suse.com/1191375 From sle-updates at lists.suse.com Wed Dec 1 17:39:47 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Dec 2021 18:39:47 +0100 (CET) Subject: SUSE-RU-2021:3824-1: moderate: Recommended update for yast2-storage-ng Message-ID: <20211201173947.EF42FFD0A@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-storage-ng ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3824-1 Rating: moderate References: #1192124 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Installer 15-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-storage-ng fixes the following issues: - Set the volume group extent size according to the AutoYaST profile (bsc#1192124). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3824=1 - SUSE Linux Enterprise Installer 15-SP3: zypper in -t patch SUSE-SLE-INSTALLER-15-SP3-2021-3824=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): yast2-storage-ng-4.3.57-3.15.1 - SUSE Linux Enterprise Installer 15-SP3 (aarch64 ppc64le s390x x86_64): yast2-storage-ng-4.3.57-3.15.1 References: https://bugzilla.suse.com/1192124 From sle-updates at lists.suse.com Wed Dec 1 17:41:09 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Dec 2021 18:41:09 +0100 (CET) Subject: SUSE-RU-2021:3826-1: moderate: Recommended update for yast2-network Message-ID: <20211201174109.743C7FD0A@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-network ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3826-1 Rating: moderate References: #1192183 #1192270 #1192560 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Installer 15-SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for yast2-network fixes the following issues: - Replace calls to dropped method. (bsc#1192560) Fixed interfaces table description for s390 Group devices. - AutoYaST: Use"device" and "name" elements use "device" as "name" and "name" as "description". (bsc#1192270) - Do not crash when checking if a virtual interface is connected (bsc#1192183, bsc#1192270) - Add 'description' to the interfaces in the networking section (bsc#1192270) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3826=1 - SUSE Linux Enterprise Installer 15-SP2: zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2021-3826=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): yast2-schema-4.2.16-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): yast2-network-4.2.109-3.74.1 - SUSE Linux Enterprise Installer 15-SP2 (noarch): yast2-network-4.2.109-3.74.1 References: https://bugzilla.suse.com/1192183 https://bugzilla.suse.com/1192270 https://bugzilla.suse.com/1192560 From sle-updates at lists.suse.com Wed Dec 1 17:44:08 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Dec 2021 18:44:08 +0100 (CET) Subject: SUSE-RU-2021:3831-1: moderate: Recommended update for crmsh Message-ID: <20211201174408.D7FD6FD2F@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3831-1 Rating: moderate References: #1192618 Affected Products: SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for crmsh fixes the following issue: - Fix: ui_resource: Parse node and lifetime correctly (bsc#1192618) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2021-3831=1 Package List: - SUSE Linux Enterprise High Availability 15-SP1 (noarch): crmsh-4.3.1+20211119.97feb471-3.84.1 crmsh-scripts-4.3.1+20211119.97feb471-3.84.1 References: https://bugzilla.suse.com/1192618 From sle-updates at lists.suse.com Wed Dec 1 17:45:34 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Dec 2021 18:45:34 +0100 (CET) Subject: SUSE-SU-2021:3830-1: moderate: Security update for glibc Message-ID: <20211201174534.28A27FD2F@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3830-1 Rating: moderate References: #1027496 #1183085 Cross-References: CVE-2016-10228 CVSS scores: CVE-2016-10228 (NVD) : 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2016-10228 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for glibc fixes the following issues: - libio: do not attempt to free wide buffers of legacy streams (bsc#1183085) - CVE-2016-10228: Rewrite iconv option parsing to fix security issue (bsc#1027496) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-3830=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-3830=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3830=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): glibc-2.26-13.62.1 glibc-debuginfo-2.26-13.62.1 glibc-debugsource-2.26-13.62.1 glibc-locale-2.26-13.62.1 glibc-locale-base-2.26-13.62.1 glibc-locale-base-debuginfo-2.26-13.62.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): glibc-debuginfo-2.26-13.62.1 glibc-debugsource-2.26-13.62.1 glibc-devel-static-2.26-13.62.1 glibc-utils-2.26-13.62.1 glibc-utils-debuginfo-2.26-13.62.1 glibc-utils-src-debugsource-2.26-13.62.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (x86_64): glibc-32bit-debuginfo-2.26-13.62.1 glibc-devel-32bit-2.26-13.62.1 glibc-devel-32bit-debuginfo-2.26-13.62.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): glibc-2.26-13.62.1 glibc-debuginfo-2.26-13.62.1 glibc-debugsource-2.26-13.62.1 glibc-devel-2.26-13.62.1 glibc-devel-debuginfo-2.26-13.62.1 glibc-extra-2.26-13.62.1 glibc-extra-debuginfo-2.26-13.62.1 glibc-locale-2.26-13.62.1 glibc-locale-base-2.26-13.62.1 glibc-locale-base-debuginfo-2.26-13.62.1 glibc-profile-2.26-13.62.1 nscd-2.26-13.62.1 nscd-debuginfo-2.26-13.62.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): glibc-i18ndata-2.26-13.62.1 glibc-info-2.26-13.62.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): glibc-32bit-2.26-13.62.1 glibc-32bit-debuginfo-2.26-13.62.1 glibc-locale-base-32bit-2.26-13.62.1 glibc-locale-base-32bit-debuginfo-2.26-13.62.1 References: https://www.suse.com/security/cve/CVE-2016-10228.html https://bugzilla.suse.com/1027496 https://bugzilla.suse.com/1183085 From sle-updates at lists.suse.com Wed Dec 1 17:47:09 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Dec 2021 18:47:09 +0100 (CET) Subject: SUSE-RU-2021:3828-1: moderate: Recommended update for yast2-storage-ng Message-ID: <20211201174709.3D3A9FD0A@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-storage-ng ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3828-1 Rating: moderate References: #1192124 Affected Products: SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Installer 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-storage-ng fixes the following issues: - Set the volume group extent size according to the AutoYaST profile (bsc#1192124). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-3828=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-3828=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-3828=1 - SUSE Linux Enterprise Installer 15-SP1: zypper in -t patch SUSE-SLE-INSTALLER-15-SP1-2021-3828=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-3828=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-3828=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-3828=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): yast2-storage-ng-4.1.98-3.36.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): yast2-storage-ng-4.1.98-3.36.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): yast2-storage-ng-4.1.98-3.36.1 - SUSE Linux Enterprise Installer 15-SP1 (aarch64 ppc64le s390x x86_64): yast2-storage-ng-4.1.98-3.36.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): yast2-storage-ng-4.1.98-3.36.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): yast2-storage-ng-4.1.98-3.36.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): yast2-storage-ng-4.1.98-3.36.1 - SUSE CaaS Platform 4.0 (x86_64): yast2-storage-ng-4.1.98-3.36.1 References: https://bugzilla.suse.com/1192124 From sle-updates at lists.suse.com Wed Dec 1 17:49:59 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Dec 2021 18:49:59 +0100 (CET) Subject: SUSE-RU-2021:3827-1: moderate: Recommended update for yast2-network Message-ID: <20211201174959.17664FD0A@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-network ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3827-1 Rating: moderate References: #1191968 #1192183 #1192270 #1192560 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Installer 15-SP3 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for yast2-network and yast2-schema fixes the following issues: - Replace calls to dropped method. (bsc#1192560) Fixed interfaces table description for s390 Group devices. - AutoYaST: Use"device" and "name" elements use "device" as "name" and "name" as "description". (bsc#1192270) - Do not crash when checking if a virtual interface is connected (bsc#1192183, bsc#1192270) - Add 'description' to the interfaces in the networking section (bsc#1192270) - Add the "keep_unknown_lv" element to the partitioning schema (bsc#1191968) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3827=1 - SUSE Linux Enterprise Installer 15-SP3: zypper in -t patch SUSE-SLE-INSTALLER-15-SP3-2021-3827=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): yast2-schema-4.3.27-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): yast2-network-4.3.81-3.23.1 - SUSE Linux Enterprise Installer 15-SP3 (aarch64 ppc64le s390x x86_64): yast2-schema-4.3.27-3.9.1 - SUSE Linux Enterprise Installer 15-SP3 (noarch): yast2-network-4.3.81-3.23.1 References: https://bugzilla.suse.com/1191968 https://bugzilla.suse.com/1192183 https://bugzilla.suse.com/1192270 https://bugzilla.suse.com/1192560 From sle-updates at lists.suse.com Wed Dec 1 20:19:02 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Dec 2021 21:19:02 +0100 (CET) Subject: SUSE-SU-2021:3840-1: important: Security update for python-Pygments Message-ID: <20211201201902.D1954FD0A@maintenance.suse.de> SUSE Security Update: Security update for python-Pygments ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3840-1 Rating: important References: #1184812 Cross-References: CVE-2021-27291 CVSS scores: CVE-2021-27291 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-27291 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Pygments fixes the following issues: - CVE-2021-27291: Fixed ReDoS via crafted malicious input (bsc#1184812). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-3840=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-3840=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-3840=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3840=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-3840=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-3840=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-3840=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): python3-Pygments-2.6.1-7.10.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): python3-Pygments-2.6.1-7.10.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): python3-Pygments-2.6.1-7.10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): python3-Pygments-2.6.1-7.10.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): python3-Pygments-2.6.1-7.10.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): python3-Pygments-2.6.1-7.10.1 - SUSE Enterprise Storage 6 (noarch): python3-Pygments-2.6.1-7.10.1 - SUSE CaaS Platform 4.0 (noarch): python3-Pygments-2.6.1-7.10.1 References: https://www.suse.com/security/cve/CVE-2021-27291.html https://bugzilla.suse.com/1184812 From sle-updates at lists.suse.com Wed Dec 1 20:21:33 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Dec 2021 21:21:33 +0100 (CET) Subject: SUSE-SU-2021:3851-1: moderate: Security update for xen Message-ID: <20211201202133.C168BFD0A@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3851-1 Rating: moderate References: #1192554 #1192557 #1192559 Cross-References: CVE-2021-28704 CVE-2021-28705 CVE-2021-28706 CVE-2021-28707 CVE-2021-28708 CVE-2021-28709 CVSS scores: CVE-2021-28704 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28705 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28706 (NVD) : 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H CVE-2021-28706 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28707 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28708 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28709 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2021-28704, CVE-2021-28707, CVE-2021-28708: Fixed PoD operations on misaligned GFNs (XSA-388) (bsc#1192557). - CVE-2021-28705, CVE-2021-28709: Fixed issues with partially successful P2M updates on x86 (XSA-389) (bsc#1192559). - CVE-2021-28706: Fixed guests may exceed their designated memory limit (XSA-385) (bsc#1192554). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-3851=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-3851=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-3851=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-3851=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-3851=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-3851=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): xen-4.9.4_24-3.97.1 xen-debugsource-4.9.4_24-3.97.1 xen-doc-html-4.9.4_24-3.97.1 xen-libs-32bit-4.9.4_24-3.97.1 xen-libs-4.9.4_24-3.97.1 xen-libs-debuginfo-32bit-4.9.4_24-3.97.1 xen-libs-debuginfo-4.9.4_24-3.97.1 xen-tools-4.9.4_24-3.97.1 xen-tools-debuginfo-4.9.4_24-3.97.1 xen-tools-domU-4.9.4_24-3.97.1 xen-tools-domU-debuginfo-4.9.4_24-3.97.1 - SUSE OpenStack Cloud 8 (x86_64): xen-4.9.4_24-3.97.1 xen-debugsource-4.9.4_24-3.97.1 xen-doc-html-4.9.4_24-3.97.1 xen-libs-32bit-4.9.4_24-3.97.1 xen-libs-4.9.4_24-3.97.1 xen-libs-debuginfo-32bit-4.9.4_24-3.97.1 xen-libs-debuginfo-4.9.4_24-3.97.1 xen-tools-4.9.4_24-3.97.1 xen-tools-debuginfo-4.9.4_24-3.97.1 xen-tools-domU-4.9.4_24-3.97.1 xen-tools-domU-debuginfo-4.9.4_24-3.97.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): xen-4.9.4_24-3.97.1 xen-debugsource-4.9.4_24-3.97.1 xen-doc-html-4.9.4_24-3.97.1 xen-libs-32bit-4.9.4_24-3.97.1 xen-libs-4.9.4_24-3.97.1 xen-libs-debuginfo-32bit-4.9.4_24-3.97.1 xen-libs-debuginfo-4.9.4_24-3.97.1 xen-tools-4.9.4_24-3.97.1 xen-tools-debuginfo-4.9.4_24-3.97.1 xen-tools-domU-4.9.4_24-3.97.1 xen-tools-domU-debuginfo-4.9.4_24-3.97.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): xen-4.9.4_24-3.97.1 xen-debugsource-4.9.4_24-3.97.1 xen-doc-html-4.9.4_24-3.97.1 xen-libs-32bit-4.9.4_24-3.97.1 xen-libs-4.9.4_24-3.97.1 xen-libs-debuginfo-32bit-4.9.4_24-3.97.1 xen-libs-debuginfo-4.9.4_24-3.97.1 xen-tools-4.9.4_24-3.97.1 xen-tools-debuginfo-4.9.4_24-3.97.1 xen-tools-domU-4.9.4_24-3.97.1 xen-tools-domU-debuginfo-4.9.4_24-3.97.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): xen-4.9.4_24-3.97.1 xen-debugsource-4.9.4_24-3.97.1 xen-doc-html-4.9.4_24-3.97.1 xen-libs-32bit-4.9.4_24-3.97.1 xen-libs-4.9.4_24-3.97.1 xen-libs-debuginfo-32bit-4.9.4_24-3.97.1 xen-libs-debuginfo-4.9.4_24-3.97.1 xen-tools-4.9.4_24-3.97.1 xen-tools-debuginfo-4.9.4_24-3.97.1 xen-tools-domU-4.9.4_24-3.97.1 xen-tools-domU-debuginfo-4.9.4_24-3.97.1 - HPE Helion Openstack 8 (x86_64): xen-4.9.4_24-3.97.1 xen-debugsource-4.9.4_24-3.97.1 xen-doc-html-4.9.4_24-3.97.1 xen-libs-32bit-4.9.4_24-3.97.1 xen-libs-4.9.4_24-3.97.1 xen-libs-debuginfo-32bit-4.9.4_24-3.97.1 xen-libs-debuginfo-4.9.4_24-3.97.1 xen-tools-4.9.4_24-3.97.1 xen-tools-debuginfo-4.9.4_24-3.97.1 xen-tools-domU-4.9.4_24-3.97.1 xen-tools-domU-debuginfo-4.9.4_24-3.97.1 References: https://www.suse.com/security/cve/CVE-2021-28704.html https://www.suse.com/security/cve/CVE-2021-28705.html https://www.suse.com/security/cve/CVE-2021-28706.html https://www.suse.com/security/cve/CVE-2021-28707.html https://www.suse.com/security/cve/CVE-2021-28708.html https://www.suse.com/security/cve/CVE-2021-28709.html https://bugzilla.suse.com/1192554 https://bugzilla.suse.com/1192557 https://bugzilla.suse.com/1192559 From sle-updates at lists.suse.com Wed Dec 1 20:23:20 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Dec 2021 21:23:20 +0100 (CET) Subject: SUSE-SU-2021:14849-1: important: Security update for the Linux Kernel Message-ID: <20211201202320.99E4FFD0A@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14849-1 Rating: important References: #1183089 #1184673 #1186109 #1187050 #1187215 #1188172 #1188563 #1188601 #1188876 #1189057 #1189262 #1189399 #1190117 #1190351 #1191315 #1191660 #1191958 #1192036 #1192267 #904899 #905100 Cross-References: CVE-2014-7841 CVE-2020-36385 CVE-2021-20265 CVE-2021-33033 CVE-2021-3542 CVE-2021-3609 CVE-2021-3640 CVE-2021-3653 CVE-2021-3655 CVE-2021-3679 CVE-2021-37159 CVE-2021-3772 CVE-2021-38160 CVE-2021-38198 CVE-2021-42008 CVE-2021-42739 CVE-2021-43389 CVSS scores: CVE-2020-36385 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-36385 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-20265 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-20265 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-33033 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33033 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-3542 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-3609 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3640 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3653 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3655 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-3679 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-37159 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-37159 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3772 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-38160 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-38198 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-42008 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-42008 (SUSE): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-42739 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-43389 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Server 11-EXTRA SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 17 vulnerabilities and has four fixes is now available. Description: The SUSE Linux Enterprise 11 SP4 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-37159: hso_free_net_device in drivers/net/usb/hso.c called unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free (bnc#1188601). - CVE-2021-3772: Fixed sctp vtag check in sctp_sf_ootb (bsc#1190351). - CVE-2021-3655: Missing size validations on inbound SCTP packets may have allowed the kernel to read uninitialized memory (bnc#1188563 bnc#1192267). - CVE-2014-7841: The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation, when ASCONF is used, allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk (bnc#904899 bnc#905100). - CVE-2021-20265: A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function when a signal was pending. This flaw allowed an unprivileged local user to crash the system by exhausting available memory. The highest threat from this vulnerability is to system availability (bnc#1183089). - CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bnc#1184673 bnc#1192036). - CVE-2021-33033: The Linux kernel has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value (bnc#1186109 bnc#1188876). - CVE-2021-43389: There was an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958). - CVE-2021-42008: The decode_data function in drivers/net/hamradio/6pack.c had a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access (bnc#1191315). - CVE-2021-38160: Data corruption or loss could be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190117) - CVE-2021-3640: Fixed a Use-After-Free vulnerability in function sco_sock_sendmsg() in the bluetooth stack (bsc#1188172). - CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computed the access permissions of a shadow page, leading to a missing guest protection page fault (bnc#1189262). - CVE-2021-3653: A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "int_ctl" field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. (bnc#1189399). - CVE-2021-3679: A lack of CPU resource in the Linux kernel tracing module functionality was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service (bnc#1189057). - CVE-2021-3609: A potential local privilege escalation in the CAN BCM networking protocol was fixed (bsc#1187215). - CVE-2020-36385: drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c (bnc#1187050). The following non-security bugs were fixed: - sctp: check asoc peer.asconf_capable before processing asconf (bsc#1190351). - sctp: fully initialize v4 addr in some functions (bsc#1188563). - sctp: simplify addr copy (bsc#1188563). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-kernel-14849=1 - SUSE Linux Enterprise Server 11-EXTRA: zypper in -t patch slexsp3-kernel-14849=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-kernel-14849=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): kernel-default-3.0.101-108.132.1 kernel-default-base-3.0.101-108.132.1 kernel-default-devel-3.0.101-108.132.1 kernel-source-3.0.101-108.132.1 kernel-syms-3.0.101-108.132.1 kernel-trace-3.0.101-108.132.1 kernel-trace-base-3.0.101-108.132.1 kernel-trace-devel-3.0.101-108.132.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 x86_64): kernel-ec2-3.0.101-108.132.1 kernel-ec2-base-3.0.101-108.132.1 kernel-ec2-devel-3.0.101-108.132.1 kernel-xen-3.0.101-108.132.1 kernel-xen-base-3.0.101-108.132.1 kernel-xen-devel-3.0.101-108.132.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64): kernel-bigmem-3.0.101-108.132.1 kernel-bigmem-base-3.0.101-108.132.1 kernel-bigmem-devel-3.0.101-108.132.1 kernel-ppc64-3.0.101-108.132.1 kernel-ppc64-base-3.0.101-108.132.1 kernel-ppc64-devel-3.0.101-108.132.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (s390x): kernel-default-man-3.0.101-108.132.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (i586): kernel-pae-3.0.101-108.132.1 kernel-pae-base-3.0.101-108.132.1 kernel-pae-devel-3.0.101-108.132.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64): kernel-default-extra-3.0.101-108.132.1 - SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64): kernel-xen-extra-3.0.101-108.132.1 - SUSE Linux Enterprise Server 11-EXTRA (x86_64): kernel-trace-extra-3.0.101-108.132.1 - SUSE Linux Enterprise Server 11-EXTRA (ppc64): kernel-ppc64-extra-3.0.101-108.132.1 - SUSE Linux Enterprise Server 11-EXTRA (i586): kernel-pae-extra-3.0.101-108.132.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): kernel-default-debuginfo-3.0.101-108.132.1 kernel-default-debugsource-3.0.101-108.132.1 kernel-trace-debuginfo-3.0.101-108.132.1 kernel-trace-debugsource-3.0.101-108.132.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 s390x x86_64): kernel-default-devel-debuginfo-3.0.101-108.132.1 kernel-trace-devel-debuginfo-3.0.101-108.132.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): kernel-ec2-debuginfo-3.0.101-108.132.1 kernel-ec2-debugsource-3.0.101-108.132.1 kernel-xen-debuginfo-3.0.101-108.132.1 kernel-xen-debugsource-3.0.101-108.132.1 kernel-xen-devel-debuginfo-3.0.101-108.132.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64): kernel-bigmem-debuginfo-3.0.101-108.132.1 kernel-bigmem-debugsource-3.0.101-108.132.1 kernel-ppc64-debuginfo-3.0.101-108.132.1 kernel-ppc64-debugsource-3.0.101-108.132.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586): kernel-pae-debuginfo-3.0.101-108.132.1 kernel-pae-debugsource-3.0.101-108.132.1 kernel-pae-devel-debuginfo-3.0.101-108.132.1 References: https://www.suse.com/security/cve/CVE-2014-7841.html https://www.suse.com/security/cve/CVE-2020-36385.html https://www.suse.com/security/cve/CVE-2021-20265.html https://www.suse.com/security/cve/CVE-2021-33033.html https://www.suse.com/security/cve/CVE-2021-3542.html https://www.suse.com/security/cve/CVE-2021-3609.html https://www.suse.com/security/cve/CVE-2021-3640.html https://www.suse.com/security/cve/CVE-2021-3653.html https://www.suse.com/security/cve/CVE-2021-3655.html https://www.suse.com/security/cve/CVE-2021-3679.html https://www.suse.com/security/cve/CVE-2021-37159.html https://www.suse.com/security/cve/CVE-2021-3772.html https://www.suse.com/security/cve/CVE-2021-38160.html https://www.suse.com/security/cve/CVE-2021-38198.html https://www.suse.com/security/cve/CVE-2021-42008.html https://www.suse.com/security/cve/CVE-2021-42739.html https://www.suse.com/security/cve/CVE-2021-43389.html https://bugzilla.suse.com/1183089 https://bugzilla.suse.com/1184673 https://bugzilla.suse.com/1186109 https://bugzilla.suse.com/1187050 https://bugzilla.suse.com/1187215 https://bugzilla.suse.com/1188172 https://bugzilla.suse.com/1188563 https://bugzilla.suse.com/1188601 https://bugzilla.suse.com/1188876 https://bugzilla.suse.com/1189057 https://bugzilla.suse.com/1189262 https://bugzilla.suse.com/1189399 https://bugzilla.suse.com/1190117 https://bugzilla.suse.com/1190351 https://bugzilla.suse.com/1191315 https://bugzilla.suse.com/1191660 https://bugzilla.suse.com/1191958 https://bugzilla.suse.com/1192036 https://bugzilla.suse.com/1192267 https://bugzilla.suse.com/904899 https://bugzilla.suse.com/905100 From sle-updates at lists.suse.com Wed Dec 1 20:27:38 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Dec 2021 21:27:38 +0100 (CET) Subject: SUSE-SU-2021:3854-1: important: Security update for poppler Message-ID: <20211201202738.7F22FFD0A@maintenance.suse.de> SUSE Security Update: Security update for poppler ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3854-1 Rating: important References: #1092945 #1102531 #1107597 #1114966 #1115185 #1115186 #1115187 #1115626 #1120495 #1120496 #1120939 #1120956 #1124150 #1127329 #1129202 #1130229 #1131696 #1131722 #1142465 #1143950 #1179163 Cross-References: CVE-2017-18267 CVE-2018-13988 CVE-2018-16646 CVE-2018-18897 CVE-2018-19058 CVE-2018-19059 CVE-2018-19060 CVE-2018-19149 CVE-2018-20481 CVE-2018-20551 CVE-2018-20650 CVE-2018-20662 CVE-2019-10871 CVE-2019-10872 CVE-2019-14494 CVE-2019-7310 CVE-2019-9200 CVE-2019-9631 CVE-2019-9903 CVE-2019-9959 CVE-2020-27778 CVSS scores: CVE-2017-18267 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-18267 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2018-13988 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-13988 (SUSE): 5.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2018-16646 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-16646 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2018-18897 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-18897 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2018-19058 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-19058 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2018-19059 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-19059 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2018-19060 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-19060 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2018-19149 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-19149 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2018-20481 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-20481 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2018-20551 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-20551 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2018-20650 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-20650 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2018-20662 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-20662 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2019-10871 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-10871 (SUSE): 4.4 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L CVE-2019-10872 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-10872 (SUSE): 4.4 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L CVE-2019-14494 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-14494 (SUSE): 5.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2019-7310 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-9200 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-9200 (SUSE): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-9631 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-9631 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2019-9903 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-9903 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2019-9959 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-9959 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2020-27778 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-27778 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes 21 vulnerabilities is now available. Description: This update for poppler fixes the following issues: - CVE-2017-18267: Fixed an infinite recursion that would allow remote attackers to cause a denial of service (bsc#1092945). - CVE-2018-13988: Added an improper implementation check which otherwise could allow buffer overflows, memory corruption, and denial of service (bsc#1102531). - CVE-2018-16646: Fixed an infinite recursion which could allow a denial-of-service attack via a specially crafted PDF file (bsc#1107597). - CVE-2018-18897: Fixed a memory leak (bsc#1114966). - CVE-2018-19058: Fixed a bug which could allow a denial-of-service attack via a specially crafted PDF file (bsc#1115187). - CVE-2018-19059: Fixed an out-of-bounds read access which could allow a denial-of-service attack (bsc#1115186). - CVE-2018-19060: Fixed a NULL pointer dereference which could allow a denial-of-service attack (bsc#1115185). - CVE-2018-19149: Fixed a NULL pointer dereference which could allow a denial-of-service attack (bsc#1115626). - CVE-2018-20481: Fixed a NULL pointer dereference while handling unallocated XRef entries which could allow a denial-of-service attack (bsc#1120495). - CVE-2018-20551: Fixed a reachable assertion which could allow a denial-of-service attack through specially crafted PDF files (bsc#1120496). - CVE-2018-20650: Fixed a reachable assertion which could allow denial-of-service through specially crafted PDF files (bsc#1120939). - CVE-2018-20662: Fixed a bug which could potentially crash the running process by SIGABRT resulting in a denial-of-service attack through a specially crafted PDF file (bsc#1120956). - CVE-2019-10871: Fixed a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc (bsc#1131696). - CVE-2019-10872: Fixed a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc (bsc#1131722). - CVE-2019-14494: Fixed a divide-by-zero error in the function SplashOutputDev::tilingPatternFill (bsc#1143950). - CVE-2019-7310: Fixed a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) that allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document (bsc#1124150). - CVE-2019-9200: Fixed a heap-based buffer underwrite which could allow denial-of-service attack through a specially crafted PDF file (bsc#1127329) - CVE-2019-9631: Fixed a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function (bsc#1129202). - CVE-2019-9903: Fixed excessive stack consumption in the Dict::find() method, which can be triggered by passing a crafted pdf file to the pdfunite binary (bsc#1130229). - CVE-2019-9959: Fixed integer overflow that made it possible to allocate a large memory chunk on the heap with a size controlled by an attacker (bsc#1142465). - CVE-2020-27778: Fixed buffer overflow vulnerability in pdftohtml (bsc#1179163). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2021-3854=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-3854=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-3854=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-3854=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-3854=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-3854=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-3854=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-3854=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3854=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3854=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-3854=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): libpoppler73-0.62.0-4.6.1 libpoppler73-debuginfo-0.62.0-4.6.1 poppler-debugsource-0.62.0-4.6.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libpoppler-cpp0-0.62.0-4.6.1 libpoppler-cpp0-debuginfo-0.62.0-4.6.1 libpoppler-devel-0.62.0-4.6.1 libpoppler-glib-devel-0.62.0-4.6.1 libpoppler-glib8-0.62.0-4.6.1 libpoppler-glib8-debuginfo-0.62.0-4.6.1 libpoppler73-0.62.0-4.6.1 libpoppler73-debuginfo-0.62.0-4.6.1 poppler-debugsource-0.62.0-4.6.1 poppler-tools-0.62.0-4.6.1 poppler-tools-debuginfo-0.62.0-4.6.1 typelib-1_0-Poppler-0_18-0.62.0-4.6.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libpoppler-cpp0-0.62.0-4.6.1 libpoppler-cpp0-debuginfo-0.62.0-4.6.1 libpoppler-devel-0.62.0-4.6.1 libpoppler-glib-devel-0.62.0-4.6.1 libpoppler-glib8-0.62.0-4.6.1 libpoppler-glib8-debuginfo-0.62.0-4.6.1 libpoppler73-0.62.0-4.6.1 libpoppler73-debuginfo-0.62.0-4.6.1 poppler-debugsource-0.62.0-4.6.1 poppler-tools-0.62.0-4.6.1 poppler-tools-debuginfo-0.62.0-4.6.1 typelib-1_0-Poppler-0_18-0.62.0-4.6.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libpoppler-cpp0-0.62.0-4.6.1 libpoppler-cpp0-debuginfo-0.62.0-4.6.1 libpoppler-devel-0.62.0-4.6.1 libpoppler-glib-devel-0.62.0-4.6.1 libpoppler-glib8-0.62.0-4.6.1 libpoppler-glib8-debuginfo-0.62.0-4.6.1 libpoppler73-0.62.0-4.6.1 libpoppler73-debuginfo-0.62.0-4.6.1 poppler-debugsource-0.62.0-4.6.1 poppler-tools-0.62.0-4.6.1 poppler-tools-debuginfo-0.62.0-4.6.1 typelib-1_0-Poppler-0_18-0.62.0-4.6.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libpoppler-cpp0-0.62.0-4.6.1 libpoppler-cpp0-debuginfo-0.62.0-4.6.1 libpoppler-devel-0.62.0-4.6.1 libpoppler-glib-devel-0.62.0-4.6.1 libpoppler-glib8-0.62.0-4.6.1 libpoppler-glib8-debuginfo-0.62.0-4.6.1 libpoppler73-0.62.0-4.6.1 libpoppler73-debuginfo-0.62.0-4.6.1 poppler-debugsource-0.62.0-4.6.1 poppler-tools-0.62.0-4.6.1 poppler-tools-debuginfo-0.62.0-4.6.1 typelib-1_0-Poppler-0_18-0.62.0-4.6.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libpoppler-cpp0-0.62.0-4.6.1 libpoppler-cpp0-debuginfo-0.62.0-4.6.1 libpoppler-devel-0.62.0-4.6.1 libpoppler-glib-devel-0.62.0-4.6.1 libpoppler-glib8-0.62.0-4.6.1 libpoppler-glib8-debuginfo-0.62.0-4.6.1 libpoppler73-0.62.0-4.6.1 libpoppler73-debuginfo-0.62.0-4.6.1 poppler-debugsource-0.62.0-4.6.1 poppler-tools-0.62.0-4.6.1 poppler-tools-debuginfo-0.62.0-4.6.1 typelib-1_0-Poppler-0_18-0.62.0-4.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libpoppler-cpp0-0.62.0-4.6.1 libpoppler-cpp0-debuginfo-0.62.0-4.6.1 libpoppler-devel-0.62.0-4.6.1 libpoppler-glib-devel-0.62.0-4.6.1 libpoppler-glib8-0.62.0-4.6.1 libpoppler-glib8-debuginfo-0.62.0-4.6.1 libpoppler73-0.62.0-4.6.1 libpoppler73-debuginfo-0.62.0-4.6.1 poppler-debugsource-0.62.0-4.6.1 poppler-tools-0.62.0-4.6.1 poppler-tools-debuginfo-0.62.0-4.6.1 typelib-1_0-Poppler-0_18-0.62.0-4.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libpoppler-cpp0-0.62.0-4.6.1 libpoppler-cpp0-debuginfo-0.62.0-4.6.1 libpoppler-devel-0.62.0-4.6.1 libpoppler-glib-devel-0.62.0-4.6.1 libpoppler-glib8-0.62.0-4.6.1 libpoppler-glib8-debuginfo-0.62.0-4.6.1 libpoppler73-0.62.0-4.6.1 libpoppler73-debuginfo-0.62.0-4.6.1 poppler-debugsource-0.62.0-4.6.1 poppler-tools-0.62.0-4.6.1 poppler-tools-debuginfo-0.62.0-4.6.1 typelib-1_0-Poppler-0_18-0.62.0-4.6.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libpoppler-cpp0-0.62.0-4.6.1 libpoppler-cpp0-debuginfo-0.62.0-4.6.1 libpoppler-devel-0.62.0-4.6.1 libpoppler-glib-devel-0.62.0-4.6.1 libpoppler-glib8-0.62.0-4.6.1 libpoppler-glib8-debuginfo-0.62.0-4.6.1 libpoppler73-0.62.0-4.6.1 libpoppler73-debuginfo-0.62.0-4.6.1 poppler-debugsource-0.62.0-4.6.1 poppler-tools-0.62.0-4.6.1 poppler-tools-debuginfo-0.62.0-4.6.1 typelib-1_0-Poppler-0_18-0.62.0-4.6.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libpoppler-cpp0-0.62.0-4.6.1 libpoppler-cpp0-debuginfo-0.62.0-4.6.1 libpoppler-devel-0.62.0-4.6.1 libpoppler-glib-devel-0.62.0-4.6.1 libpoppler-glib8-0.62.0-4.6.1 libpoppler-glib8-debuginfo-0.62.0-4.6.1 libpoppler73-0.62.0-4.6.1 libpoppler73-debuginfo-0.62.0-4.6.1 poppler-debugsource-0.62.0-4.6.1 poppler-tools-0.62.0-4.6.1 poppler-tools-debuginfo-0.62.0-4.6.1 typelib-1_0-Poppler-0_18-0.62.0-4.6.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libpoppler-cpp0-0.62.0-4.6.1 libpoppler-cpp0-debuginfo-0.62.0-4.6.1 libpoppler-devel-0.62.0-4.6.1 libpoppler-glib-devel-0.62.0-4.6.1 libpoppler-glib8-0.62.0-4.6.1 libpoppler-glib8-debuginfo-0.62.0-4.6.1 libpoppler73-0.62.0-4.6.1 libpoppler73-debuginfo-0.62.0-4.6.1 poppler-debugsource-0.62.0-4.6.1 poppler-tools-0.62.0-4.6.1 poppler-tools-debuginfo-0.62.0-4.6.1 typelib-1_0-Poppler-0_18-0.62.0-4.6.1 - SUSE CaaS Platform 4.0 (x86_64): libpoppler-cpp0-0.62.0-4.6.1 libpoppler-cpp0-debuginfo-0.62.0-4.6.1 libpoppler-devel-0.62.0-4.6.1 libpoppler-glib-devel-0.62.0-4.6.1 libpoppler-glib8-0.62.0-4.6.1 libpoppler-glib8-debuginfo-0.62.0-4.6.1 libpoppler73-0.62.0-4.6.1 libpoppler73-debuginfo-0.62.0-4.6.1 poppler-debugsource-0.62.0-4.6.1 poppler-tools-0.62.0-4.6.1 poppler-tools-debuginfo-0.62.0-4.6.1 typelib-1_0-Poppler-0_18-0.62.0-4.6.1 References: https://www.suse.com/security/cve/CVE-2017-18267.html https://www.suse.com/security/cve/CVE-2018-13988.html https://www.suse.com/security/cve/CVE-2018-16646.html https://www.suse.com/security/cve/CVE-2018-18897.html https://www.suse.com/security/cve/CVE-2018-19058.html https://www.suse.com/security/cve/CVE-2018-19059.html https://www.suse.com/security/cve/CVE-2018-19060.html https://www.suse.com/security/cve/CVE-2018-19149.html https://www.suse.com/security/cve/CVE-2018-20481.html https://www.suse.com/security/cve/CVE-2018-20551.html https://www.suse.com/security/cve/CVE-2018-20650.html https://www.suse.com/security/cve/CVE-2018-20662.html https://www.suse.com/security/cve/CVE-2019-10871.html https://www.suse.com/security/cve/CVE-2019-10872.html https://www.suse.com/security/cve/CVE-2019-14494.html https://www.suse.com/security/cve/CVE-2019-7310.html https://www.suse.com/security/cve/CVE-2019-9200.html https://www.suse.com/security/cve/CVE-2019-9631.html https://www.suse.com/security/cve/CVE-2019-9903.html https://www.suse.com/security/cve/CVE-2019-9959.html https://www.suse.com/security/cve/CVE-2020-27778.html https://bugzilla.suse.com/1092945 https://bugzilla.suse.com/1102531 https://bugzilla.suse.com/1107597 https://bugzilla.suse.com/1114966 https://bugzilla.suse.com/1115185 https://bugzilla.suse.com/1115186 https://bugzilla.suse.com/1115187 https://bugzilla.suse.com/1115626 https://bugzilla.suse.com/1120495 https://bugzilla.suse.com/1120496 https://bugzilla.suse.com/1120939 https://bugzilla.suse.com/1120956 https://bugzilla.suse.com/1124150 https://bugzilla.suse.com/1127329 https://bugzilla.suse.com/1129202 https://bugzilla.suse.com/1130229 https://bugzilla.suse.com/1131696 https://bugzilla.suse.com/1131722 https://bugzilla.suse.com/1142465 https://bugzilla.suse.com/1143950 https://bugzilla.suse.com/1179163 From sle-updates at lists.suse.com Wed Dec 1 20:33:02 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Dec 2021 21:33:02 +0100 (CET) Subject: SUSE-SU-2021:14846-1: moderate: Security update for OpenEXR Message-ID: <20211201203302.9E58DFD0A@maintenance.suse.de> SUSE Security Update: Security update for OpenEXR ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14846-1 Rating: moderate References: #1188457 #1188458 #1188460 #1188461 #1192556 Cross-References: CVE-2021-20298 CVE-2021-20300 CVE-2021-20303 CVE-2021-20304 CVE-2021-3941 CVSS scores: CVE-2021-20298 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-20300 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-20303 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H CVE-2021-20304 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-3941 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for OpenEXR fixes the following issues: - CVE-2021-20298: Fixed out-of-memory in B44Compressor (bsc#1188460). - CVE-2021-20300: Fixed integer-overflow in Imf_2_5:hufUncompress (bsc#1188458). - CVE-2021-20303: Fixed heap-buffer-overflow in Imf_2_5::copyIntoFrameBuffe (bsc#1188457). - CVE-2021-20304: Fixed undefined-shift in Imf_2_5:hufDecode (bsc#1188461). - CVE-2021-3941: Fixed divide-by-zero in Imf_3_1:RGBtoXYZ (bsc#1192556). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-OpenEXR-14846=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-OpenEXR-14846=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-OpenEXR-14846=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-OpenEXR-14846=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): OpenEXR-1.6.1-83.17.30.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): OpenEXR-32bit-1.6.1-83.17.30.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): OpenEXR-1.6.1-83.17.30.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): OpenEXR-debuginfo-1.6.1-83.17.30.1 OpenEXR-debugsource-1.6.1-83.17.30.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): OpenEXR-debuginfo-32bit-1.6.1-83.17.30.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): OpenEXR-debuginfo-1.6.1-83.17.30.1 OpenEXR-debugsource-1.6.1-83.17.30.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (s390x x86_64): OpenEXR-debuginfo-32bit-1.6.1-83.17.30.1 References: https://www.suse.com/security/cve/CVE-2021-20298.html https://www.suse.com/security/cve/CVE-2021-20300.html https://www.suse.com/security/cve/CVE-2021-20303.html https://www.suse.com/security/cve/CVE-2021-20304.html https://www.suse.com/security/cve/CVE-2021-3941.html https://bugzilla.suse.com/1188457 https://bugzilla.suse.com/1188458 https://bugzilla.suse.com/1188460 https://bugzilla.suse.com/1188461 https://bugzilla.suse.com/1192556 From sle-updates at lists.suse.com Wed Dec 1 20:36:12 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Dec 2021 21:36:12 +0100 (CET) Subject: SUSE-SU-2021:3843-1: moderate: Security update for openexr Message-ID: <20211201203612.C5271FD0A@maintenance.suse.de> SUSE Security Update: Security update for openexr ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3843-1 Rating: moderate References: #1184353 #1192498 #1192556 Cross-References: CVE-2021-3477 CVE-2021-3933 CVE-2021-3941 CVSS scores: CVE-2021-3477 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-3477 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-3933 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-3941 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for openexr fixes the following issues: - CVE-2021-3477: Fixed Heap-buffer-overflow in Imf_2_5::DeepTiledInputFile::readPixelSampleCounts (bsc#1184353). - CVE-2021-3941: Fixed divide-by-zero in Imf_3_1:RGBtoXYZ (bsc#1192556). - CVE-2021-3933: Fixed integer-overflow in Imf_3_1:bytesPerDeepLineTable (bsc#1192498). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2021-3843=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-3843=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3843=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): libIlmImf-Imf_2_1-21-32bit-2.1.0-6.42.1 libIlmImf-Imf_2_1-21-debuginfo-32bit-2.1.0-6.42.1 openexr-debugsource-2.1.0-6.42.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): openexr-debuginfo-2.1.0-6.42.1 openexr-debugsource-2.1.0-6.42.1 openexr-devel-2.1.0-6.42.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libIlmImf-Imf_2_1-21-2.1.0-6.42.1 libIlmImf-Imf_2_1-21-debuginfo-2.1.0-6.42.1 openexr-2.1.0-6.42.1 openexr-debuginfo-2.1.0-6.42.1 openexr-debugsource-2.1.0-6.42.1 References: https://www.suse.com/security/cve/CVE-2021-3477.html https://www.suse.com/security/cve/CVE-2021-3933.html https://www.suse.com/security/cve/CVE-2021-3941.html https://bugzilla.suse.com/1184353 https://bugzilla.suse.com/1192498 https://bugzilla.suse.com/1192556 From sle-updates at lists.suse.com Wed Dec 1 20:40:48 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Dec 2021 21:40:48 +0100 (CET) Subject: SUSE-SU-2021:3849-1: moderate: Security update for xen Message-ID: <20211201204048.9A9E3FD0A@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3849-1 Rating: moderate References: #1189373 #1189378 #1189632 #1192554 #1192557 #1192559 Cross-References: CVE-2021-28701 CVE-2021-28704 CVE-2021-28705 CVE-2021-28706 CVE-2021-28707 CVE-2021-28708 CVE-2021-28709 CVSS scores: CVE-2021-28701 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-28704 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28705 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28706 (NVD) : 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H CVE-2021-28706 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28707 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28708 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28709 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2021-28701: Fixed race condition in XENMAPSPACE_grant_table handling (XSA-384) (bsc#1189632). - CVE-2021-28704, CVE-2021-28707, CVE-2021-28708: Fixed PoD operations on misaligned GFNs (XSA-388) (bsc#1192557). - CVE-2021-28705, CVE-2021-28709: Fixed issues with partially successful P2M updates on x86 (XSA-389) (bsc#1192559). - CVE-2021-28706: Fixed guests may exceed their designated memory limit (XSA-385) (bsc#1192554). - Integrate bugfixes (bsc#1189373, bsc#1189378) Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-3849=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-3849=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-3849=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-3849=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): xen-4.11.4_24-2.65.1 xen-debugsource-4.11.4_24-2.65.1 xen-doc-html-4.11.4_24-2.65.1 xen-libs-32bit-4.11.4_24-2.65.1 xen-libs-4.11.4_24-2.65.1 xen-libs-debuginfo-32bit-4.11.4_24-2.65.1 xen-libs-debuginfo-4.11.4_24-2.65.1 xen-tools-4.11.4_24-2.65.1 xen-tools-debuginfo-4.11.4_24-2.65.1 xen-tools-domU-4.11.4_24-2.65.1 xen-tools-domU-debuginfo-4.11.4_24-2.65.1 - SUSE OpenStack Cloud 9 (x86_64): xen-4.11.4_24-2.65.1 xen-debugsource-4.11.4_24-2.65.1 xen-doc-html-4.11.4_24-2.65.1 xen-libs-32bit-4.11.4_24-2.65.1 xen-libs-4.11.4_24-2.65.1 xen-libs-debuginfo-32bit-4.11.4_24-2.65.1 xen-libs-debuginfo-4.11.4_24-2.65.1 xen-tools-4.11.4_24-2.65.1 xen-tools-debuginfo-4.11.4_24-2.65.1 xen-tools-domU-4.11.4_24-2.65.1 xen-tools-domU-debuginfo-4.11.4_24-2.65.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): xen-4.11.4_24-2.65.1 xen-debugsource-4.11.4_24-2.65.1 xen-doc-html-4.11.4_24-2.65.1 xen-libs-32bit-4.11.4_24-2.65.1 xen-libs-4.11.4_24-2.65.1 xen-libs-debuginfo-32bit-4.11.4_24-2.65.1 xen-libs-debuginfo-4.11.4_24-2.65.1 xen-tools-4.11.4_24-2.65.1 xen-tools-debuginfo-4.11.4_24-2.65.1 xen-tools-domU-4.11.4_24-2.65.1 xen-tools-domU-debuginfo-4.11.4_24-2.65.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): xen-4.11.4_24-2.65.1 xen-debugsource-4.11.4_24-2.65.1 xen-doc-html-4.11.4_24-2.65.1 xen-libs-32bit-4.11.4_24-2.65.1 xen-libs-4.11.4_24-2.65.1 xen-libs-debuginfo-32bit-4.11.4_24-2.65.1 xen-libs-debuginfo-4.11.4_24-2.65.1 xen-tools-4.11.4_24-2.65.1 xen-tools-debuginfo-4.11.4_24-2.65.1 xen-tools-domU-4.11.4_24-2.65.1 xen-tools-domU-debuginfo-4.11.4_24-2.65.1 References: https://www.suse.com/security/cve/CVE-2021-28701.html https://www.suse.com/security/cve/CVE-2021-28704.html https://www.suse.com/security/cve/CVE-2021-28705.html https://www.suse.com/security/cve/CVE-2021-28706.html https://www.suse.com/security/cve/CVE-2021-28707.html https://www.suse.com/security/cve/CVE-2021-28708.html https://www.suse.com/security/cve/CVE-2021-28709.html https://bugzilla.suse.com/1189373 https://bugzilla.suse.com/1189378 https://bugzilla.suse.com/1189632 https://bugzilla.suse.com/1192554 https://bugzilla.suse.com/1192557 https://bugzilla.suse.com/1192559 From sle-updates at lists.suse.com Wed Dec 1 20:44:13 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Dec 2021 21:44:13 +0100 (CET) Subject: SUSE-SU-2021:3848-1: important: Security update for the Linux Kernel Message-ID: <20211201204413.96D76FD2F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3848-1 Rating: important References: #1094840 #1114648 #1141655 #1188601 #1190351 #1190397 #1190523 #1190795 #1191713 #1191790 #1191888 #1191961 #1192045 #1192267 #1192273 #1192379 #1192718 #1192750 #1192753 #1192781 #1192802 #1192906 SLE-22573 Cross-References: CVE-2021-0941 CVE-2021-20322 CVE-2021-31916 CVE-2021-34981 CVE-2021-37159 CVE-2021-3772 CVSS scores: CVE-2021-0941 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-20322 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2021-31916 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-31916 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-34981 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2021-37159 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-37159 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3772 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves 6 vulnerabilities, contains one feature and has 16 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - Unprivileged BPF has been disabled by default to reduce attack surface as too many security issues have happened in the past (jsc#SLE-22573) You can reenable via systemctl setting /proc/sys/kernel/unprivileged_bpf_disabled to 0. (kernel.unprivileged_bpf_disabled = 0) - CVE-2021-0941: In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192045). - CVE-2021-31916: An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel A bound check failure allowed an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability (bnc#1192781). - CVE-2021-20322: Make the ipv4 and ipv6 ICMP exception caches less predictive to avoid information leaks about UDP ports in use. (bsc#1191790) - CVE-2021-34981: Fixed file refcounting in cmtp when cmtp_attach_device fails (bsc#1191961). - CVE-2021-37159: hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free (bnc#1188601). - CVE-2021-3772: Fixed sctp vtag check in sctp_sf_ootb (bsc#1190351). The following non-security bugs were fixed: - EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell (bsc#1114648). - Revert "ibmvnic: check failover_pending in login response" (bsc#1190523 ltc#194510). - Revert "x86/kvm: fix vcpu-id indexed array sizes" (git-fixes). - USB: iowarrior: fix control-message timeouts (git-fixes). - USB: serial: keyspan: fix memleak on probe errors (git-fixes). - arm64/sve: Use correct size when reinitialising SVE state (git-fixes). - arm64: pgtable: make __pte_to_phys/__phys_to_pte_val inline functions (git-fixes). - bpf: Fix potential race in tail call compatibility check (git-fixes). - bpf: Move owner type, jited info into array auxiliary data (bsc#1141655). - bpf: Use kvmalloc for map values in syscall (stable-5.14.16). - btrfs: fix memory ordering between normal and ordered work functions (git-fixes). - ceph: take snap_empty_lock atomically with snaprealm refcount change (bsc#1191888). - config.sh: Build cve/linux-4.12 against SLE15-SP1. SLE15 is no longer updated and we will need recent update to suse-module-tools to continue building the kernel. - crypto: qat - detect PFVF collision after ACK (git-fixes). - crypto: qat - disregard spurious PFVF interrupts (git-fixes). - crypto: s5p-sss - Add error handling in s5p_aes_probe() (git-fixes). - drivers: base: cacheinfo: Get rid of DEFINE_SMP_CALL_CACHE_FUNCTION() (git-fixes). - drm: fix spectre issue in vmw_execbuf_ioctl (bsc#1192802). - ethernet: dwmac-stm32: Fix copyright (git-fixes). - ftrace: Fix scripts/recordmcount.pl due to new binutils (bsc#1192267). - fuse: fix page stealing (bsc#1192718). - gigaset: fix spectre issue in do_data_b3_req (bsc#1192802). - hisax: fix spectre issues (bsc#1192802). - hrtimer: Move copyout of remaining time to do_nanosleep() (bsc#1191713). - hrtimer_nanosleep(): Pass rmtp in restart_block (bsc#1191713). - hysdn: fix spectre issue in hycapi_send_message (bsc#1192802). - i2c: synquacer: fix deferred probing (git-fixes). - ibmvnic: Process crqs after enabling interrupts (bsc#1192273 ltc#194629). - ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510). - ibmvnic: delay complete() (bsc#1094840 ltc#167098 git-fixes). - ibmvnic: do not stop queue in xmit (bsc#1192273 ltc#194629). - infiniband: fix spectre issue in ib_uverbs_write (bsc#1192802). - ipv4: fix race condition between route lookup and invalidation (bsc#1190397). - iwlwifi: fix spectre issue in iwl_dbgfs_update_pm (bsc#1192802). - kernel, fs: Introduce and use set_restart_fn() and arch_set_restart_data() (bsc#1191713). - media: dvb_ca_en50221: prevent using slot_info for Spectre attacs (bsc#1192802). - media: dvb_ca_en50221: sanity check slot number from userspace (bsc#1192802). - media: wl128x: get rid of a potential spectre issue (bsc#1192802). - mm/hugetlb: initialize hugetlb_usage in mm_init (bsc#1192906). - mpt3sas: fix spectre issues (bsc#1192802). - net: sock_diag: Fix spectre v1 gadget in __sock_diag_cmd() (bsc#1192802). - net: stmmac: Avoid VLA usage (git-fixes). - net: stmmac: First Queue must always be in DCB mode (git-fixes). - net: stmmac: Fix TX timestamp calculation (git-fixes). - net: stmmac: Fix bad RX timestamp extraction (git-fixes). - net: stmmac: Fix stmmac_get_rx_hwtstamp() (git-fixes). - net: stmmac: Prevent infinite loop in get_rx_timestamp_status() (git-fixes). - net: stmmac: WARN if tx_skbuff entries are reused before cleared (git-fixes). - net: stmmac: add error handling in stmmac_mtl_setup() (git-fixes). - net: stmmac: discard disabled flags in interrupt status register (git-fixes). - net: stmmac: do not clear tx_skbuff entries in stmmac_xmit()/stmmac_tso_xmit() (git-fixes). - net: stmmac: dwc-qos-eth: Fix typo in DT bindings parsing (git-fixes). - net: stmmac: ensure that the MSS desc is the last desc to set the own bit (git-fixes). - net: stmmac: fix LPI transitioning for dwmac4 (git-fixes). - net: stmmac: honor error code from stmmac_dt_phy() (git-fixes). - net: stmmac: make dwmac4_release_tx_desc() clear all descriptor fields (git-fixes). - net: stmmac: remove redundant enable of PMT irq (git-fixes). - net: stmmac: rename GMAC_INT_DEFAULT_MASK for dwmac4 (git-fixes). - net: stmmac: use correct barrier between coherent memory and MMIO (git-fixes). - objtool-don-t-fail-on-missing-symbol-table.patch needed for vanilla flavor as well. - objtool: Do not fail on missing symbol table (bsc#1192379). - ocfs2: Fix data corruption on truncate (bsc#1190795). - ocfs2: do not zero pages beyond i_size (bsc#1190795). - osst: fix spectre issue in osst_verify_frame (bsc#1192802). - prctl: allow to setup brk for et_dyn executables (git-fixes). - printk/console: Allow to disable console output by using console="" or console=null (bsc#1192753). - printk: handle blank console arguments passed in (bsc#1192753). - scsi: BusLogic: Fix missing pr_cont() use (git-fixes). - scsi: FlashPoint: Rename si_flags field (git-fixes). - scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe() (git-fixes). - scsi: core: Fix error handling of scsi_host_alloc() (git-fixes). - scsi: core: Fix spelling in a source code comment (git-fixes). - scsi: core: Only put parent device if host state differs from SHOST_CREATED (git-fixes). - scsi: core: Put .shost_dev in failure path if host state changes to RUNNING (git-fixes). - scsi: core: Retry I/O for Notify (Enable Spinup) Required error (git-fixes). - scsi: csiostor: Add module softdep on cxgb4 (git-fixes). - scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn() (git-fixes). - scsi: dc395: Fix error case unwinding (git-fixes). - scsi: iscsi: Fix iface sysfs attr detection (git-fixes). - scsi: libsas: Use _safe() loop in sas_resume_port() (git-fixes). - scsi: mpt3sas: Fix error return value in _scsih_expander_add() (git-fixes). - scsi: qedf: Add pointer checks in qedf_update_link_speed() (git-fixes). - scsi: qedf: Fix error codes in qedf_alloc_global_queues() (git-fixes). - scsi: qedi: Fix error codes in qedi_alloc_global_queues() (git-fixes). - scsi: qla2xxx: Fix a memory leak in an error path of qla2x00_process_els() (git-fixes). - scsi: qla2xxx: Make sure that aborted commands are freed (git-fixes). - scsi: snic: Fix an error message (git-fixes). - scsi: ufs: ufshcd-pltfrm: Fix memory leak due to probe defer (git-fixes). - sctp: check asoc peer.asconf_capable before processing asconf (bsc#1190351). - soc: fsl: dpio: replace smp_processor_id with raw_smp_processor_id (git-fixes). - stmmac: copy unicast mac address to MAC registers (git-fixes). - stmmac: use of_property_read_u32 instead of read_u8 (git-fixes). - sysvipc/sem: mitigate semnum index against spectre v1 (bsc#1192802). - tty: serial: fsl_lpuart: fix the wrong mapbase value (git-fixes). - x86/xen: Mark cpu_bringup_and_idle() as dead_end_function (git-fixes). - xen-pciback: Fix return in pm_ctrl_init() (git-fixes). - xen: Fix implicit type conversion (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3848=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (x86_64): kernel-azure-4.12.14-16.80.1 kernel-azure-base-4.12.14-16.80.1 kernel-azure-base-debuginfo-4.12.14-16.80.1 kernel-azure-debuginfo-4.12.14-16.80.1 kernel-azure-debugsource-4.12.14-16.80.1 kernel-azure-devel-4.12.14-16.80.1 kernel-syms-azure-4.12.14-16.80.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): kernel-devel-azure-4.12.14-16.80.1 kernel-source-azure-4.12.14-16.80.1 References: https://www.suse.com/security/cve/CVE-2021-0941.html https://www.suse.com/security/cve/CVE-2021-20322.html https://www.suse.com/security/cve/CVE-2021-31916.html https://www.suse.com/security/cve/CVE-2021-34981.html https://www.suse.com/security/cve/CVE-2021-37159.html https://www.suse.com/security/cve/CVE-2021-3772.html https://bugzilla.suse.com/1094840 https://bugzilla.suse.com/1114648 https://bugzilla.suse.com/1141655 https://bugzilla.suse.com/1188601 https://bugzilla.suse.com/1190351 https://bugzilla.suse.com/1190397 https://bugzilla.suse.com/1190523 https://bugzilla.suse.com/1190795 https://bugzilla.suse.com/1191713 https://bugzilla.suse.com/1191790 https://bugzilla.suse.com/1191888 https://bugzilla.suse.com/1191961 https://bugzilla.suse.com/1192045 https://bugzilla.suse.com/1192267 https://bugzilla.suse.com/1192273 https://bugzilla.suse.com/1192379 https://bugzilla.suse.com/1192718 https://bugzilla.suse.com/1192750 https://bugzilla.suse.com/1192753 https://bugzilla.suse.com/1192781 https://bugzilla.suse.com/1192802 https://bugzilla.suse.com/1192906 From sle-updates at lists.suse.com Wed Dec 1 20:48:27 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Dec 2021 21:48:27 +0100 (CET) Subject: SUSE-SU-2021:3837-1: important: Security update for ruby2.1 Message-ID: <20211201204827.90E91FD0A@maintenance.suse.de> SUSE Security Update: Security update for ruby2.1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3837-1 Rating: important References: #1177125 #1188160 #1188161 #1190375 Cross-References: CVE-2020-25613 CVE-2021-31799 CVE-2021-31810 CVE-2021-32066 CVSS scores: CVE-2020-25613 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2020-25613 (SUSE): 6.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N CVE-2021-31799 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-31810 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-32066 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for ruby2.1 fixes the following issues: - CVE-2020-25613: Fixed potential HTTP request smuggling in WEBrick (bsc#1177125). - CVE-2021-31799: Fixed Command injection vulnerability in RDoc (bsc#1190375). - CVE-2021-31810: Fixed trusting FTP PASV responses vulnerability in Net:FTP (bsc#1188161). - CVE-2021-32066: Fixed StartTLS stripping vulnerability in Net:IMAP (bsc#1188160). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-3837=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-3837=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-3837=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-3837=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-3837=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-3837=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-3837=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3837=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-3837=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-3837=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-3837=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-3837=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-3837=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libruby2_1-2_1-2.1.9-19.6.1 libruby2_1-2_1-debuginfo-2.1.9-19.6.1 ruby2.1-2.1.9-19.6.1 ruby2.1-debuginfo-2.1.9-19.6.1 ruby2.1-debugsource-2.1.9-19.6.1 ruby2.1-stdlib-2.1.9-19.6.1 ruby2.1-stdlib-debuginfo-2.1.9-19.6.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libruby2_1-2_1-2.1.9-19.6.1 libruby2_1-2_1-debuginfo-2.1.9-19.6.1 ruby2.1-2.1.9-19.6.1 ruby2.1-debuginfo-2.1.9-19.6.1 ruby2.1-debugsource-2.1.9-19.6.1 ruby2.1-stdlib-2.1.9-19.6.1 ruby2.1-stdlib-debuginfo-2.1.9-19.6.1 - SUSE OpenStack Cloud 9 (x86_64): libruby2_1-2_1-2.1.9-19.6.1 libruby2_1-2_1-debuginfo-2.1.9-19.6.1 ruby2.1-2.1.9-19.6.1 ruby2.1-debuginfo-2.1.9-19.6.1 ruby2.1-debugsource-2.1.9-19.6.1 ruby2.1-stdlib-2.1.9-19.6.1 ruby2.1-stdlib-debuginfo-2.1.9-19.6.1 - SUSE OpenStack Cloud 8 (x86_64): libruby2_1-2_1-2.1.9-19.6.1 libruby2_1-2_1-debuginfo-2.1.9-19.6.1 ruby2.1-2.1.9-19.6.1 ruby2.1-debuginfo-2.1.9-19.6.1 ruby2.1-debugsource-2.1.9-19.6.1 ruby2.1-stdlib-2.1.9-19.6.1 ruby2.1-stdlib-debuginfo-2.1.9-19.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): ruby2.1-debuginfo-2.1.9-19.6.1 ruby2.1-debugsource-2.1.9-19.6.1 ruby2.1-devel-2.1.9-19.6.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libruby2_1-2_1-2.1.9-19.6.1 libruby2_1-2_1-debuginfo-2.1.9-19.6.1 ruby2.1-2.1.9-19.6.1 ruby2.1-debuginfo-2.1.9-19.6.1 ruby2.1-debugsource-2.1.9-19.6.1 ruby2.1-stdlib-2.1.9-19.6.1 ruby2.1-stdlib-debuginfo-2.1.9-19.6.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libruby2_1-2_1-2.1.9-19.6.1 libruby2_1-2_1-debuginfo-2.1.9-19.6.1 ruby2.1-2.1.9-19.6.1 ruby2.1-debuginfo-2.1.9-19.6.1 ruby2.1-debugsource-2.1.9-19.6.1 ruby2.1-stdlib-2.1.9-19.6.1 ruby2.1-stdlib-debuginfo-2.1.9-19.6.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libruby2_1-2_1-2.1.9-19.6.1 libruby2_1-2_1-debuginfo-2.1.9-19.6.1 ruby2.1-2.1.9-19.6.1 ruby2.1-debuginfo-2.1.9-19.6.1 ruby2.1-debugsource-2.1.9-19.6.1 ruby2.1-stdlib-2.1.9-19.6.1 ruby2.1-stdlib-debuginfo-2.1.9-19.6.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libruby2_1-2_1-2.1.9-19.6.1 libruby2_1-2_1-debuginfo-2.1.9-19.6.1 ruby2.1-2.1.9-19.6.1 ruby2.1-debuginfo-2.1.9-19.6.1 ruby2.1-debugsource-2.1.9-19.6.1 ruby2.1-stdlib-2.1.9-19.6.1 ruby2.1-stdlib-debuginfo-2.1.9-19.6.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libruby2_1-2_1-2.1.9-19.6.1 libruby2_1-2_1-debuginfo-2.1.9-19.6.1 ruby2.1-2.1.9-19.6.1 ruby2.1-debuginfo-2.1.9-19.6.1 ruby2.1-debugsource-2.1.9-19.6.1 ruby2.1-stdlib-2.1.9-19.6.1 ruby2.1-stdlib-debuginfo-2.1.9-19.6.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libruby2_1-2_1-2.1.9-19.6.1 libruby2_1-2_1-debuginfo-2.1.9-19.6.1 ruby2.1-2.1.9-19.6.1 ruby2.1-debuginfo-2.1.9-19.6.1 ruby2.1-debugsource-2.1.9-19.6.1 ruby2.1-stdlib-2.1.9-19.6.1 ruby2.1-stdlib-debuginfo-2.1.9-19.6.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libruby2_1-2_1-2.1.9-19.6.1 libruby2_1-2_1-debuginfo-2.1.9-19.6.1 ruby2.1-2.1.9-19.6.1 ruby2.1-debuginfo-2.1.9-19.6.1 ruby2.1-debugsource-2.1.9-19.6.1 ruby2.1-stdlib-2.1.9-19.6.1 ruby2.1-stdlib-debuginfo-2.1.9-19.6.1 - HPE Helion Openstack 8 (x86_64): libruby2_1-2_1-2.1.9-19.6.1 libruby2_1-2_1-debuginfo-2.1.9-19.6.1 ruby2.1-2.1.9-19.6.1 ruby2.1-debuginfo-2.1.9-19.6.1 ruby2.1-debugsource-2.1.9-19.6.1 ruby2.1-stdlib-2.1.9-19.6.1 ruby2.1-stdlib-debuginfo-2.1.9-19.6.1 References: https://www.suse.com/security/cve/CVE-2020-25613.html https://www.suse.com/security/cve/CVE-2021-31799.html https://www.suse.com/security/cve/CVE-2021-31810.html https://www.suse.com/security/cve/CVE-2021-32066.html https://bugzilla.suse.com/1177125 https://bugzilla.suse.com/1188160 https://bugzilla.suse.com/1188161 https://bugzilla.suse.com/1190375 From sle-updates at lists.suse.com Wed Dec 1 20:50:17 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Dec 2021 21:50:17 +0100 (CET) Subject: SUSE-SU-2021:3833-1: moderate: Security update for go1.17 Message-ID: <20211201205017.7F6FDFD0A@maintenance.suse.de> SUSE Security Update: Security update for go1.17 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3833-1 Rating: moderate References: #1190649 #1192377 #1192378 Cross-References: CVE-2021-41771 CVE-2021-41772 CVSS scores: CVE-2021-41772 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP2 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for go1.17 fixes the following issues: Security update go1.17.3 (released 2021-11-04) (bsc#1190649). - CVE-2021-41771: Fixed invalid dynamic symbol table command that could have caused panic (bsc#1192377). - CVE-2021-41772: Fixed panic on (*Reader).Open (bsc#1192378). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-3833=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-3833=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): go1.17-1.17.3-1.9.1 go1.17-doc-1.17.3-1.9.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64): go1.17-race-1.17.3-1.9.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): go1.17-1.17.3-1.9.1 go1.17-doc-1.17.3-1.9.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 x86_64): go1.17-race-1.17.3-1.9.1 References: https://www.suse.com/security/cve/CVE-2021-41771.html https://www.suse.com/security/cve/CVE-2021-41772.html https://bugzilla.suse.com/1190649 https://bugzilla.suse.com/1192377 https://bugzilla.suse.com/1192378 From sle-updates at lists.suse.com Wed Dec 1 20:51:55 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Dec 2021 21:51:55 +0100 (CET) Subject: SUSE-SU-2021:3853-1: moderate: Security update for clamav Message-ID: <20211201205155.2F9BEFD0A@maintenance.suse.de> SUSE Security Update: Security update for clamav ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3853-1 Rating: moderate References: #1103032 #1188284 #1192346 Cross-References: CVE-2018-14679 CVSS scores: CVE-2018-14679 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-14679 (SUSE): 4.4 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for clamav fixes the following issues: - CVE-2018-14679: Fixed off-by-one issue in embedded libmspack that could lead to denial of service (bsc#1103032). - Update to 0.103.4 (bsc#1192346). - Update to 0.103.3 (bsc#1188284). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3853=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): clamav-0.103.4-3.12.1 clamav-debuginfo-0.103.4-3.12.1 clamav-debugsource-0.103.4-3.12.1 References: https://www.suse.com/security/cve/CVE-2018-14679.html https://bugzilla.suse.com/1103032 https://bugzilla.suse.com/1188284 https://bugzilla.suse.com/1192346 From sle-updates at lists.suse.com Wed Dec 1 20:55:58 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Dec 2021 21:55:58 +0100 (CET) Subject: SUSE-SU-2021:3841-1: important: Security update for python-Pygments Message-ID: <20211201205558.9B94BFD0A@maintenance.suse.de> SUSE Security Update: Security update for python-Pygments ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3841-1 Rating: important References: #1184812 Cross-References: CVE-2021-27291 CVSS scores: CVE-2021-27291 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-27291 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Pygments fixes the following issues: - CVE-2021-27291: Fixed ReDoS via crafted malicious input (bsc#1184812). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-3841=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-3841=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-3841=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-3841=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3841=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3841=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (noarch): python3-Pygments-2.2.0-4.9.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): python3-Pygments-2.2.0-4.9.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch): python2-Pygments-2.2.0-4.9.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (noarch): python2-Pygments-2.2.0-4.9.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): python3-Pygments-2.2.0-4.9.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): python3-Pygments-2.2.0-4.9.1 References: https://www.suse.com/security/cve/CVE-2021-27291.html https://bugzilla.suse.com/1184812 From sle-updates at lists.suse.com Wed Dec 1 20:57:19 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Dec 2021 21:57:19 +0100 (CET) Subject: SUSE-SU-2021:3842-1: moderate: Security update for xen Message-ID: <20211201205719.3C0E3FD0A@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3842-1 Rating: moderate References: #1189373 #1189378 #1189632 #1192554 #1192557 #1192559 Cross-References: CVE-2021-28701 CVE-2021-28704 CVE-2021-28705 CVE-2021-28706 CVE-2021-28707 CVE-2021-28708 CVE-2021-28709 CVSS scores: CVE-2021-28701 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-28704 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28705 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28706 (NVD) : 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H CVE-2021-28706 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28707 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28708 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28709 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2021-28701: Fixed race condition in XENMAPSPACE_grant_table handling (XSA-384) (bsc#1189632). - CVE-2021-28704, CVE-2021-28707, CVE-2021-28708: Fixed PoD operations on misaligned GFNs (XSA-388) (bsc#1192557). - CVE-2021-28705, CVE-2021-28709: Fixed issues with partially successful P2M updates on x86 (XSA-389) (bsc#1192559). - CVE-2021-28706: Fixed guests may exceed their designated memory limit (XSA-385) (bsc#1192554). - Integrate bugfixes (bsc#1189373, bsc#1189378). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-3842=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3842=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3842=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (x86_64): xen-4.10.4_30-3.68.1 xen-debugsource-4.10.4_30-3.68.1 xen-devel-4.10.4_30-3.68.1 xen-libs-4.10.4_30-3.68.1 xen-libs-debuginfo-4.10.4_30-3.68.1 xen-tools-4.10.4_30-3.68.1 xen-tools-debuginfo-4.10.4_30-3.68.1 xen-tools-domU-4.10.4_30-3.68.1 xen-tools-domU-debuginfo-4.10.4_30-3.68.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): xen-4.10.4_30-3.68.1 xen-debugsource-4.10.4_30-3.68.1 xen-devel-4.10.4_30-3.68.1 xen-libs-4.10.4_30-3.68.1 xen-libs-debuginfo-4.10.4_30-3.68.1 xen-tools-4.10.4_30-3.68.1 xen-tools-debuginfo-4.10.4_30-3.68.1 xen-tools-domU-4.10.4_30-3.68.1 xen-tools-domU-debuginfo-4.10.4_30-3.68.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): xen-4.10.4_30-3.68.1 xen-debugsource-4.10.4_30-3.68.1 xen-devel-4.10.4_30-3.68.1 xen-libs-4.10.4_30-3.68.1 xen-libs-debuginfo-4.10.4_30-3.68.1 xen-tools-4.10.4_30-3.68.1 xen-tools-debuginfo-4.10.4_30-3.68.1 xen-tools-domU-4.10.4_30-3.68.1 xen-tools-domU-debuginfo-4.10.4_30-3.68.1 References: https://www.suse.com/security/cve/CVE-2021-28701.html https://www.suse.com/security/cve/CVE-2021-28704.html https://www.suse.com/security/cve/CVE-2021-28705.html https://www.suse.com/security/cve/CVE-2021-28706.html https://www.suse.com/security/cve/CVE-2021-28707.html https://www.suse.com/security/cve/CVE-2021-28708.html https://www.suse.com/security/cve/CVE-2021-28709.html https://bugzilla.suse.com/1189373 https://bugzilla.suse.com/1189378 https://bugzilla.suse.com/1189632 https://bugzilla.suse.com/1192554 https://bugzilla.suse.com/1192557 https://bugzilla.suse.com/1192559 From sle-updates at lists.suse.com Wed Dec 1 20:59:21 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Dec 2021 21:59:21 +0100 (CET) Subject: SUSE-SU-2021:3838-1: important: Security update for ruby2.5 Message-ID: <20211201205921.D04D5FD0A@maintenance.suse.de> SUSE Security Update: Security update for ruby2.5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3838-1 Rating: important References: #1188160 #1188161 #1190375 Cross-References: CVE-2021-31799 CVE-2021-31810 CVE-2021-32066 CVSS scores: CVE-2021-31799 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-31810 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-32066 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for ruby2.5 fixes the following issues: - CVE-2021-31799: Fixed Command injection vulnerability in RDoc (bsc#1190375). - CVE-2021-31810: Fixed trusting FTP PASV responses vulnerability in Net:FTP (bsc#1188161). - CVE-2021-32066: Fixed StartTLS stripping vulnerability in Net:IMAP (bsc#1188160). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-3838=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-3838=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-3838=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-3838=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-3838=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-3838=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3838=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3838=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-3838=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-3838=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3838=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3838=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-3838=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): libruby2_5-2_5-2.5.9-4.20.1 libruby2_5-2_5-debuginfo-2.5.9-4.20.1 ruby2.5-2.5.9-4.20.1 ruby2.5-debuginfo-2.5.9-4.20.1 ruby2.5-debugsource-2.5.9-4.20.1 ruby2.5-stdlib-2.5.9-4.20.1 ruby2.5-stdlib-debuginfo-2.5.9-4.20.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libruby2_5-2_5-2.5.9-4.20.1 libruby2_5-2_5-debuginfo-2.5.9-4.20.1 ruby2.5-2.5.9-4.20.1 ruby2.5-debuginfo-2.5.9-4.20.1 ruby2.5-debugsource-2.5.9-4.20.1 ruby2.5-devel-2.5.9-4.20.1 ruby2.5-devel-extra-2.5.9-4.20.1 ruby2.5-stdlib-2.5.9-4.20.1 ruby2.5-stdlib-debuginfo-2.5.9-4.20.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libruby2_5-2_5-2.5.9-4.20.1 libruby2_5-2_5-debuginfo-2.5.9-4.20.1 ruby2.5-2.5.9-4.20.1 ruby2.5-debuginfo-2.5.9-4.20.1 ruby2.5-debugsource-2.5.9-4.20.1 ruby2.5-devel-2.5.9-4.20.1 ruby2.5-devel-extra-2.5.9-4.20.1 ruby2.5-stdlib-2.5.9-4.20.1 ruby2.5-stdlib-debuginfo-2.5.9-4.20.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libruby2_5-2_5-2.5.9-4.20.1 libruby2_5-2_5-debuginfo-2.5.9-4.20.1 ruby2.5-2.5.9-4.20.1 ruby2.5-debuginfo-2.5.9-4.20.1 ruby2.5-debugsource-2.5.9-4.20.1 ruby2.5-devel-2.5.9-4.20.1 ruby2.5-devel-extra-2.5.9-4.20.1 ruby2.5-stdlib-2.5.9-4.20.1 ruby2.5-stdlib-debuginfo-2.5.9-4.20.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libruby2_5-2_5-2.5.9-4.20.1 libruby2_5-2_5-debuginfo-2.5.9-4.20.1 ruby2.5-2.5.9-4.20.1 ruby2.5-debuginfo-2.5.9-4.20.1 ruby2.5-debugsource-2.5.9-4.20.1 ruby2.5-devel-2.5.9-4.20.1 ruby2.5-devel-extra-2.5.9-4.20.1 ruby2.5-stdlib-2.5.9-4.20.1 ruby2.5-stdlib-debuginfo-2.5.9-4.20.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libruby2_5-2_5-2.5.9-4.20.1 libruby2_5-2_5-debuginfo-2.5.9-4.20.1 ruby2.5-2.5.9-4.20.1 ruby2.5-debuginfo-2.5.9-4.20.1 ruby2.5-debugsource-2.5.9-4.20.1 ruby2.5-devel-2.5.9-4.20.1 ruby2.5-devel-extra-2.5.9-4.20.1 ruby2.5-stdlib-2.5.9-4.20.1 ruby2.5-stdlib-debuginfo-2.5.9-4.20.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libruby2_5-2_5-2.5.9-4.20.1 libruby2_5-2_5-debuginfo-2.5.9-4.20.1 ruby2.5-2.5.9-4.20.1 ruby2.5-debuginfo-2.5.9-4.20.1 ruby2.5-debugsource-2.5.9-4.20.1 ruby2.5-devel-2.5.9-4.20.1 ruby2.5-devel-extra-2.5.9-4.20.1 ruby2.5-stdlib-2.5.9-4.20.1 ruby2.5-stdlib-debuginfo-2.5.9-4.20.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libruby2_5-2_5-2.5.9-4.20.1 libruby2_5-2_5-debuginfo-2.5.9-4.20.1 ruby2.5-2.5.9-4.20.1 ruby2.5-debuginfo-2.5.9-4.20.1 ruby2.5-debugsource-2.5.9-4.20.1 ruby2.5-devel-2.5.9-4.20.1 ruby2.5-devel-extra-2.5.9-4.20.1 ruby2.5-stdlib-2.5.9-4.20.1 ruby2.5-stdlib-debuginfo-2.5.9-4.20.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libruby2_5-2_5-2.5.9-4.20.1 libruby2_5-2_5-debuginfo-2.5.9-4.20.1 ruby2.5-2.5.9-4.20.1 ruby2.5-debuginfo-2.5.9-4.20.1 ruby2.5-debugsource-2.5.9-4.20.1 ruby2.5-devel-2.5.9-4.20.1 ruby2.5-devel-extra-2.5.9-4.20.1 ruby2.5-stdlib-2.5.9-4.20.1 ruby2.5-stdlib-debuginfo-2.5.9-4.20.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libruby2_5-2_5-2.5.9-4.20.1 libruby2_5-2_5-debuginfo-2.5.9-4.20.1 ruby2.5-2.5.9-4.20.1 ruby2.5-debuginfo-2.5.9-4.20.1 ruby2.5-debugsource-2.5.9-4.20.1 ruby2.5-devel-2.5.9-4.20.1 ruby2.5-devel-extra-2.5.9-4.20.1 ruby2.5-stdlib-2.5.9-4.20.1 ruby2.5-stdlib-debuginfo-2.5.9-4.20.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libruby2_5-2_5-2.5.9-4.20.1 libruby2_5-2_5-debuginfo-2.5.9-4.20.1 ruby2.5-2.5.9-4.20.1 ruby2.5-debuginfo-2.5.9-4.20.1 ruby2.5-debugsource-2.5.9-4.20.1 ruby2.5-devel-2.5.9-4.20.1 ruby2.5-devel-extra-2.5.9-4.20.1 ruby2.5-stdlib-2.5.9-4.20.1 ruby2.5-stdlib-debuginfo-2.5.9-4.20.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libruby2_5-2_5-2.5.9-4.20.1 libruby2_5-2_5-debuginfo-2.5.9-4.20.1 ruby2.5-2.5.9-4.20.1 ruby2.5-debuginfo-2.5.9-4.20.1 ruby2.5-debugsource-2.5.9-4.20.1 ruby2.5-devel-2.5.9-4.20.1 ruby2.5-devel-extra-2.5.9-4.20.1 ruby2.5-stdlib-2.5.9-4.20.1 ruby2.5-stdlib-debuginfo-2.5.9-4.20.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libruby2_5-2_5-2.5.9-4.20.1 libruby2_5-2_5-debuginfo-2.5.9-4.20.1 ruby2.5-2.5.9-4.20.1 ruby2.5-debuginfo-2.5.9-4.20.1 ruby2.5-debugsource-2.5.9-4.20.1 ruby2.5-devel-2.5.9-4.20.1 ruby2.5-devel-extra-2.5.9-4.20.1 ruby2.5-stdlib-2.5.9-4.20.1 ruby2.5-stdlib-debuginfo-2.5.9-4.20.1 - SUSE CaaS Platform 4.0 (x86_64): libruby2_5-2_5-2.5.9-4.20.1 libruby2_5-2_5-debuginfo-2.5.9-4.20.1 ruby2.5-2.5.9-4.20.1 ruby2.5-debuginfo-2.5.9-4.20.1 ruby2.5-debugsource-2.5.9-4.20.1 ruby2.5-devel-2.5.9-4.20.1 ruby2.5-devel-extra-2.5.9-4.20.1 ruby2.5-stdlib-2.5.9-4.20.1 ruby2.5-stdlib-debuginfo-2.5.9-4.20.1 References: https://www.suse.com/security/cve/CVE-2021-31799.html https://www.suse.com/security/cve/CVE-2021-31810.html https://www.suse.com/security/cve/CVE-2021-32066.html https://bugzilla.suse.com/1188160 https://bugzilla.suse.com/1188161 https://bugzilla.suse.com/1190375 From sle-updates at lists.suse.com Wed Dec 1 21:01:07 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Dec 2021 22:01:07 +0100 (CET) Subject: SUSE-SU-2021:3852-1: moderate: Security update for xen Message-ID: <20211201210107.25861FD0A@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3852-1 Rating: moderate References: #1027519 #1191363 #1191510 #1192554 #1192557 #1192559 Cross-References: CVE-2021-28702 CVE-2021-28704 CVE-2021-28705 CVE-2021-28706 CVE-2021-28707 CVE-2021-28708 CVE-2021-28709 CVSS scores: CVE-2021-28702 (NVD) : 7.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVE-2021-28704 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28705 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28706 (NVD) : 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H CVE-2021-28706 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28707 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28708 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28709 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2021-28702: Fixed PCI devices with RMRRs not deassigned correctly (XSA-386) (bsc#1191363). - CVE-2021-28704, CVE-2021-28707, CVE-2021-28708: Fixed PoD operations on misaligned GFNs (XSA-388) (bsc#1192557). - CVE-2021-28705, CVE-2021-28709: Fixed issues with partially successful P2M updates on x86 (XSA-389) (bsc#1192559). - CVE-2021-28706: Fixed guests may exceed their designated memory limit (XSA-385) (bsc#1192554). - Fixed 15sp4 uefi fv guest on 12sp5 host unable to bootup with sriov pci device plugin (bsc#1191510). - Upstream bug fixes (bsc#1027519). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-3852=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3852=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 x86_64): xen-debugsource-4.12.4_16-3.55.1 xen-devel-4.12.4_16-3.55.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): xen-4.12.4_16-3.55.1 xen-debugsource-4.12.4_16-3.55.1 xen-doc-html-4.12.4_16-3.55.1 xen-libs-32bit-4.12.4_16-3.55.1 xen-libs-4.12.4_16-3.55.1 xen-libs-debuginfo-32bit-4.12.4_16-3.55.1 xen-libs-debuginfo-4.12.4_16-3.55.1 xen-tools-4.12.4_16-3.55.1 xen-tools-debuginfo-4.12.4_16-3.55.1 xen-tools-domU-4.12.4_16-3.55.1 xen-tools-domU-debuginfo-4.12.4_16-3.55.1 References: https://www.suse.com/security/cve/CVE-2021-28702.html https://www.suse.com/security/cve/CVE-2021-28704.html https://www.suse.com/security/cve/CVE-2021-28705.html https://www.suse.com/security/cve/CVE-2021-28706.html https://www.suse.com/security/cve/CVE-2021-28707.html https://www.suse.com/security/cve/CVE-2021-28708.html https://www.suse.com/security/cve/CVE-2021-28709.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1191363 https://bugzilla.suse.com/1191510 https://bugzilla.suse.com/1192554 https://bugzilla.suse.com/1192557 https://bugzilla.suse.com/1192559 From sle-updates at lists.suse.com Wed Dec 1 21:03:10 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Dec 2021 22:03:10 +0100 (CET) Subject: SUSE-SU-2021:3857-1: moderate: Security update for python-sqlparse Message-ID: <20211201210310.F4212FD0A@maintenance.suse.de> SUSE Security Update: Security update for python-sqlparse ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3857-1 Rating: moderate References: #1190741 Cross-References: CVE-2021-32839 CVSS scores: CVE-2021-32839 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-32839 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-sqlparse fixes the following issues: - CVE-2021-32839: Fixed ReDoS via regular expression in StripComments filter (bsc#1190741). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3857=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): python3-sqlparse-0.4.2-3.3.1 References: https://www.suse.com/security/cve/CVE-2021-32839.html https://bugzilla.suse.com/1190741 From sle-updates at lists.suse.com Wed Dec 1 21:04:32 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Dec 2021 22:04:32 +0100 (CET) Subject: SUSE-SU-2021:3860-1: moderate: Security update for speex Message-ID: <20211201210432.E97AFFD0A@maintenance.suse.de> SUSE Security Update: Security update for speex ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3860-1 Rating: moderate References: #1192580 Cross-References: CVE-2020-23903 CVSS scores: CVE-2020-23903 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for speex fixes the following issues: - CVE-2020-23903: Fixed zero division error in read_samples (bsc#1192580). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-3860=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-3860=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3860=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3860=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (x86_64): libspeex1-32bit-1.2-3.3.1 libspeex1-32bit-debuginfo-1.2-3.3.1 speex-debugsource-1.2-3.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (x86_64): libspeex1-32bit-1.2-3.3.1 libspeex1-32bit-debuginfo-1.2-3.3.1 speex-debugsource-1.2-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libspeex1-1.2-3.3.1 libspeex1-debuginfo-1.2-3.3.1 speex-debuginfo-1.2-3.3.1 speex-debugsource-1.2-3.3.1 speex-devel-1.2-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libspeex1-1.2-3.3.1 libspeex1-debuginfo-1.2-3.3.1 speex-debuginfo-1.2-3.3.1 speex-debugsource-1.2-3.3.1 speex-devel-1.2-3.3.1 References: https://www.suse.com/security/cve/CVE-2020-23903.html https://bugzilla.suse.com/1192580 From sle-updates at lists.suse.com Wed Dec 1 21:05:56 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Dec 2021 22:05:56 +0100 (CET) Subject: SUSE-SU-2021:14848-1: moderate: Security update for xen Message-ID: <20211201210556.720EAFD0A@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14848-1 Rating: moderate References: #1182654 #1186013 #1186429 #1186433 #1186434 #1187369 #1187376 #1187378 #1189150 #1189376 #1189378 #1189632 #1192526 #1192554 #1192555 #1192559 Cross-References: CVE-2021-0089 CVE-2021-20255 CVE-2021-28690 CVE-2021-28692 CVE-2021-28697 CVE-2021-28698 CVE-2021-28701 CVE-2021-28703 CVE-2021-28705 CVE-2021-28706 CVE-2021-28709 CVE-2021-3527 CVE-2021-3592 CVE-2021-3594 CVE-2021-3595 CVE-2021-3682 CVE-2021-3930 CVSS scores: CVE-2021-0089 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-20255 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-20255 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2021-28697 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-28698 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28701 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-28703 (SUSE): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-28705 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28706 (NVD) : 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H CVE-2021-28706 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28709 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3527 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3527 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L CVE-2021-3592 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3592 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3594 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3594 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3595 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3595 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3682 (SUSE): 6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L CVE-2021-3930 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 17 vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2021-0089: Fixed Speculative Code Store Bypass (XSA-375) (bsc#1186433). - CVE-2021-20255: Fixed stack overflow via infinite recursion in eepro100 (bsc#1182654). - CVE-2021-28690: Fixed x86 TSX Async Abort protections not restored after S3 (XSA-377) (bsc#1186434). - CVE-2021-28692: Fixed inappropriate x86 IOMMU timeout detection / handling (XSA-373) (bsc#1186429). - CVE-2021-28697: Fixed grant table v2 status pages may remain accessible after de-allocation (XSA-379) (bsc#1189376). - CVE-2021-28698: Fixed long running loops in grant table handling. (XSA-380) (bsc#1189378). - CVE-2021-28701: Fixed race condition in XENMAPSPACE_grant_table handling (XSA-384) (bsc#1189632). - CVE-2021-28703: Fixed grant table v2 status pages may remain accessible after de-allocation (take two) (XSA-387) (bsc#1192555). - CVE-2021-28705, CVE-2021-28709: Fixed issues with partially successful P2M updates on x86 (XSA-389) (bsc#1192559). - CVE-2021-28706: Fixed guests may exceed their designated memory limit (XSA-385) (bsc#1192554). - CVE-2021-3527: Fixed unbounded stack allocation in usbredir (bsc#1186013). - CVE-2021-3592: Fixed invalid pointer initialization may lead to information disclosure in slirp (bootp) (bsc#1187369). - CVE-2021-3594: Fixed invalid pointer initialization may lead to information disclosure in slirp (udp) (bsc#1187378). - CVE-2021-3595: Fixed invalid pointer initialization may lead to information disclosure in slirp (tftp) (bsc#1187376). - CVE-2021-3682: Fixed free call on invalid pointer in usbredir bufp_alloc (bsc#1189150). - CVE-2021-3930: Fixed off-by-one error in mode_sense_page() in hw/scsi/scsi-disk.c (bsc#1192526). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-xen-14848=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xen-14848=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 x86_64): xen-kmp-default-4.4.4_50_3.0.101_108.129-61.67.1 xen-libs-4.4.4_50-61.67.1 xen-tools-domU-4.4.4_50-61.67.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (x86_64): xen-4.4.4_50-61.67.1 xen-doc-html-4.4.4_50-61.67.1 xen-libs-32bit-4.4.4_50-61.67.1 xen-tools-4.4.4_50-61.67.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (i586): xen-kmp-pae-4.4.4_50_3.0.101_108.129-61.67.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): xen-debuginfo-4.4.4_50-61.67.1 xen-debugsource-4.4.4_50-61.67.1 References: https://www.suse.com/security/cve/CVE-2021-0089.html https://www.suse.com/security/cve/CVE-2021-20255.html https://www.suse.com/security/cve/CVE-2021-28690.html https://www.suse.com/security/cve/CVE-2021-28692.html https://www.suse.com/security/cve/CVE-2021-28697.html https://www.suse.com/security/cve/CVE-2021-28698.html https://www.suse.com/security/cve/CVE-2021-28701.html https://www.suse.com/security/cve/CVE-2021-28703.html https://www.suse.com/security/cve/CVE-2021-28705.html https://www.suse.com/security/cve/CVE-2021-28706.html https://www.suse.com/security/cve/CVE-2021-28709.html https://www.suse.com/security/cve/CVE-2021-3527.html https://www.suse.com/security/cve/CVE-2021-3592.html https://www.suse.com/security/cve/CVE-2021-3594.html https://www.suse.com/security/cve/CVE-2021-3595.html https://www.suse.com/security/cve/CVE-2021-3682.html https://www.suse.com/security/cve/CVE-2021-3930.html https://bugzilla.suse.com/1182654 https://bugzilla.suse.com/1186013 https://bugzilla.suse.com/1186429 https://bugzilla.suse.com/1186433 https://bugzilla.suse.com/1186434 https://bugzilla.suse.com/1187369 https://bugzilla.suse.com/1187376 https://bugzilla.suse.com/1187378 https://bugzilla.suse.com/1189150 https://bugzilla.suse.com/1189376 https://bugzilla.suse.com/1189378 https://bugzilla.suse.com/1189632 https://bugzilla.suse.com/1192526 https://bugzilla.suse.com/1192554 https://bugzilla.suse.com/1192555 https://bugzilla.suse.com/1192559 From sle-updates at lists.suse.com Wed Dec 1 21:09:21 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Dec 2021 22:09:21 +0100 (CET) Subject: SUSE-SU-2021:3835-1: moderate: Security update for mariadb Message-ID: <20211201210921.7909CFD0A@maintenance.suse.de> SUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3835-1 Rating: moderate References: #1192497 Cross-References: CVE-2021-35604 CVSS scores: CVE-2021-35604 (NVD) : 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H CVE-2021-35604 (SUSE): 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for mariadb fixes the following issues: - Update to 10.5.13: - CVE-2021-35604: Fixed InnoDB vulnerability that allowed an high privileged attacker with network access via multiple protocols to compromise MySQL (bsc#1192497). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-3835=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libmariadbd-devel-10.5.13-3.12.1 libmariadbd19-10.5.13-3.12.1 libmariadbd19-debuginfo-10.5.13-3.12.1 mariadb-10.5.13-3.12.1 mariadb-client-10.5.13-3.12.1 mariadb-client-debuginfo-10.5.13-3.12.1 mariadb-debuginfo-10.5.13-3.12.1 mariadb-debugsource-10.5.13-3.12.1 mariadb-tools-10.5.13-3.12.1 mariadb-tools-debuginfo-10.5.13-3.12.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): mariadb-errormessages-10.5.13-3.12.1 References: https://www.suse.com/security/cve/CVE-2021-35604.html https://bugzilla.suse.com/1192497 From sle-updates at lists.suse.com Wed Dec 1 21:15:43 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Dec 2021 22:15:43 +0100 (CET) Subject: SUSE-SU-2021:3834-1: moderate: Security update for go1.16 Message-ID: <20211201211543.3423AFD0A@maintenance.suse.de> SUSE Security Update: Security update for go1.16 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3834-1 Rating: moderate References: #1182345 #1192377 #1192378 Cross-References: CVE-2021-41771 CVE-2021-41772 CVSS scores: CVE-2021-41772 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP2 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for go1.16 fixes the following issues: Security update go1.16.10 (released 2021-11-04) (bsc#1182345). - CVE-2021-41771: Fixed invalid dynamic symbol table command that could have caused panic (bsc#1192377). - CVE-2021-41772: Fixed panic on (*Reader).Open (bsc#1192378). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-3834=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-3834=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): go1.16-1.16.10-1.32.1 go1.16-doc-1.16.10-1.32.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64): go1.16-race-1.16.10-1.32.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): go1.16-1.16.10-1.32.1 go1.16-doc-1.16.10-1.32.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 x86_64): go1.16-race-1.16.10-1.32.1 References: https://www.suse.com/security/cve/CVE-2021-41771.html https://www.suse.com/security/cve/CVE-2021-41772.html https://bugzilla.suse.com/1182345 https://bugzilla.suse.com/1192377 https://bugzilla.suse.com/1192378 From sle-updates at lists.suse.com Wed Dec 1 21:17:30 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Dec 2021 22:17:30 +0100 (CET) Subject: SUSE-SU-2021:3861-1: important: Security update for webkit2gtk3 Message-ID: <20211201211730.8312BFD0A@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3861-1 Rating: important References: #1192063 Cross-References: CVE-2021-30846 CVE-2021-30851 CVSS scores: CVE-2021-30846 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30846 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30851 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30851 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for webkit2gtk3 fixes the following issues: - CVE-2021-30846: Fixed memory corruption issue that could lead to arbitrary code execution when processing maliciously crafted web content (bsc#1192063). - CVE-2021-30851: Fixed memory corruption vulnerability that could lead to arbitrary code execution when processing maliciously crafted web content (bsc#1192063). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-3861=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-3861=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-3861=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-3861=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-3861=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-3861=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-3861=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3861=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-3861=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-3861=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-3861=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-3861=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-3861=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libjavascriptcoregtk-4_0-18-2.34.1-2.77.1 libjavascriptcoregtk-4_0-18-debuginfo-2.34.1-2.77.1 libwebkit2gtk-4_0-37-2.34.1-2.77.1 libwebkit2gtk-4_0-37-debuginfo-2.34.1-2.77.1 typelib-1_0-JavaScriptCore-4_0-2.34.1-2.77.1 typelib-1_0-WebKit2-4_0-2.34.1-2.77.1 typelib-1_0-WebKit2WebExtension-4_0-2.34.1-2.77.1 webkit2gtk-4_0-injected-bundles-2.34.1-2.77.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.1-2.77.1 webkit2gtk3-debugsource-2.34.1-2.77.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): libwebkit2gtk3-lang-2.34.1-2.77.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): libwebkit2gtk3-lang-2.34.1-2.77.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libjavascriptcoregtk-4_0-18-2.34.1-2.77.1 libjavascriptcoregtk-4_0-18-debuginfo-2.34.1-2.77.1 libwebkit2gtk-4_0-37-2.34.1-2.77.1 libwebkit2gtk-4_0-37-debuginfo-2.34.1-2.77.1 typelib-1_0-JavaScriptCore-4_0-2.34.1-2.77.1 typelib-1_0-WebKit2-4_0-2.34.1-2.77.1 typelib-1_0-WebKit2WebExtension-4_0-2.34.1-2.77.1 webkit2gtk-4_0-injected-bundles-2.34.1-2.77.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.1-2.77.1 webkit2gtk3-debugsource-2.34.1-2.77.1 - SUSE OpenStack Cloud 9 (noarch): libwebkit2gtk3-lang-2.34.1-2.77.1 - SUSE OpenStack Cloud 9 (x86_64): libjavascriptcoregtk-4_0-18-2.34.1-2.77.1 libjavascriptcoregtk-4_0-18-debuginfo-2.34.1-2.77.1 libwebkit2gtk-4_0-37-2.34.1-2.77.1 libwebkit2gtk-4_0-37-debuginfo-2.34.1-2.77.1 typelib-1_0-JavaScriptCore-4_0-2.34.1-2.77.1 typelib-1_0-WebKit2-4_0-2.34.1-2.77.1 typelib-1_0-WebKit2WebExtension-4_0-2.34.1-2.77.1 webkit2gtk-4_0-injected-bundles-2.34.1-2.77.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.1-2.77.1 webkit2gtk3-debugsource-2.34.1-2.77.1 - SUSE OpenStack Cloud 8 (noarch): libwebkit2gtk3-lang-2.34.1-2.77.1 - SUSE OpenStack Cloud 8 (x86_64): libjavascriptcoregtk-4_0-18-2.34.1-2.77.1 libjavascriptcoregtk-4_0-18-debuginfo-2.34.1-2.77.1 libwebkit2gtk-4_0-37-2.34.1-2.77.1 libwebkit2gtk-4_0-37-debuginfo-2.34.1-2.77.1 typelib-1_0-JavaScriptCore-4_0-2.34.1-2.77.1 typelib-1_0-WebKit2-4_0-2.34.1-2.77.1 typelib-1_0-WebKit2WebExtension-4_0-2.34.1-2.77.1 webkit2gtk-4_0-injected-bundles-2.34.1-2.77.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.1-2.77.1 webkit2gtk3-debugsource-2.34.1-2.77.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): typelib-1_0-WebKit2WebExtension-4_0-2.34.1-2.77.1 webkit2gtk3-debugsource-2.34.1-2.77.1 webkit2gtk3-devel-2.34.1-2.77.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.34.1-2.77.1 libjavascriptcoregtk-4_0-18-debuginfo-2.34.1-2.77.1 libwebkit2gtk-4_0-37-2.34.1-2.77.1 libwebkit2gtk-4_0-37-debuginfo-2.34.1-2.77.1 typelib-1_0-JavaScriptCore-4_0-2.34.1-2.77.1 typelib-1_0-WebKit2-4_0-2.34.1-2.77.1 typelib-1_0-WebKit2WebExtension-4_0-2.34.1-2.77.1 webkit2gtk-4_0-injected-bundles-2.34.1-2.77.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.1-2.77.1 webkit2gtk3-debugsource-2.34.1-2.77.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): libwebkit2gtk3-lang-2.34.1-2.77.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.34.1-2.77.1 libjavascriptcoregtk-4_0-18-debuginfo-2.34.1-2.77.1 libwebkit2gtk-4_0-37-2.34.1-2.77.1 libwebkit2gtk-4_0-37-debuginfo-2.34.1-2.77.1 typelib-1_0-JavaScriptCore-4_0-2.34.1-2.77.1 typelib-1_0-WebKit2-4_0-2.34.1-2.77.1 typelib-1_0-WebKit2WebExtension-4_0-2.34.1-2.77.1 webkit2gtk-4_0-injected-bundles-2.34.1-2.77.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.1-2.77.1 webkit2gtk3-debugsource-2.34.1-2.77.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): libwebkit2gtk3-lang-2.34.1-2.77.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.34.1-2.77.1 libjavascriptcoregtk-4_0-18-debuginfo-2.34.1-2.77.1 libwebkit2gtk-4_0-37-2.34.1-2.77.1 libwebkit2gtk-4_0-37-debuginfo-2.34.1-2.77.1 typelib-1_0-JavaScriptCore-4_0-2.34.1-2.77.1 typelib-1_0-WebKit2-4_0-2.34.1-2.77.1 typelib-1_0-WebKit2WebExtension-4_0-2.34.1-2.77.1 webkit2gtk-4_0-injected-bundles-2.34.1-2.77.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.1-2.77.1 webkit2gtk3-debugsource-2.34.1-2.77.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): libwebkit2gtk3-lang-2.34.1-2.77.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.34.1-2.77.1 libjavascriptcoregtk-4_0-18-debuginfo-2.34.1-2.77.1 libwebkit2gtk-4_0-37-2.34.1-2.77.1 libwebkit2gtk-4_0-37-debuginfo-2.34.1-2.77.1 typelib-1_0-JavaScriptCore-4_0-2.34.1-2.77.1 typelib-1_0-WebKit2-4_0-2.34.1-2.77.1 typelib-1_0-WebKit2WebExtension-4_0-2.34.1-2.77.1 webkit2gtk-4_0-injected-bundles-2.34.1-2.77.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.1-2.77.1 webkit2gtk3-debugsource-2.34.1-2.77.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): libwebkit2gtk3-lang-2.34.1-2.77.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.34.1-2.77.1 libjavascriptcoregtk-4_0-18-debuginfo-2.34.1-2.77.1 libwebkit2gtk-4_0-37-2.34.1-2.77.1 libwebkit2gtk-4_0-37-debuginfo-2.34.1-2.77.1 typelib-1_0-JavaScriptCore-4_0-2.34.1-2.77.1 typelib-1_0-WebKit2-4_0-2.34.1-2.77.1 typelib-1_0-WebKit2WebExtension-4_0-2.34.1-2.77.1 webkit2gtk-4_0-injected-bundles-2.34.1-2.77.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.1-2.77.1 webkit2gtk3-debugsource-2.34.1-2.77.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): libwebkit2gtk3-lang-2.34.1-2.77.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libjavascriptcoregtk-4_0-18-2.34.1-2.77.1 libjavascriptcoregtk-4_0-18-debuginfo-2.34.1-2.77.1 libwebkit2gtk-4_0-37-2.34.1-2.77.1 libwebkit2gtk-4_0-37-debuginfo-2.34.1-2.77.1 typelib-1_0-JavaScriptCore-4_0-2.34.1-2.77.1 typelib-1_0-WebKit2-4_0-2.34.1-2.77.1 webkit2gtk-4_0-injected-bundles-2.34.1-2.77.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.1-2.77.1 webkit2gtk3-debugsource-2.34.1-2.77.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libjavascriptcoregtk-4_0-18-2.34.1-2.77.1 libjavascriptcoregtk-4_0-18-debuginfo-2.34.1-2.77.1 libwebkit2gtk-4_0-37-2.34.1-2.77.1 libwebkit2gtk-4_0-37-debuginfo-2.34.1-2.77.1 typelib-1_0-JavaScriptCore-4_0-2.34.1-2.77.1 typelib-1_0-WebKit2-4_0-2.34.1-2.77.1 typelib-1_0-WebKit2WebExtension-4_0-2.34.1-2.77.1 webkit2gtk-4_0-injected-bundles-2.34.1-2.77.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.1-2.77.1 webkit2gtk3-debugsource-2.34.1-2.77.1 webkit2gtk3-devel-2.34.1-2.77.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): libwebkit2gtk3-lang-2.34.1-2.77.1 - HPE Helion Openstack 8 (noarch): libwebkit2gtk3-lang-2.34.1-2.77.1 - HPE Helion Openstack 8 (x86_64): libjavascriptcoregtk-4_0-18-2.34.1-2.77.1 libjavascriptcoregtk-4_0-18-debuginfo-2.34.1-2.77.1 libwebkit2gtk-4_0-37-2.34.1-2.77.1 libwebkit2gtk-4_0-37-debuginfo-2.34.1-2.77.1 typelib-1_0-JavaScriptCore-4_0-2.34.1-2.77.1 typelib-1_0-WebKit2-4_0-2.34.1-2.77.1 typelib-1_0-WebKit2WebExtension-4_0-2.34.1-2.77.1 webkit2gtk-4_0-injected-bundles-2.34.1-2.77.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.1-2.77.1 webkit2gtk3-debugsource-2.34.1-2.77.1 References: https://www.suse.com/security/cve/CVE-2021-30846.html https://www.suse.com/security/cve/CVE-2021-30851.html https://bugzilla.suse.com/1192063 From sle-updates at lists.suse.com Wed Dec 1 21:18:58 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Dec 2021 22:18:58 +0100 (CET) Subject: SUSE-SU-2021:3844-1: moderate: Security update for openexr Message-ID: <20211201211858.D732AFD0A@maintenance.suse.de> SUSE Security Update: Security update for openexr ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3844-1 Rating: moderate References: #1192498 #1192556 Cross-References: CVE-2021-3933 CVE-2021-3941 CVSS scores: CVE-2021-3933 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-3941 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for openexr fixes the following issues: - CVE-2021-3941: Fixed divide-by-zero in Imf_3_1:RGBtoXYZ (bsc#1192556). - CVE-2021-3933: Fixed integer-overflow in Imf_3_1:bytesPerDeepLineTable (bsc#1192498). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-3844=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-3844=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libIlmImf-2_2-23-2.2.1-3.38.1 libIlmImf-2_2-23-debuginfo-2.2.1-3.38.1 libIlmImfUtil-2_2-23-2.2.1-3.38.1 libIlmImfUtil-2_2-23-debuginfo-2.2.1-3.38.1 openexr-debuginfo-2.2.1-3.38.1 openexr-debugsource-2.2.1-3.38.1 openexr-devel-2.2.1-3.38.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): libIlmImf-2_2-23-2.2.1-3.38.1 libIlmImf-2_2-23-debuginfo-2.2.1-3.38.1 libIlmImfUtil-2_2-23-2.2.1-3.38.1 libIlmImfUtil-2_2-23-debuginfo-2.2.1-3.38.1 openexr-debuginfo-2.2.1-3.38.1 openexr-debugsource-2.2.1-3.38.1 openexr-devel-2.2.1-3.38.1 References: https://www.suse.com/security/cve/CVE-2021-3933.html https://www.suse.com/security/cve/CVE-2021-3941.html https://bugzilla.suse.com/1192498 https://bugzilla.suse.com/1192556 From sle-updates at lists.suse.com Wed Dec 1 21:20:32 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Dec 2021 22:20:32 +0100 (CET) Subject: SUSE-SU-2021:3859-1: moderate: Security update for clamav Message-ID: <20211201212032.7DA96FD0A@maintenance.suse.de> SUSE Security Update: Security update for clamav ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3859-1 Rating: moderate References: #1103032 #1188284 #1192346 Cross-References: CVE-2018-14679 CVSS scores: CVE-2018-14679 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-14679 (SUSE): 4.4 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for clamav fixes the following issues: - CVE-2018-14679: Fixed off-by-one issue in embedded libmspack that could lead to denial of service (bsc#1103032). - Update to 0.103.4 (bsc#1192346). - Update to 0.103.3 (bsc#1188284). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-3859=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-3859=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-3859=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-3859=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-3859=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-3859=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-3859=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-3859=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-3859=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-3859=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-3859=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): clamav-0.103.4-33.41.1 clamav-debuginfo-0.103.4-33.41.1 clamav-debugsource-0.103.4-33.41.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): clamav-0.103.4-33.41.1 clamav-debuginfo-0.103.4-33.41.1 clamav-debugsource-0.103.4-33.41.1 - SUSE OpenStack Cloud 9 (x86_64): clamav-0.103.4-33.41.1 clamav-debuginfo-0.103.4-33.41.1 clamav-debugsource-0.103.4-33.41.1 - SUSE OpenStack Cloud 8 (x86_64): clamav-0.103.4-33.41.1 clamav-debuginfo-0.103.4-33.41.1 clamav-debugsource-0.103.4-33.41.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): clamav-0.103.4-33.41.1 clamav-debuginfo-0.103.4-33.41.1 clamav-debugsource-0.103.4-33.41.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): clamav-0.103.4-33.41.1 clamav-debuginfo-0.103.4-33.41.1 clamav-debugsource-0.103.4-33.41.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): clamav-0.103.4-33.41.1 clamav-debuginfo-0.103.4-33.41.1 clamav-debugsource-0.103.4-33.41.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): clamav-0.103.4-33.41.1 clamav-debuginfo-0.103.4-33.41.1 clamav-debugsource-0.103.4-33.41.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): clamav-0.103.4-33.41.1 clamav-debuginfo-0.103.4-33.41.1 clamav-debugsource-0.103.4-33.41.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): clamav-0.103.4-33.41.1 clamav-debuginfo-0.103.4-33.41.1 clamav-debugsource-0.103.4-33.41.1 - HPE Helion Openstack 8 (x86_64): clamav-0.103.4-33.41.1 clamav-debuginfo-0.103.4-33.41.1 clamav-debugsource-0.103.4-33.41.1 References: https://www.suse.com/security/cve/CVE-2018-14679.html https://bugzilla.suse.com/1103032 https://bugzilla.suse.com/1188284 https://bugzilla.suse.com/1192346 From sle-updates at lists.suse.com Wed Dec 1 21:22:11 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Dec 2021 22:22:11 +0100 (CET) Subject: SUSE-SU-2021:3839-1: important: Security update for python-Pygments Message-ID: <20211201212211.8CDF9FD0A@maintenance.suse.de> SUSE Security Update: Security update for python-Pygments ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3839-1 Rating: important References: #1184812 Cross-References: CVE-2021-27291 CVSS scores: CVE-2021-27291 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-27291 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Pygments fixes the following issues: - CVE-2021-27291: Fixed ReDoS via crafted malicious input (bsc#1184812). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3839=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): python3-Pygments-2.6.1-4.3.1 References: https://www.suse.com/security/cve/CVE-2021-27291.html https://bugzilla.suse.com/1184812 From sle-updates at lists.suse.com Wed Dec 1 21:23:35 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Dec 2021 22:23:35 +0100 (CET) Subject: SUSE-SU-2021:14850-1: moderate: Security update for clamav Message-ID: <20211201212335.C1572FD0A@maintenance.suse.de> SUSE Security Update: Security update for clamav ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14850-1 Rating: moderate References: #1103032 #1187509 #1188284 #1192346 Cross-References: CVE-2018-14679 CVSS scores: CVE-2018-14679 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-14679 (SUSE): 4.4 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Server 11-SECURITY SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for clamav fixes the following issues: - CVE-2018-14679: Fixed off-by-one issue in embedded libmspack that could lead to denial of service (bsc#1103032). - Update to 0.103.4 (bsc#1192346). - Add documentation about max file size purpose and side effect in the "clamscan" and "clamdscan" manpages (bsc#1187509). - Update to 0.103.3 (bsc#1188284). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-clamav-14850=1 - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-clamav-14850=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-clamav-14850=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-clamav-14850=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-clamav-14850=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): clamav-0.103.4-0.20.41.1 - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): clamav-openssl1-0.103.4-0.20.41.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): clamav-0.103.4-0.20.41.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): clamav-debuginfo-0.103.4-0.20.41.1 clamav-debugsource-0.103.4-0.20.41.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): clamav-debuginfo-0.103.4-0.20.41.1 clamav-debugsource-0.103.4-0.20.41.1 References: https://www.suse.com/security/cve/CVE-2018-14679.html https://bugzilla.suse.com/1103032 https://bugzilla.suse.com/1187509 https://bugzilla.suse.com/1188284 https://bugzilla.suse.com/1192346 From sle-updates at lists.suse.com Wed Dec 1 21:25:20 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Dec 2021 22:25:20 +0100 (CET) Subject: SUSE-RU-2021:3846-1: moderate: Recommended update for blktrace Message-ID: <20211201212520.921D4FD0A@maintenance.suse.de> SUSE Recommended Update: Recommended update for blktrace ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3846-1 Rating: moderate References: #1191788 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for blktrace fixes the following issues: - Fix a rare crash due to dropped first event while using pipe input. (bsc#1191788) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-3846=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-3846=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): blktrace-1.1.0+git.20170126-3.6.1 blktrace-debuginfo-1.1.0+git.20170126-3.6.1 blktrace-debugsource-1.1.0+git.20170126-3.6.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): blktrace-1.1.0+git.20170126-3.6.1 blktrace-debuginfo-1.1.0+git.20170126-3.6.1 blktrace-debugsource-1.1.0+git.20170126-3.6.1 References: https://bugzilla.suse.com/1191788 From sle-updates at lists.suse.com Wed Dec 1 21:26:39 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Dec 2021 22:26:39 +0100 (CET) Subject: SUSE-SU-2021:14847-1: important: Security update for openssh Message-ID: <20211201212639.6269EFD0A@maintenance.suse.de> SUSE Security Update: Security update for openssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14847-1 Rating: important References: #1190975 Cross-References: CVE-2021-41617 CVSS scores: CVE-2021-41617 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-41617 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssh fixes the following issues: - CVE-2021-41617: Fixed privilege escalation when AuthorizedKeysCommand/AuthorizedPrincipalsCommand are configured (bsc#1190975). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-openssh-14847=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-openssh-14847=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): openssh-6.6p1-36.26.1 openssh-askpass-gnome-6.6p1-36.26.1 openssh-fips-6.6p1-36.26.1 openssh-helpers-6.6p1-36.26.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): openssh-askpass-gnome-debuginfo-6.6p1-36.26.1 openssh-debuginfo-6.6p1-36.26.1 openssh-debugsource-6.6p1-36.26.1 References: https://www.suse.com/security/cve/CVE-2021-41617.html https://bugzilla.suse.com/1190975 From sle-updates at lists.suse.com Wed Dec 1 21:29:11 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Dec 2021 22:29:11 +0100 (CET) Subject: SUSE-SU-2021:3858-1: moderate: Security update for speex Message-ID: <20211201212911.5999BFD0A@maintenance.suse.de> SUSE Security Update: Security update for speex ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3858-1 Rating: moderate References: #1192580 Cross-References: CVE-2020-23903 CVSS scores: CVE-2020-23903 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for speex fixes the following issues: - CVE-2020-23903: Fixed zero division error in read_samples (bsc#1192580). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-3858=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3858=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): speex-debuginfo-1.1.999_1.2rc1-24.3.1 speex-debugsource-1.1.999_1.2rc1-24.3.1 speex-devel-1.1.999_1.2rc1-24.3.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libspeex1-1.1.999_1.2rc1-24.3.1 libspeex1-debuginfo-1.1.999_1.2rc1-24.3.1 libspeexdsp1-1.1.999_1.2rc1-24.3.1 libspeexdsp1-debuginfo-1.1.999_1.2rc1-24.3.1 speex-debuginfo-1.1.999_1.2rc1-24.3.1 speex-debugsource-1.1.999_1.2rc1-24.3.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libspeex1-32bit-1.1.999_1.2rc1-24.3.1 libspeex1-debuginfo-32bit-1.1.999_1.2rc1-24.3.1 References: https://www.suse.com/security/cve/CVE-2020-23903.html https://bugzilla.suse.com/1192580 From sle-updates at lists.suse.com Wed Dec 1 21:30:30 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 1 Dec 2021 22:30:30 +0100 (CET) Subject: SUSE-SU-2021:3836-1: moderate: Security update for mariadb Message-ID: <20211201213030.02E77FD0A@maintenance.suse.de> SUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3836-1 Rating: moderate References: #1186031 #1192497 Cross-References: CVE-2021-35604 CVSS scores: CVE-2021-35604 (NVD) : 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H CVE-2021-35604 (SUSE): 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for mariadb fixes the following issues: - Update to 10.4.22: - CVE-2021-35604: Fixed InnoDB vulnerability that allowed an high privileged attacker with network access via multiple protocols to compromise MySQL (bsc#1192497). - Add missing dependency to liblz4 to enable lz4 compression for INNODB (bsc#1186031). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-3836=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): libmariadbd-devel-10.4.22-3.22.1 libmariadbd19-10.4.22-3.22.1 libmariadbd19-debuginfo-10.4.22-3.22.1 mariadb-10.4.22-3.22.1 mariadb-client-10.4.22-3.22.1 mariadb-client-debuginfo-10.4.22-3.22.1 mariadb-debuginfo-10.4.22-3.22.1 mariadb-debugsource-10.4.22-3.22.1 mariadb-tools-10.4.22-3.22.1 mariadb-tools-debuginfo-10.4.22-3.22.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): mariadb-errormessages-10.4.22-3.22.1 References: https://www.suse.com/security/cve/CVE-2021-35604.html https://bugzilla.suse.com/1186031 https://bugzilla.suse.com/1192497 From sle-updates at lists.suse.com Thu Dec 2 07:41:01 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Dec 2021 08:41:01 +0100 (CET) Subject: SUSE-CU-2021:534-1: Recommended update of suse/sles12sp3 Message-ID: <20211202074101.BC6EEFBB3@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:534-1 Container Tags : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.330 , suse/sles12sp3:latest Container Release : 24.330 Severity : low Type : recommended References : 1191736 ----------------------------------------------------------------- The container suse/sles12sp3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:3819-1 Released: Wed Dec 1 09:33:38 2021 Summary: Optional update for cracklib Type: optional Severity: low References: 1191736 This optional update for cracklib fixes the following issue: - Execute the test while building the package. (bsc#1191736) The following package changes have been done: - cracklib-dict-small-2.9.0-8.5.1 updated - cracklib-2.9.0-8.5.1 updated - libcrack2-2.9.0-8.5.1 updated From sle-updates at lists.suse.com Thu Dec 2 07:56:49 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Dec 2021 08:56:49 +0100 (CET) Subject: SUSE-CU-2021:535-1: Recommended update of suse/sles12sp4 Message-ID: <20211202075649.A309EFBB3@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:535-1 Container Tags : suse/sles12sp4:26.381 , suse/sles12sp4:latest Container Release : 26.381 Severity : low Type : recommended References : 1191736 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:3819-1 Released: Wed Dec 1 09:33:38 2021 Summary: Optional update for cracklib Type: optional Severity: low References: 1191736 This optional update for cracklib fixes the following issue: - Execute the test while building the package. (bsc#1191736) The following package changes have been done: - base-container-licenses-3.0-1.252 updated - container-suseconnect-2.0.0-1.146 updated - cracklib-dict-small-2.9.0-8.5.1 updated - cracklib-2.9.0-8.5.1 updated - libcrack2-2.9.0-8.5.1 updated From sle-updates at lists.suse.com Thu Dec 2 08:08:26 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Dec 2021 09:08:26 +0100 (CET) Subject: SUSE-CU-2021:538-1: Recommended update of suse/sles12sp5 Message-ID: <20211202080826.4DA9BFBB3@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:538-1 Container Tags : suse/sles12sp5:6.5.263 , suse/sles12sp5:latest Container Release : 6.5.263 Severity : low Type : recommended References : 1191736 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:3819-1 Released: Wed Dec 1 09:33:38 2021 Summary: Optional update for cracklib Type: optional Severity: low References: 1191736 This optional update for cracklib fixes the following issue: - Execute the test while building the package. (bsc#1191736) The following package changes have been done: - cracklib-dict-small-2.9.0-8.5.1 updated - cracklib-2.9.0-8.5.1 updated - libcrack2-2.9.0-8.5.1 updated From sle-updates at lists.suse.com Thu Dec 2 11:16:59 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Dec 2021 12:16:59 +0100 (CET) Subject: SUSE-RU-2021:3867-1: moderate: Recommended update for google-droid-fonts Message-ID: <20211202111659.B58C9FBB3@maintenance.suse.de> SUSE Recommended Update: Recommended update for google-droid-fonts ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3867-1 Rating: moderate References: #1190886 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for google-droid-fonts fixes the following issues: - Fix Korean characters not being displayed when using DroidSansFallbackFull.ttf fonts (bsc#1190886) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3867=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (noarch): google-droid-fonts-20121204-3.3.1 References: https://bugzilla.suse.com/1190886 From sle-updates at lists.suse.com Thu Dec 2 11:18:09 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Dec 2021 12:18:09 +0100 (CET) Subject: SUSE-RU-2021:3865-1: moderate: Recommended update for rsync Message-ID: <20211202111809.6C13FFBB3@maintenance.suse.de> SUSE Recommended Update: Recommended update for rsync ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3865-1 Rating: moderate References: #1190828 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rsync fixes the following issues: - Fixed an error when using the external compression library where files larger that 1GB would not be transferred completely and failing (bsc#1190828) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3865=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): rsync-3.1.3-3.6.1 rsync-debuginfo-3.1.3-3.6.1 rsync-debugsource-3.1.3-3.6.1 References: https://bugzilla.suse.com/1190828 From sle-updates at lists.suse.com Thu Dec 2 11:29:39 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Dec 2021 12:29:39 +0100 (CET) Subject: SUSE-RU-2021:3864-1: moderate: Recommended update for selinux-policy Message-ID: <20211202112939.D1601FBB3@maintenance.suse.de> SUSE Recommended Update: Recommended update for selinux-policy ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3864-1 Rating: moderate References: #1187313 #1190918 Affected Products: SUSE MicroOS 5.1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for selinux-policy fixes the following issues: - Fix services with StandardOutput=tty (bsc#1187313) - Fix auditd service start with systemd hardening directives (bsc#1190918) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-3864=1 Package List: - SUSE MicroOS 5.1 (noarch): selinux-policy-20210716-5.3.1 selinux-policy-devel-20210716-5.3.1 selinux-policy-targeted-20210716-5.3.1 References: https://bugzilla.suse.com/1187313 https://bugzilla.suse.com/1190918 From sle-updates at lists.suse.com Thu Dec 2 11:31:15 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Dec 2021 12:31:15 +0100 (CET) Subject: SUSE-SU-2021:3876-1: important: Security update for the Linux Kernel Message-ID: <20211202113115.B7FAAFBB3@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3876-1 Rating: important References: #1100416 #1108488 #1129735 #1129898 #1133374 #1136513 #1171420 #1176724 #1177666 #1181158 #1184673 #1184804 #1185377 #1185726 #1185758 #1185973 #1186078 #1186109 #1186390 #1186482 #1186672 #1188062 #1188063 #1188172 #1188563 #1188601 #1188616 #1188838 #1188876 #1188983 #1188985 #1189057 #1189262 #1189291 #1189399 #1189400 #1189706 #1189846 #1189884 #1190023 #1190025 #1190067 #1190115 #1190117 #1190159 #1190276 #1190349 #1190351 #1190479 #1190534 #1190601 #1190717 #1191193 #1191315 #1191317 #1191349 #1191457 #1191628 #1191790 #1191800 #1191888 #1191961 #1192045 #1192267 #1192379 #1192400 #1192775 #1192781 #1192802 SLE-22573 Cross-References: CVE-2018-13405 CVE-2018-9517 CVE-2019-3874 CVE-2019-3900 CVE-2020-0429 CVE-2020-12770 CVE-2020-3702 CVE-2020-4788 CVE-2021-0941 CVE-2021-20322 CVE-2021-22543 CVE-2021-31916 CVE-2021-33033 CVE-2021-33909 CVE-2021-34556 CVE-2021-34981 CVE-2021-3542 CVE-2021-35477 CVE-2021-3640 CVE-2021-3653 CVE-2021-3655 CVE-2021-3656 CVE-2021-3659 CVE-2021-3679 CVE-2021-3715 CVE-2021-37159 CVE-2021-3732 CVE-2021-3744 CVE-2021-3752 CVE-2021-3753 CVE-2021-37576 CVE-2021-3759 CVE-2021-3760 CVE-2021-3764 CVE-2021-3772 CVE-2021-38160 CVE-2021-38198 CVE-2021-38204 CVE-2021-40490 CVE-2021-41864 CVE-2021-42008 CVE-2021-42252 CVE-2021-42739 CVSS scores: CVE-2018-13405 (NVD) : 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2018-13405 (SUSE): 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVE-2018-9517 (NVD) : 6.7 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2018-9517 (SUSE): 2.5 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2019-3874 (NVD) : 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-3874 (SUSE): 5.1 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-3900 (NVD) : 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2019-3900 (SUSE): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-0429 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-0429 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-12770 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-12770 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2020-3702 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-3702 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-4788 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-0941 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-20322 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2021-22543 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-22543 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-31916 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-31916 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-33033 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33033 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-33909 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33909 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-34556 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-34981 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2021-3542 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-35477 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-3640 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3653 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3655 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-3656 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3659 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3679 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3715 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-37159 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-37159 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3732 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-3744 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3752 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3753 (SUSE): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-37576 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3759 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3760 (SUSE): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3764 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3772 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-38160 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-38198 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-38204 (SUSE): 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-40490 (SUSE): 6.1 CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-41864 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-42008 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-42008 (SUSE): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-42252 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-42739 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Availability 15-SP1 SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that solves 43 vulnerabilities, contains one feature and has 26 fixes is now available. Description: The SUSE Linux Enterprise 15 SP1 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - Unprivileged BPF has been disabled by default to reduce attack surface as too many security issues have happened in the past (jsc#SLE-22573) You can reenable via systemctl setting /proc/sys/kernel/unprivileged_bpf_disabled to 0. (kernel.unprivileged_bpf_disabled = 0) - CVE-2021-0941: In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192045). - CVE-2021-31916: An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel A bound check failure allowed an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability (bnc#1192781). - CVE-2021-20322: Make the ipv4 and ipv6 ICMP exception caches less predictive to avoid information leaks about UDP ports in use. (bsc#1191790) - CVE-2021-34981: Fixed file refcounting in cmtp when cmtp_attach_device fails (bsc#1191961). - CVE-2021-37159: hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free (bnc#1188601). - CVE-2021-3772: Fixed sctp vtag check in sctp_sf_ootb (bsc#1190351). - CVE-2021-3655: Missing size validations on inbound SCTP packets may have allowed the kernel to read uninitialized memory (bnc#1188563). - CVE-2021-33033: The Linux kernel has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value (bnc#1186109 bnc#1186390 bnc#1188876). - CVE-2021-3760: Fixed a use-after-free vulnerability with the ndev->rf_conn_info object (bsc#1190067). - CVE-2021-42739: The firewire subsystem in the Linux kernel has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bnc#1184673). - CVE-2021-3542: Fixed heap buffer overflow in firedtv driver (bsc#1186063). - CVE-2018-13405: The inode_init_owner function in fs/inode.c in the Linux kernel allowed local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID (bnc#1100416 bnc#1129735). - CVE-2021-3715: Fixed a use-after-free in route4_change() in net/sched/cls_route.c (bsc#1190349). - CVE-2021-34556: An unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack (bnc#1188983). - CVE-2021-35477: An unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation did not necessarily occur before a store operation that has an attacker-controlled value (bnc#1188985). - CVE-2021-42252: An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel Local attackers able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a certain comparison uses values that are not memory sizes (bnc#1190479). - CVE-2021-41864: prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel allowed unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write (bnc#1191317). - CVE-2021-42008: The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access (bnc#1191315). - CVE-2021-3759: Unaccounted ipc objects could have lead to breaking memcg limits and DoS attacks (bsc#1190115). - CVE-2020-3702: Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic (bnc#1191193). - CVE-2021-3752: Fixed a use after free vulnerability in the bluetooth module. (bsc#1190023) - CVE-2021-40490: A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel (bnc#1190159 bnc#1192775) - CVE-2021-3744: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1189884) - CVE-2021-3764: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1190534) - CVE-2020-12770: An issue was discovered in the Linux kernel sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040 (bnc#1171420). - CVE-2021-3640: Fixed a Use-After-Free vulnerability in function sco_sock_sendmsg() in the bluetooth stack (bsc#1188172). - CVE-2019-3900: An infinite loop issue was found in the vhost_net kernel module, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario (bnc#1133374). - CVE-2019-3874: The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. (bnc#1129898). - CVE-2018-9517: In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. (bnc#1108488). - CVE-2021-38160: Data corruption or loss could be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190117) - CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling (bsc#1190025). - CVE-2021-3732: Mounting overlayfs inside an unprivileged user namespace can reveal files (bsc#1189706). - CVE-2021-3653: A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "int_ctl" field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. This flaw affects Linux kernel versions prior to 5.14-rc7 (bnc#1189399). - CVE-2021-3656: Missing validation of the the `virt_ext` VMCB field and allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS for the L2 guest (bsc#1189400). - CVE-2021-38204: drivers/usb/host/max3421-hcd.c allowed physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations (bnc#1189291). - CVE-2021-3679: A lack of CPU resource in the tracing module functionality was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service (bnc#1189057). - CVE-2020-4788: IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296 (bnc#0 bnc#1177666 bnc#1181158). - CVE-2021-3659: Fixed a NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (bsc#1188876). - CVE-2020-0429: In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1176724). - CVE-2021-37576: arch/powerpc/kvm/book3s_rtas.c on the powerpc platform allowed KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e (bnc#1188838 bnc#1190276). - CVE-2021-22543: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allowed users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation (bnc#1186482 bnc#1190276). - CVE-2021-33909: fs/seq_file.c did not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05 (bnc#1188062 bnc#1188063). The following non-security bugs were fixed: - Add arch-dependent support markers in supported.conf (bsc#1186672) - Add the support for kernel-FLAVOR-optional subpackage (jsc#SLE-11796) - bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22913) - bpf: Disallow unprivileged bpf by default (jsc#SLE-22913). - ceph: take snap_empty_lock atomically with snaprealm refcount change (bsc#1191888). - config: disable unprivileged BPF by default (jsc#SLE-22913) - cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode (bsc#1185758,bsc#1192400). - drm: fix spectre issue in vmw_execbuf_ioctl (bsc#1192802). - ftrace: Fix scripts/recordmcount.pl due to new binutils (bsc#1192267). - gigaset: fix spectre issue in do_data_b3_req (bsc#1192802). - hisax: fix spectre issues (bsc#1192802). - hv: mana: adjust mana_select_queue to old API (jsc#SLE-18779, bsc#1185726). - hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#1185726). - hv_netvsc: Make netvsc/VF binding check both MAC and serial number (jsc#SLE-18779, bsc#1185726). - hysdn: fix spectre issue in hycapi_send_message (bsc#1192802). - infiniband: fix spectre issue in ib_uverbs_write (bsc#1192802). - infiniband: fix spectre issue in ib_uverbs_write (bsc#1192802). - ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115). - iwlwifi: fix spectre issue in iwl_dbgfs_update_pm (bsc#1192802). - kernel-binary.spec: Exctract s390 decompression code (jsc#SLE-17042). - kernel-binary.spec: Fix up usrmerge for non-modular kernels. - kernel-binary.spec.in: build-id check requires elfutils. - kernel-binary.spec.in: Regenerate makefile when not using mkmakefile. - kernel-binary.spec: Only use mkmakefile when it exists Linux 5.13 no longer had a mkmakefile script - kernel-binary.spec: Remove obsolete and wrong comment mkmakefile is repleced by echo on newer kernel - kernel-docs.spec.in: Build using an utf-8 locale. Sphinx cannot handle UTF-8 input in non-UTF-8 locale. - media: dvb_ca_en50221: prevent using slot_info for Spectre attacs (bsc#1192802). - media: dvb_ca_en50221: sanity check slot number from userspace (bsc#1192802). - media: wl128x: get rid of a potential spectre issue (bsc#1192802). - memcg: enable accounting for file lock caches (bsc#1190115). - mm/memory.c: do_fault: avoid usage of stale vm_area_struct (bsc#1136513). - mpt3sas: fix spectre issues (bsc#1192802). - net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#SLE-18779, bsc#1185726). - net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185726). - net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779, bsc#1185726). - net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779, bsc#1185726). - net: mana: Fix error handling in mana_create_rxq() (git-fixes, bsc#1191800). - net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185726). - net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185726). - net: mana: Prefer struct_size over open coded arithmetic (jsc#SLE-18779, bsc#1185726). - net: mana: remove redundant initialization of variable err (jsc#SLE-18779, bsc#1185726). - net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#SLE-18779, bsc#1185726). - net: mana: Use struct_size() in kzalloc() (jsc#SLE-18779, bsc#1185726). - net_sched: cls_route: remove the right filter from hashtable (networking-stable-20_03_28). - net: sched: sch_teql: fix null-pointer dereference (bsc#1190717). - net: sock_diag: Fix spectre v1 gadget in __sock_diag_cmd() (bsc#1192802). - NFS: Do uncached readdir when we're seeking a cookie in an empty page cache (bsc#1191628). - objtool: Do not fail on missing symbol table (bsc#1192379). - osst: fix spectre issue in osst_verify_frame (bsc#1192802). - ovl: check whiteout in ovl_create_over_whiteout() (bsc#1189846). - ovl: filter of trusted xattr results in audit (bsc#1189846). - ovl: fix dentry leak in ovl_get_redirect (bsc#1189846). - ovl: initialize error in ovl_copy_xattr (bsc#1189846). - ovl: relax WARN_ON() on rename to self (bsc#1189846). - PCI: hv: Use expected affinity when unmasking IRQ (bsc#1185973). - Revert "memcg: enable accounting for file lock caches (bsc#1190115)." This reverts commit 912b4421a3e9bb9f0ef1aadc64a436666259bd4d. It's effectively upstream commit 3754707bcc3e190e5dadc978d172b61e809cb3bd applied to kernel-source (to avoid proliferation of patches). Make a note in blacklist.conf too. - s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant (bsc#1190601). - s390/bpf: Fix branch shortening during codegen pass (bsc#1190601). - s390/bpf: Fix optimizing out zero-extensions (bsc#1190601). - s390: bpf: implement jitting of BPF_ALU | BPF_ARSH | BPF_* (bsc#1190601). - s390/bpf: Wrap JIT macro parameter usages in parentheses (bsc#1190601). - scripts/git_sort/git_sort.py: add bpf git repo - scripts/git_sort/git_sort.py: Update nvme repositories - scsi: libfc: Fix array index out of bound exception (bsc#1188616). - scsi: lpfc: Fix FLOGI failure due to accessing a freed node (bsc#1191349). - scsi: lpfc: Fix memory overwrite during FC-GS I/O abort handling (bsc#1191349 bsc#1191457). - scsi: lpfc: Keep NDLP reference until after freeing the IOCB after ELS handling (bsc#1191349 bsc#1191457). - scsi: target: avoid using lun_tg_pt_gp after unlock (bsc#1186078). - sctp: check asoc peer.asconf_capable before processing asconf (bsc#1190351). - sctp: fully initialize v4 addr in some functions (bsc#1188563). - sysvipc/sem: mitigate semnum index against spectre v1 (bsc#1192802). - target: core: Fix sense key for invalid XCOPY request (bsc#1186078). - Update config files: Add CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set - Use /usr/lib/modules as module dir when usermerge is active in the target distro. - UsrMerge the kernel (boo#1184804) - x86/CPU: Add more Icelake model numbers (bsc#1185758,bsc#1192400). - xfrm: xfrm_state_mtu should return at least 1280 for ipv6 (bsc#1185377). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-3876=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-3876=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-3876=1 - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2021-3876=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-3876=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-3876=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2021-3876=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-3876=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): kernel-default-4.12.14-197.102.2 kernel-default-base-4.12.14-197.102.2 kernel-default-base-debuginfo-4.12.14-197.102.2 kernel-default-debuginfo-4.12.14-197.102.2 kernel-default-debugsource-4.12.14-197.102.2 kernel-default-devel-4.12.14-197.102.2 kernel-default-devel-debuginfo-4.12.14-197.102.2 kernel-obs-build-4.12.14-197.102.1 kernel-obs-build-debugsource-4.12.14-197.102.1 kernel-syms-4.12.14-197.102.2 reiserfs-kmp-default-4.12.14-197.102.2 reiserfs-kmp-default-debuginfo-4.12.14-197.102.2 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): kernel-devel-4.12.14-197.102.2 kernel-docs-4.12.14-197.102.2 kernel-macros-4.12.14-197.102.2 kernel-source-4.12.14-197.102.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-197.102.2 kernel-default-base-4.12.14-197.102.2 kernel-default-base-debuginfo-4.12.14-197.102.2 kernel-default-debuginfo-4.12.14-197.102.2 kernel-default-debugsource-4.12.14-197.102.2 kernel-default-devel-4.12.14-197.102.2 kernel-default-devel-debuginfo-4.12.14-197.102.2 kernel-obs-build-4.12.14-197.102.1 kernel-obs-build-debugsource-4.12.14-197.102.1 kernel-syms-4.12.14-197.102.2 reiserfs-kmp-default-4.12.14-197.102.2 reiserfs-kmp-default-debuginfo-4.12.14-197.102.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): kernel-devel-4.12.14-197.102.2 kernel-docs-4.12.14-197.102.2 kernel-macros-4.12.14-197.102.2 kernel-source-4.12.14-197.102.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (s390x): kernel-default-man-4.12.14-197.102.2 kernel-zfcpdump-debuginfo-4.12.14-197.102.2 kernel-zfcpdump-debugsource-4.12.14-197.102.2 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): kernel-default-4.12.14-197.102.2 kernel-default-base-4.12.14-197.102.2 kernel-default-base-debuginfo-4.12.14-197.102.2 kernel-default-debuginfo-4.12.14-197.102.2 kernel-default-debugsource-4.12.14-197.102.2 kernel-default-devel-4.12.14-197.102.2 kernel-default-devel-debuginfo-4.12.14-197.102.2 kernel-obs-build-4.12.14-197.102.1 kernel-obs-build-debugsource-4.12.14-197.102.1 kernel-syms-4.12.14-197.102.2 reiserfs-kmp-default-4.12.14-197.102.2 reiserfs-kmp-default-debuginfo-4.12.14-197.102.2 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): kernel-devel-4.12.14-197.102.2 kernel-docs-4.12.14-197.102.2 kernel-macros-4.12.14-197.102.2 kernel-source-4.12.14-197.102.2 - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-197.102.2 kernel-default-debugsource-4.12.14-197.102.2 kernel-default-livepatch-4.12.14-197.102.2 kernel-default-livepatch-devel-4.12.14-197.102.2 kernel-livepatch-4_12_14-197_102-default-1-3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): kernel-default-4.12.14-197.102.2 kernel-default-base-4.12.14-197.102.2 kernel-default-base-debuginfo-4.12.14-197.102.2 kernel-default-debuginfo-4.12.14-197.102.2 kernel-default-debugsource-4.12.14-197.102.2 kernel-default-devel-4.12.14-197.102.2 kernel-default-devel-debuginfo-4.12.14-197.102.2 kernel-obs-build-4.12.14-197.102.1 kernel-obs-build-debugsource-4.12.14-197.102.1 kernel-syms-4.12.14-197.102.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): kernel-devel-4.12.14-197.102.2 kernel-docs-4.12.14-197.102.2 kernel-macros-4.12.14-197.102.2 kernel-source-4.12.14-197.102.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): kernel-default-4.12.14-197.102.2 kernel-default-base-4.12.14-197.102.2 kernel-default-base-debuginfo-4.12.14-197.102.2 kernel-default-debuginfo-4.12.14-197.102.2 kernel-default-debugsource-4.12.14-197.102.2 kernel-default-devel-4.12.14-197.102.2 kernel-default-devel-debuginfo-4.12.14-197.102.2 kernel-obs-build-4.12.14-197.102.1 kernel-obs-build-debugsource-4.12.14-197.102.1 kernel-syms-4.12.14-197.102.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): kernel-devel-4.12.14-197.102.2 kernel-docs-4.12.14-197.102.2 kernel-macros-4.12.14-197.102.2 kernel-source-4.12.14-197.102.2 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-197.102.2 cluster-md-kmp-default-debuginfo-4.12.14-197.102.2 dlm-kmp-default-4.12.14-197.102.2 dlm-kmp-default-debuginfo-4.12.14-197.102.2 gfs2-kmp-default-4.12.14-197.102.2 gfs2-kmp-default-debuginfo-4.12.14-197.102.2 kernel-default-debuginfo-4.12.14-197.102.2 kernel-default-debugsource-4.12.14-197.102.2 ocfs2-kmp-default-4.12.14-197.102.2 ocfs2-kmp-default-debuginfo-4.12.14-197.102.2 - SUSE Enterprise Storage 6 (aarch64 x86_64): kernel-default-4.12.14-197.102.2 kernel-default-base-4.12.14-197.102.2 kernel-default-base-debuginfo-4.12.14-197.102.2 kernel-default-debuginfo-4.12.14-197.102.2 kernel-default-debugsource-4.12.14-197.102.2 kernel-default-devel-4.12.14-197.102.2 kernel-default-devel-debuginfo-4.12.14-197.102.2 kernel-obs-build-4.12.14-197.102.1 kernel-obs-build-debugsource-4.12.14-197.102.1 kernel-syms-4.12.14-197.102.2 reiserfs-kmp-default-4.12.14-197.102.2 reiserfs-kmp-default-debuginfo-4.12.14-197.102.2 - SUSE Enterprise Storage 6 (noarch): kernel-devel-4.12.14-197.102.2 kernel-docs-4.12.14-197.102.2 kernel-macros-4.12.14-197.102.2 kernel-source-4.12.14-197.102.2 - SUSE CaaS Platform 4.0 (x86_64): kernel-default-4.12.14-197.102.2 kernel-default-base-4.12.14-197.102.2 kernel-default-base-debuginfo-4.12.14-197.102.2 kernel-default-debuginfo-4.12.14-197.102.2 kernel-default-debugsource-4.12.14-197.102.2 kernel-default-devel-4.12.14-197.102.2 kernel-default-devel-debuginfo-4.12.14-197.102.2 kernel-obs-build-4.12.14-197.102.1 kernel-obs-build-debugsource-4.12.14-197.102.1 kernel-syms-4.12.14-197.102.2 reiserfs-kmp-default-4.12.14-197.102.2 reiserfs-kmp-default-debuginfo-4.12.14-197.102.2 - SUSE CaaS Platform 4.0 (noarch): kernel-devel-4.12.14-197.102.2 kernel-docs-4.12.14-197.102.2 kernel-macros-4.12.14-197.102.2 kernel-source-4.12.14-197.102.2 References: https://www.suse.com/security/cve/CVE-2018-13405.html https://www.suse.com/security/cve/CVE-2018-9517.html https://www.suse.com/security/cve/CVE-2019-3874.html https://www.suse.com/security/cve/CVE-2019-3900.html https://www.suse.com/security/cve/CVE-2020-0429.html https://www.suse.com/security/cve/CVE-2020-12770.html https://www.suse.com/security/cve/CVE-2020-3702.html https://www.suse.com/security/cve/CVE-2020-4788.html https://www.suse.com/security/cve/CVE-2021-0941.html https://www.suse.com/security/cve/CVE-2021-20322.html https://www.suse.com/security/cve/CVE-2021-22543.html https://www.suse.com/security/cve/CVE-2021-31916.html https://www.suse.com/security/cve/CVE-2021-33033.html https://www.suse.com/security/cve/CVE-2021-33909.html https://www.suse.com/security/cve/CVE-2021-34556.html https://www.suse.com/security/cve/CVE-2021-34981.html https://www.suse.com/security/cve/CVE-2021-3542.html https://www.suse.com/security/cve/CVE-2021-35477.html https://www.suse.com/security/cve/CVE-2021-3640.html https://www.suse.com/security/cve/CVE-2021-3653.html https://www.suse.com/security/cve/CVE-2021-3655.html https://www.suse.com/security/cve/CVE-2021-3656.html https://www.suse.com/security/cve/CVE-2021-3659.html https://www.suse.com/security/cve/CVE-2021-3679.html https://www.suse.com/security/cve/CVE-2021-3715.html https://www.suse.com/security/cve/CVE-2021-37159.html https://www.suse.com/security/cve/CVE-2021-3732.html https://www.suse.com/security/cve/CVE-2021-3744.html https://www.suse.com/security/cve/CVE-2021-3752.html https://www.suse.com/security/cve/CVE-2021-3753.html https://www.suse.com/security/cve/CVE-2021-37576.html https://www.suse.com/security/cve/CVE-2021-3759.html https://www.suse.com/security/cve/CVE-2021-3760.html https://www.suse.com/security/cve/CVE-2021-3764.html https://www.suse.com/security/cve/CVE-2021-3772.html https://www.suse.com/security/cve/CVE-2021-38160.html https://www.suse.com/security/cve/CVE-2021-38198.html https://www.suse.com/security/cve/CVE-2021-38204.html https://www.suse.com/security/cve/CVE-2021-40490.html https://www.suse.com/security/cve/CVE-2021-41864.html https://www.suse.com/security/cve/CVE-2021-42008.html https://www.suse.com/security/cve/CVE-2021-42252.html https://www.suse.com/security/cve/CVE-2021-42739.html https://bugzilla.suse.com/1100416 https://bugzilla.suse.com/1108488 https://bugzilla.suse.com/1129735 https://bugzilla.suse.com/1129898 https://bugzilla.suse.com/1133374 https://bugzilla.suse.com/1136513 https://bugzilla.suse.com/1171420 https://bugzilla.suse.com/1176724 https://bugzilla.suse.com/1177666 https://bugzilla.suse.com/1181158 https://bugzilla.suse.com/1184673 https://bugzilla.suse.com/1184804 https://bugzilla.suse.com/1185377 https://bugzilla.suse.com/1185726 https://bugzilla.suse.com/1185758 https://bugzilla.suse.com/1185973 https://bugzilla.suse.com/1186078 https://bugzilla.suse.com/1186109 https://bugzilla.suse.com/1186390 https://bugzilla.suse.com/1186482 https://bugzilla.suse.com/1186672 https://bugzilla.suse.com/1188062 https://bugzilla.suse.com/1188063 https://bugzilla.suse.com/1188172 https://bugzilla.suse.com/1188563 https://bugzilla.suse.com/1188601 https://bugzilla.suse.com/1188616 https://bugzilla.suse.com/1188838 https://bugzilla.suse.com/1188876 https://bugzilla.suse.com/1188983 https://bugzilla.suse.com/1188985 https://bugzilla.suse.com/1189057 https://bugzilla.suse.com/1189262 https://bugzilla.suse.com/1189291 https://bugzilla.suse.com/1189399 https://bugzilla.suse.com/1189400 https://bugzilla.suse.com/1189706 https://bugzilla.suse.com/1189846 https://bugzilla.suse.com/1189884 https://bugzilla.suse.com/1190023 https://bugzilla.suse.com/1190025 https://bugzilla.suse.com/1190067 https://bugzilla.suse.com/1190115 https://bugzilla.suse.com/1190117 https://bugzilla.suse.com/1190159 https://bugzilla.suse.com/1190276 https://bugzilla.suse.com/1190349 https://bugzilla.suse.com/1190351 https://bugzilla.suse.com/1190479 https://bugzilla.suse.com/1190534 https://bugzilla.suse.com/1190601 https://bugzilla.suse.com/1190717 https://bugzilla.suse.com/1191193 https://bugzilla.suse.com/1191315 https://bugzilla.suse.com/1191317 https://bugzilla.suse.com/1191349 https://bugzilla.suse.com/1191457 https://bugzilla.suse.com/1191628 https://bugzilla.suse.com/1191790 https://bugzilla.suse.com/1191800 https://bugzilla.suse.com/1191888 https://bugzilla.suse.com/1191961 https://bugzilla.suse.com/1192045 https://bugzilla.suse.com/1192267 https://bugzilla.suse.com/1192379 https://bugzilla.suse.com/1192400 https://bugzilla.suse.com/1192775 https://bugzilla.suse.com/1192781 https://bugzilla.suse.com/1192802 From sle-updates at lists.suse.com Thu Dec 2 11:44:09 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Dec 2021 12:44:09 +0100 (CET) Subject: SUSE-RU-2021:3870-1: moderate: Recommended update for libzypp, zypper Message-ID: <20211202114409.F20B4FD0A@maintenance.suse.de> SUSE Recommended Update: Recommended update for libzypp, zypper ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3870-1 Rating: moderate References: #1190356 #1191286 #1191324 #1191370 #1191609 #1192337 #1192436 Affected Products: SUSE MicroOS 5.1 SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Installer 15-SP2 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for libzypp, zypper fixes the following issues: libzypp: - Check log writer before accessing it (bsc#1192337) - Zypper should keep cached files if transaction is aborted (bsc#1190356) - Require a minimum number of mirrors for multicurl (bsc#1191609) - Fixed slowdowns when rlimit is too high by using procfs to detect niumber of open file descriptors (bsc#1191324) - Fixed zypper incomplete messages when using non English localization (bsc#1191370) - RepoManager: Don't probe for plaindir repository if the URL schema is a plugin (bsc#1191286) - Disable logger in the child process after fork (bsc#1192436) zypper: - Fixed Zypper removing a kernel explicitely pinned that uses uname -r output format as name (openSUSE/zypper#418) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-3870=1 - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-3870=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3870=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3870=1 - SUSE Linux Enterprise Installer 15-SP2: zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2021-3870=1 Package List: - SUSE MicroOS 5.1 (aarch64 s390x x86_64): libzypp-17.28.8-20.1 libzypp-debuginfo-17.28.8-20.1 libzypp-debugsource-17.28.8-20.1 zypper-1.14.50-21.1 zypper-debuginfo-1.14.50-21.1 zypper-debugsource-1.14.50-21.1 - SUSE MicroOS 5.1 (noarch): zypper-needs-restarting-1.14.50-21.1 - SUSE MicroOS 5.0 (aarch64 x86_64): libzypp-17.28.8-20.1 libzypp-debuginfo-17.28.8-20.1 libzypp-debugsource-17.28.8-20.1 zypper-1.14.50-21.1 zypper-debuginfo-1.14.50-21.1 zypper-debugsource-1.14.50-21.1 - SUSE MicroOS 5.0 (noarch): zypper-needs-restarting-1.14.50-21.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libzypp-17.28.8-20.1 libzypp-debuginfo-17.28.8-20.1 libzypp-debugsource-17.28.8-20.1 libzypp-devel-17.28.8-20.1 zypper-1.14.50-21.1 zypper-debuginfo-1.14.50-21.1 zypper-debugsource-1.14.50-21.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): zypper-log-1.14.50-21.1 zypper-needs-restarting-1.14.50-21.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libzypp-17.28.8-20.1 libzypp-debuginfo-17.28.8-20.1 libzypp-debugsource-17.28.8-20.1 libzypp-devel-17.28.8-20.1 zypper-1.14.50-21.1 zypper-debuginfo-1.14.50-21.1 zypper-debugsource-1.14.50-21.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): zypper-log-1.14.50-21.1 zypper-needs-restarting-1.14.50-21.1 - SUSE Linux Enterprise Installer 15-SP2 (aarch64 ppc64le s390x x86_64): libzypp-17.28.8-20.1 References: https://bugzilla.suse.com/1190356 https://bugzilla.suse.com/1191286 https://bugzilla.suse.com/1191324 https://bugzilla.suse.com/1191370 https://bugzilla.suse.com/1191609 https://bugzilla.suse.com/1192337 https://bugzilla.suse.com/1192436 From sle-updates at lists.suse.com Thu Dec 2 11:46:11 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Dec 2021 12:46:11 +0100 (CET) Subject: SUSE-SU-2021:3873-1: important: Security update for netcdf Message-ID: <20211202114611.A36C3FD0A@maintenance.suse.de> SUSE Security Update: Security update for netcdf ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3873-1 Rating: important References: #1191856 Cross-References: CVE-2019-20005 CVE-2019-20006 CVE-2019-20007 CVE-2019-20198 CVE-2019-20199 CVE-2019-20200 CVE-2019-20201 CVE-2019-20202 CVE-2021-26220 CVE-2021-26221 CVE-2021-26222 CVE-2021-30485 CVE-2021-31229 CVE-2021-31347 CVE-2021-31348 CVE-2021-31598 CVSS scores: CVE-2019-20005 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-20005 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-20006 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-20006 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-20007 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-20007 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-20198 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-20198 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-20199 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-20199 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-20200 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-20200 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-20201 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-20201 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-20202 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-20202 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-26220 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-26221 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-26222 (SUSE): 6 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H CVE-2021-30485 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-30485 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-31229 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-31347 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-31348 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-31348 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-31598 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-31598 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for HPC 15-SP3 ______________________________________________________________________________ An update that fixes 16 vulnerabilities is now available. Description: This update for netcdf fixes the following issues: - Fixed multiple vulnerabilities in ezXML: CVE-2019-20007, CVE-2019-20006, CVE-2019-20201, CVE-2019-20202, CVE-2019-20199, CVE-2019-20200, CVE-2019-20198, CVE-2021-26221, CVE-2021-26222, CVE-2021-30485, CVE-2021-31229, CVE-2021-31347, CVE-2021-31348, CVE-2021-31598 (bsc#1191856) Note: * CVE-2021-26220 https://sourceforge.net/p/ezxml/bugs/23 not relevant for netcdf: code isn't used. * CVE-2019-20005 https://sourceforge.net/p/ezxml/bugs/14 Issue cannot be reproduced and no patch is available upstream. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-3873=1 - SUSE Linux Enterprise Module for HPC 15-SP3: zypper in -t patch SUSE-SLE-Module-HPC-15-SP3-2021-3873=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (ppc64le s390x): libnetcdf-gnu-hpc-4.7.4-4.3.2 libnetcdf-gnu-mpich-hpc-4.7.4-4.3.2 libnetcdf-gnu-mvapich2-hpc-4.7.4-4.3.2 libnetcdf-gnu-openmpi3-hpc-4.7.4-4.3.2 libnetcdf-gnu-openmpi4-hpc-4.7.4-4.3.2 libnetcdf_4_7_4-gnu-hpc-4.7.4-4.3.2 libnetcdf_4_7_4-gnu-hpc-debuginfo-4.7.4-4.3.2 libnetcdf_4_7_4-gnu-mpich-hpc-4.7.4-4.3.2 libnetcdf_4_7_4-gnu-mpich-hpc-debuginfo-4.7.4-4.3.2 libnetcdf_4_7_4-gnu-mvapich2-hpc-4.7.4-4.3.2 libnetcdf_4_7_4-gnu-mvapich2-hpc-debuginfo-4.7.4-4.3.2 libnetcdf_4_7_4-gnu-openmpi3-hpc-4.7.4-4.3.2 libnetcdf_4_7_4-gnu-openmpi3-hpc-debuginfo-4.7.4-4.3.2 libnetcdf_4_7_4-gnu-openmpi4-hpc-4.7.4-4.3.2 libnetcdf_4_7_4-gnu-openmpi4-hpc-debuginfo-4.7.4-4.3.2 netcdf_4_7_4-gnu-hpc-4.7.4-4.3.2 netcdf_4_7_4-gnu-hpc-debuginfo-4.7.4-4.3.2 netcdf_4_7_4-gnu-hpc-debugsource-4.7.4-4.3.2 netcdf_4_7_4-gnu-hpc-devel-4.7.4-4.3.2 netcdf_4_7_4-gnu-hpc-devel-debuginfo-4.7.4-4.3.2 netcdf_4_7_4-gnu-hpc-devel-static-4.7.4-4.3.2 netcdf_4_7_4-gnu-mpich-hpc-4.7.4-4.3.2 netcdf_4_7_4-gnu-mpich-hpc-debuginfo-4.7.4-4.3.2 netcdf_4_7_4-gnu-mpich-hpc-debugsource-4.7.4-4.3.2 netcdf_4_7_4-gnu-mpich-hpc-devel-4.7.4-4.3.2 netcdf_4_7_4-gnu-mpich-hpc-devel-debuginfo-4.7.4-4.3.2 netcdf_4_7_4-gnu-mpich-hpc-devel-static-4.7.4-4.3.2 netcdf_4_7_4-gnu-mvapich2-hpc-4.7.4-4.3.2 netcdf_4_7_4-gnu-mvapich2-hpc-debuginfo-4.7.4-4.3.2 netcdf_4_7_4-gnu-mvapich2-hpc-debugsource-4.7.4-4.3.2 netcdf_4_7_4-gnu-mvapich2-hpc-devel-4.7.4-4.3.2 netcdf_4_7_4-gnu-mvapich2-hpc-devel-debuginfo-4.7.4-4.3.2 netcdf_4_7_4-gnu-mvapich2-hpc-devel-static-4.7.4-4.3.2 netcdf_4_7_4-gnu-openmpi3-hpc-4.7.4-4.3.2 netcdf_4_7_4-gnu-openmpi3-hpc-debuginfo-4.7.4-4.3.2 netcdf_4_7_4-gnu-openmpi3-hpc-debugsource-4.7.4-4.3.2 netcdf_4_7_4-gnu-openmpi3-hpc-devel-4.7.4-4.3.2 netcdf_4_7_4-gnu-openmpi3-hpc-devel-debuginfo-4.7.4-4.3.2 netcdf_4_7_4-gnu-openmpi3-hpc-devel-static-4.7.4-4.3.2 netcdf_4_7_4-gnu-openmpi4-hpc-4.7.4-4.3.2 netcdf_4_7_4-gnu-openmpi4-hpc-debuginfo-4.7.4-4.3.2 netcdf_4_7_4-gnu-openmpi4-hpc-debugsource-4.7.4-4.3.2 netcdf_4_7_4-gnu-openmpi4-hpc-devel-4.7.4-4.3.2 netcdf_4_7_4-gnu-openmpi4-hpc-devel-debuginfo-4.7.4-4.3.2 netcdf_4_7_4-gnu-openmpi4-hpc-devel-static-4.7.4-4.3.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch): netcdf-gnu-hpc-4.7.4-4.3.2 netcdf-gnu-hpc-devel-4.7.4-4.3.2 netcdf-gnu-mpich-hpc-4.7.4-4.3.2 netcdf-gnu-mpich-hpc-devel-4.7.4-4.3.2 netcdf-gnu-mvapich2-hpc-4.7.4-4.3.2 netcdf-gnu-mvapich2-hpc-devel-4.7.4-4.3.2 netcdf-gnu-openmpi3-hpc-4.7.4-4.3.2 netcdf-gnu-openmpi3-hpc-devel-4.7.4-4.3.2 netcdf-gnu-openmpi4-hpc-4.7.4-4.3.2 netcdf-gnu-openmpi4-hpc-devel-4.7.4-4.3.2 - SUSE Linux Enterprise Module for HPC 15-SP3 (aarch64 x86_64): libnetcdf-gnu-hpc-4.7.4-4.3.2 libnetcdf-gnu-mpich-hpc-4.7.4-4.3.2 libnetcdf-gnu-mvapich2-hpc-4.7.4-4.3.2 libnetcdf-gnu-openmpi3-hpc-4.7.4-4.3.2 libnetcdf-gnu-openmpi4-hpc-4.7.4-4.3.2 libnetcdf_4_7_4-gnu-hpc-4.7.4-4.3.2 libnetcdf_4_7_4-gnu-hpc-debuginfo-4.7.4-4.3.2 libnetcdf_4_7_4-gnu-mpich-hpc-4.7.4-4.3.2 libnetcdf_4_7_4-gnu-mpich-hpc-debuginfo-4.7.4-4.3.2 libnetcdf_4_7_4-gnu-mvapich2-hpc-4.7.4-4.3.2 libnetcdf_4_7_4-gnu-mvapich2-hpc-debuginfo-4.7.4-4.3.2 libnetcdf_4_7_4-gnu-openmpi3-hpc-4.7.4-4.3.2 libnetcdf_4_7_4-gnu-openmpi3-hpc-debuginfo-4.7.4-4.3.2 libnetcdf_4_7_4-gnu-openmpi4-hpc-4.7.4-4.3.2 libnetcdf_4_7_4-gnu-openmpi4-hpc-debuginfo-4.7.4-4.3.2 netcdf_4_7_4-gnu-hpc-4.7.4-4.3.2 netcdf_4_7_4-gnu-hpc-debuginfo-4.7.4-4.3.2 netcdf_4_7_4-gnu-hpc-debugsource-4.7.4-4.3.2 netcdf_4_7_4-gnu-hpc-devel-4.7.4-4.3.2 netcdf_4_7_4-gnu-hpc-devel-debuginfo-4.7.4-4.3.2 netcdf_4_7_4-gnu-hpc-devel-static-4.7.4-4.3.2 netcdf_4_7_4-gnu-mpich-hpc-4.7.4-4.3.2 netcdf_4_7_4-gnu-mpich-hpc-debuginfo-4.7.4-4.3.2 netcdf_4_7_4-gnu-mpich-hpc-debugsource-4.7.4-4.3.2 netcdf_4_7_4-gnu-mpich-hpc-devel-4.7.4-4.3.2 netcdf_4_7_4-gnu-mpich-hpc-devel-debuginfo-4.7.4-4.3.2 netcdf_4_7_4-gnu-mpich-hpc-devel-static-4.7.4-4.3.2 netcdf_4_7_4-gnu-mvapich2-hpc-4.7.4-4.3.2 netcdf_4_7_4-gnu-mvapich2-hpc-debuginfo-4.7.4-4.3.2 netcdf_4_7_4-gnu-mvapich2-hpc-debugsource-4.7.4-4.3.2 netcdf_4_7_4-gnu-mvapich2-hpc-devel-4.7.4-4.3.2 netcdf_4_7_4-gnu-mvapich2-hpc-devel-debuginfo-4.7.4-4.3.2 netcdf_4_7_4-gnu-mvapich2-hpc-devel-static-4.7.4-4.3.2 netcdf_4_7_4-gnu-openmpi3-hpc-4.7.4-4.3.2 netcdf_4_7_4-gnu-openmpi3-hpc-debuginfo-4.7.4-4.3.2 netcdf_4_7_4-gnu-openmpi3-hpc-debugsource-4.7.4-4.3.2 netcdf_4_7_4-gnu-openmpi3-hpc-devel-4.7.4-4.3.2 netcdf_4_7_4-gnu-openmpi3-hpc-devel-debuginfo-4.7.4-4.3.2 netcdf_4_7_4-gnu-openmpi3-hpc-devel-static-4.7.4-4.3.2 netcdf_4_7_4-gnu-openmpi4-hpc-4.7.4-4.3.2 netcdf_4_7_4-gnu-openmpi4-hpc-debuginfo-4.7.4-4.3.2 netcdf_4_7_4-gnu-openmpi4-hpc-debugsource-4.7.4-4.3.2 netcdf_4_7_4-gnu-openmpi4-hpc-devel-4.7.4-4.3.2 netcdf_4_7_4-gnu-openmpi4-hpc-devel-debuginfo-4.7.4-4.3.2 netcdf_4_7_4-gnu-openmpi4-hpc-devel-static-4.7.4-4.3.2 - SUSE Linux Enterprise Module for HPC 15-SP3 (noarch): netcdf-gnu-hpc-4.7.4-4.3.2 netcdf-gnu-hpc-devel-4.7.4-4.3.2 netcdf-gnu-mpich-hpc-4.7.4-4.3.2 netcdf-gnu-mpich-hpc-devel-4.7.4-4.3.2 netcdf-gnu-mvapich2-hpc-4.7.4-4.3.2 netcdf-gnu-mvapich2-hpc-devel-4.7.4-4.3.2 netcdf-gnu-openmpi3-hpc-4.7.4-4.3.2 netcdf-gnu-openmpi3-hpc-devel-4.7.4-4.3.2 netcdf-gnu-openmpi4-hpc-4.7.4-4.3.2 netcdf-gnu-openmpi4-hpc-devel-4.7.4-4.3.2 References: https://www.suse.com/security/cve/CVE-2019-20005.html https://www.suse.com/security/cve/CVE-2019-20006.html https://www.suse.com/security/cve/CVE-2019-20007.html https://www.suse.com/security/cve/CVE-2019-20198.html https://www.suse.com/security/cve/CVE-2019-20199.html https://www.suse.com/security/cve/CVE-2019-20200.html https://www.suse.com/security/cve/CVE-2019-20201.html https://www.suse.com/security/cve/CVE-2019-20202.html https://www.suse.com/security/cve/CVE-2021-26220.html https://www.suse.com/security/cve/CVE-2021-26221.html https://www.suse.com/security/cve/CVE-2021-26222.html https://www.suse.com/security/cve/CVE-2021-30485.html https://www.suse.com/security/cve/CVE-2021-31229.html https://www.suse.com/security/cve/CVE-2021-31347.html https://www.suse.com/security/cve/CVE-2021-31348.html https://www.suse.com/security/cve/CVE-2021-31598.html https://bugzilla.suse.com/1191856 From sle-updates at lists.suse.com Thu Dec 2 11:47:34 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Dec 2021 12:47:34 +0100 (CET) Subject: SUSE-RU-2021:14851-1: moderate: Recommended update for net-snmp Message-ID: <20211202114734.4B9EEFBB3@maintenance.suse.de> SUSE Recommended Update: Recommended update for net-snmp ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:14851-1 Rating: moderate References: #1013705 #1030149 #1116807 #985890 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Server 11-SECURITY SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for net-snmp fixes the following issues: - Add info about the original agent which triggered the trap. When the trap is forwarded there was no info about the original agent (bsc#1116807) - Fixes double free corruption when receiving v3 traps (bsc#1013705) - Extended disk and RAM size overflow patch (bsc#985890). - Fix agentaddress from overflowing (bsc#1030149). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-net-snmp-14851=1 - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-net-snmp-14851=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-net-snmp-14851=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-net-snmp-14851=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-net-snmp-14851=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): libsnmp15-5.4.2.1-8.12.32.5.13 net-snmp-5.4.2.1-8.12.32.5.13 perl-SNMP-5.4.2.1-8.12.32.5.13 snmp-mibs-5.4.2.1-8.12.32.5.13 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): libsnmp15-32bit-5.4.2.1-8.12.32.5.13 - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): libsnmp15-openssl1-5.4.2.1-8.12.32.5.13 - SUSE Linux Enterprise Server 11-SECURITY (ppc64 s390x x86_64): libsnmp15-openssl1-32bit-5.4.2.1-8.12.32.5.13 - SUSE Linux Enterprise Server 11-SECURITY (ia64): libsnmp15-openssl1-x86-5.4.2.1-8.12.32.5.13 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libsnmp15-5.4.2.1-8.12.32.5.13 net-snmp-5.4.2.1-8.12.32.5.13 perl-SNMP-5.4.2.1-8.12.32.5.13 snmp-mibs-5.4.2.1-8.12.32.5.13 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): net-snmp-debuginfo-5.4.2.1-8.12.32.5.13 net-snmp-debugsource-5.4.2.1-8.12.32.5.13 net-snmp-openssl1-debuginfo-5.4.2.1-8.12.32.5.13 net-snmp-openssl1-debugsource-5.4.2.1-8.12.32.5.13 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): net-snmp-debuginfo-5.4.2.1-8.12.32.5.13 net-snmp-debugsource-5.4.2.1-8.12.32.5.13 net-snmp-openssl1-debuginfo-5.4.2.1-8.12.32.5.13 net-snmp-openssl1-debugsource-5.4.2.1-8.12.32.5.13 References: https://bugzilla.suse.com/1013705 https://bugzilla.suse.com/1030149 https://bugzilla.suse.com/1116807 https://bugzilla.suse.com/985890 From sle-updates at lists.suse.com Thu Dec 2 11:49:17 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Dec 2021 12:49:17 +0100 (CET) Subject: SUSE-RU-2021:3869-1: moderate: Recommended update for suse-module-tools Message-ID: <20211202114917.B0B89FBB3@maintenance.suse.de> SUSE Recommended Update: Recommended update for suse-module-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3869-1 Rating: moderate References: #1189841 #1189879 #1190598 #1191200 #1191260 #1191480 #1191804 #1191922 Affected Products: SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This update for suse-module-tools fixes the following issues: - rpm-script: fix bad exit status in OpenQA (bsc#1191922) - cert-script: Deal with existing $cert.delete file (bsc#1191804) - cert-script: Ignore kernel keyring for kernel certificates (bsc#1191480) - cert-script: Only print mokutil output in verbose mode - inkmp-script(postun): don't pass existing files to weak-modules2 (bsc#1191200) - kernel-scriptlets: skip cert scriptlet on non-UEFI systems (bsc#1191260) - rpm-script: link config also into /boot (bsc#1189879) - Import kernel scriptlets from kernel-source (bsc#1189841, bsc#1190598) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-3869=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-3869=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-3869=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-3869=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-3869=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-3869=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): suse-module-tools-15.1.23-3.19.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): suse-module-tools-15.1.23-3.19.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): suse-module-tools-15.1.23-3.19.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): suse-module-tools-15.1.23-3.19.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): suse-module-tools-15.1.23-3.19.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): suse-module-tools-15.1.23-3.19.1 - SUSE CaaS Platform 4.0 (x86_64): suse-module-tools-15.1.23-3.19.1 References: https://bugzilla.suse.com/1189841 https://bugzilla.suse.com/1189879 https://bugzilla.suse.com/1190598 https://bugzilla.suse.com/1191200 https://bugzilla.suse.com/1191260 https://bugzilla.suse.com/1191480 https://bugzilla.suse.com/1191804 https://bugzilla.suse.com/1191922 From sle-updates at lists.suse.com Thu Dec 2 11:53:39 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Dec 2021 12:53:39 +0100 (CET) Subject: SUSE-SU-2021:3877-1: important: Security update for the Linux Kernel Message-ID: <20211202115339.8A14AFBB3@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3877-1 Rating: important References: #1114648 #1141655 #1190523 #1191790 #1191961 #1192045 #1192048 #1192273 #1192718 #1192750 #1192753 #1192781 #1192802 #1192906 #1192987 SLE-22573 Cross-References: CVE-2021-0941 CVE-2021-20322 CVE-2021-31916 CVE-2021-34981 CVSS scores: CVE-2021-0941 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-20322 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2021-31916 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-31916 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-34981 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise High Availability 12-SP5 ______________________________________________________________________________ An update that solves four vulnerabilities, contains one feature and has 11 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - Unprivileged BPF has been disabled by default to reduce attack surface as too many security issues have happened in the past (jsc#SLE-22573) You can reenable via systemctl setting /proc/sys/kernel/unprivileged_bpf_disabled to 0. (kernel.unprivileged_bpf_disabled = 0) - CVE-2021-0941: In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192045). - CVE-2021-31916: An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel A bound check failure allowed an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability (bnc#1192781). - CVE-2021-20322: Make the ipv4 and ipv6 ICMP exception caches less predictive to avoid information leaks about UDP ports in use. (bsc#1191790) - CVE-2021-34981: Fixed file refcounting in cmtp when cmtp_attach_device fails. (bsc#1191961) The following non-security bugs were fixed: - arm64: pgtable: make __pte_to_phys/__phys_to_pte_val inline functions (git-fixes). - arm64/sve: Use correct size when reinitialising SVE state (git-fixes). - bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22913) - bpf: Disallow unprivileged bpf by default (jsc#SLE-22913). - bpf: Fix potential race in tail call compatibility check (git-fixes). - bpf: Move owner type, jited info into array auxiliary data (bsc#1141655). - bpf: Use kvmalloc for map values in syscall (stable-5.14.16). - btrfs: fix memory ordering between normal and ordered work functions (git-fixes). - config: disable unprivileged BPF by default (jsc#SLE-22913) - drivers: base: cacheinfo: Get rid of DEFINE_SMP_CALL_CACHE_FUNCTION() (git-fixes). - drm: fix spectre issue in vmw_execbuf_ioctl (bsc#1192802). - EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell (bsc#1114648). - fuse: fix page stealing (bsc#1192718). - gigaset: fix spectre issue in do_data_b3_req (bsc#1192802). - hisax: fix spectre issues (bsc#1192802). - hysdn: fix spectre issue in hycapi_send_message (bsc#1192802). - i2c: synquacer: fix deferred probing (git-fixes). - ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510). - ibmvnic: do not stop queue in xmit (bsc#1192273 ltc#194629). - ibmvnic: Process crqs after enabling interrupts (bsc#1192273 ltc#194629). - infiniband: fix spectre issue in ib_uverbs_write (bsc#1192802). - iwlwifi: fix spectre issue in iwl_dbgfs_update_pm (bsc#1192802). - media: dvb_ca_en50221: prevent using slot_info for Spectre attacs (bsc#1192802). - media: dvb_ca_en50221: sanity check slot number from userspace (bsc#1192802). - media: wl128x: get rid of a potential spectre issue (bsc#1192802). - mm/hugetlb: initialize hugetlb_usage in mm_init (bsc#1192906). - mpt3sas: fix spectre issues (bsc#1192802). - net: sock_diag: Fix spectre v1 gadget in __sock_diag_cmd() (bsc#1192802). - osst: fix spectre issue in osst_verify_frame (bsc#1192802). - prctl: allow to setup brk for et_dyn executables (git-fixes). - printk/console: Allow to disable console output by using console="" or console=null (bsc#1192753). - printk: handle blank console arguments passed in (bsc#1192753). - printk: Remove printk.h inclusion in percpu.h (bsc#1192987). - Revert "ibmvnic: check failover_pending in login response" (bsc#1190523 ltc#194510). - Revert "x86/kvm: fix vcpu-id indexed array sizes" (git-fixes). - scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe() (git-fixes). - scsi: BusLogic: Fix missing pr_cont() use (git-fixes). - scsi: core: Fix error handling of scsi_host_alloc() (git-fixes). - scsi: core: Fix spelling in a source code comment (git-fixes). - scsi: core: Only put parent device if host state differs from SHOST_CREATED (git-fixes). - scsi: core: Put .shost_dev in failure path if host state changes to RUNNING (git-fixes). - scsi: core: Retry I/O for Notify (Enable Spinup) Required error (git-fixes). - scsi: csiostor: Add module softdep on cxgb4 (git-fixes). - scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn() (git-fixes). - scsi: dc395: Fix error case unwinding (git-fixes). - scsi: FlashPoint: Rename si_flags field (git-fixes). - scsi: iscsi: Fix iface sysfs attr detection (git-fixes). - scsi: libsas: Use _safe() loop in sas_resume_port() (git-fixes). - scsi: mpt3sas: Fix error return value in _scsih_expander_add() (git-fixes). - scsi: qedf: Add pointer checks in qedf_update_link_speed() (git-fixes). - scsi: qedf: Fix error codes in qedf_alloc_global_queues() (git-fixes). - scsi: qedi: Fix error codes in qedi_alloc_global_queues() (git-fixes). - scsi: qla2xxx: Fix a memory leak in an error path of qla2x00_process_els() (git-fixes). - scsi: qla2xxx: Make sure that aborted commands are freed (git-fixes). - scsi: snic: Fix an error message (git-fixes). - scsi: ufs: ufshcd-pltfrm: Fix memory leak due to probe defer (git-fixes). - soc: fsl: dpio: replace smp_processor_id with raw_smp_processor_id (git-fixes). - swiotlb-xen: avoid double free (git-fixes). - sysvipc/sem: mitigate semnum index against spectre v1 (bsc#1192802). - tracing: use %ps format string to print symbols (git-fixes). - tty: serial: fsl_lpuart: fix the wrong mapbase value (git-fixes). - Update config files: Add CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set - x86/xen: Mark cpu_bringup_and_idle() as dead_end_function (git-fixes). - x86/Xen: swap NX determination and GDT setup on BSP (git-fixes). - xen: Fix implicit type conversion (git-fixes). - xen-pciback: Fix return in pm_ctrl_init() (git-fixes). - xen-pciback: redo VF placement in the virtual topology (git-fixes). - xen/x86: fix PV trap handling on secondary processors (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2021-3877=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-3877=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3877=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2021-3877=1 - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2021-3877=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): kernel-default-debuginfo-4.12.14-122.103.1 kernel-default-debugsource-4.12.14-122.103.1 kernel-default-extra-4.12.14-122.103.1 kernel-default-extra-debuginfo-4.12.14-122.103.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-122.103.1 kernel-obs-build-debugsource-4.12.14-122.103.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): kernel-docs-4.12.14-122.103.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-122.103.1 kernel-default-base-4.12.14-122.103.1 kernel-default-base-debuginfo-4.12.14-122.103.1 kernel-default-debuginfo-4.12.14-122.103.1 kernel-default-debugsource-4.12.14-122.103.1 kernel-default-devel-4.12.14-122.103.1 kernel-syms-4.12.14-122.103.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): kernel-devel-4.12.14-122.103.1 kernel-macros-4.12.14-122.103.1 kernel-source-4.12.14-122.103.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): kernel-default-devel-debuginfo-4.12.14-122.103.1 - SUSE Linux Enterprise Server 12-SP5 (s390x): kernel-default-man-4.12.14-122.103.1 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-122.103.1 kernel-default-debugsource-4.12.14-122.103.1 kernel-default-kgraft-4.12.14-122.103.1 kernel-default-kgraft-devel-4.12.14-122.103.1 kgraft-patch-4_12_14-122_103-default-1-8.5.1 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-122.103.1 cluster-md-kmp-default-debuginfo-4.12.14-122.103.1 dlm-kmp-default-4.12.14-122.103.1 dlm-kmp-default-debuginfo-4.12.14-122.103.1 gfs2-kmp-default-4.12.14-122.103.1 gfs2-kmp-default-debuginfo-4.12.14-122.103.1 kernel-default-debuginfo-4.12.14-122.103.1 kernel-default-debugsource-4.12.14-122.103.1 ocfs2-kmp-default-4.12.14-122.103.1 ocfs2-kmp-default-debuginfo-4.12.14-122.103.1 References: https://www.suse.com/security/cve/CVE-2021-0941.html https://www.suse.com/security/cve/CVE-2021-20322.html https://www.suse.com/security/cve/CVE-2021-31916.html https://www.suse.com/security/cve/CVE-2021-34981.html https://bugzilla.suse.com/1114648 https://bugzilla.suse.com/1141655 https://bugzilla.suse.com/1190523 https://bugzilla.suse.com/1191790 https://bugzilla.suse.com/1191961 https://bugzilla.suse.com/1192045 https://bugzilla.suse.com/1192048 https://bugzilla.suse.com/1192273 https://bugzilla.suse.com/1192718 https://bugzilla.suse.com/1192750 https://bugzilla.suse.com/1192753 https://bugzilla.suse.com/1192781 https://bugzilla.suse.com/1192802 https://bugzilla.suse.com/1192906 https://bugzilla.suse.com/1192987 From sle-updates at lists.suse.com Thu Dec 2 11:56:39 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Dec 2021 12:56:39 +0100 (CET) Subject: SUSE-RU-2021:3871-1: moderate: Recommended update for xorg-cf-files Message-ID: <20211202115639.0A810FBB3@maintenance.suse.de> SUSE Recommended Update: Recommended update for xorg-cf-files ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3871-1 Rating: moderate References: #1192589 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for xorg-cf-files fixes the following issues: - Resolves compatibility issue between binutils and imake (bsc#1192589) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3871=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3871=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): xorg-cf-files-1.0.6-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): xorg-cf-files-1.0.6-3.3.1 References: https://bugzilla.suse.com/1192589 From sle-updates at lists.suse.com Thu Dec 2 11:58:57 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Dec 2021 12:58:57 +0100 (CET) Subject: SUSE-RU-2021:3868-1: moderate: Recommended update for acct Message-ID: <20211202115857.A2086FBB3@maintenance.suse.de> SUSE Recommended Update: Recommended update for acct ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3868-1 Rating: moderate References: #1188159 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for acct fixes the following issues: - Migrate pacct log file to new location when upgrading from SLE12 (bsc#1188159) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3868=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3868=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): acct-6.6.4-4.3.1 acct-debuginfo-6.6.4-4.3.1 acct-debugsource-6.6.4-4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): acct-6.6.4-4.3.1 acct-debuginfo-6.6.4-4.3.1 acct-debugsource-6.6.4-4.3.1 References: https://bugzilla.suse.com/1188159 From sle-updates at lists.suse.com Thu Dec 2 12:00:08 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Dec 2021 13:00:08 +0100 (CET) Subject: SUSE-RU-2021:3872-1: moderate: Recommended update for cracklib Message-ID: <20211202120008.74130FBB3@maintenance.suse.de> SUSE Recommended Update: Recommended update for cracklib ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3872-1 Rating: moderate References: #1191736 Affected Products: SUSE MicroOS 5.1 SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cracklib fixes the following issues: - Enable build time tests (bsc#1191736) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-3872=1 - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-3872=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3872=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3872=1 Package List: - SUSE MicroOS 5.1 (aarch64 s390x x86_64): cracklib-2.9.7-11.6.1 cracklib-debuginfo-2.9.7-11.6.1 cracklib-debugsource-2.9.7-11.6.1 cracklib-dict-small-2.9.7-11.6.1 libcrack2-2.9.7-11.6.1 libcrack2-debuginfo-2.9.7-11.6.1 - SUSE MicroOS 5.0 (aarch64 x86_64): cracklib-2.9.7-11.6.1 cracklib-debuginfo-2.9.7-11.6.1 cracklib-debugsource-2.9.7-11.6.1 cracklib-dict-small-2.9.7-11.6.1 libcrack2-2.9.7-11.6.1 libcrack2-debuginfo-2.9.7-11.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): cracklib-2.9.7-11.6.1 cracklib-debuginfo-2.9.7-11.6.1 cracklib-debugsource-2.9.7-11.6.1 cracklib-devel-2.9.7-11.6.1 cracklib-dict-small-2.9.7-11.6.1 libcrack2-2.9.7-11.6.1 libcrack2-debuginfo-2.9.7-11.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libcrack2-32bit-2.9.7-11.6.1 libcrack2-32bit-debuginfo-2.9.7-11.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): cracklib-2.9.7-11.6.1 cracklib-debuginfo-2.9.7-11.6.1 cracklib-debugsource-2.9.7-11.6.1 cracklib-devel-2.9.7-11.6.1 cracklib-dict-small-2.9.7-11.6.1 libcrack2-2.9.7-11.6.1 libcrack2-debuginfo-2.9.7-11.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libcrack2-32bit-2.9.7-11.6.1 libcrack2-32bit-debuginfo-2.9.7-11.6.1 References: https://bugzilla.suse.com/1191736 From sle-updates at lists.suse.com Thu Dec 2 12:03:37 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Dec 2021 13:03:37 +0100 (CET) Subject: SUSE-RU-2021:3866-1: moderate: Recommended update for rsync Message-ID: <20211202120337.192A3FBB3@maintenance.suse.de> SUSE Recommended Update: Recommended update for rsync ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3866-1 Rating: moderate References: #1190828 Affected Products: SUSE MicroOS 5.1 SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rsync fixes the following issues: - Fixed an error when using the external compression library where files larger that 1GB would not be transferred completely and failing (bsc#1190828) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-3866=1 - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-3866=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3866=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3866=1 Package List: - SUSE MicroOS 5.1 (aarch64 s390x x86_64): rsync-3.1.3-4.10.1 rsync-debuginfo-3.1.3-4.10.1 rsync-debugsource-3.1.3-4.10.1 - SUSE MicroOS 5.0 (aarch64 x86_64): rsync-3.1.3-4.10.1 rsync-debuginfo-3.1.3-4.10.1 rsync-debugsource-3.1.3-4.10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): rsync-3.1.3-4.10.1 rsync-debuginfo-3.1.3-4.10.1 rsync-debugsource-3.1.3-4.10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): rsync-3.1.3-4.10.1 rsync-debuginfo-3.1.3-4.10.1 rsync-debugsource-3.1.3-4.10.1 References: https://bugzilla.suse.com/1190828 From sle-updates at lists.suse.com Thu Dec 2 12:06:02 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Dec 2021 13:06:02 +0100 (CET) Subject: SUSE-RU-2021:14852-1: Recommended update for libsatsolver and libzypp Message-ID: <20211202120602.3282AFBB3@maintenance.suse.de> SUSE Recommended Update: Recommended update for libsatsolver and libzypp ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:14852-1 Rating: low References: #1152078 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libsatsolver and libzypp fixes the following issues: - Fixes an issue where an update for MozillaFirefox was not identified correctly (bsc#1152078) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-libsatsolver-14852=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-libsatsolver-14852=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): libzypp-9.41.1-20.5.2 satsolver-tools-0.17.10-7.3.19 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libzypp-9.41.1-20.5.2 satsolver-tools-0.17.10-7.3.19 References: https://bugzilla.suse.com/1152078 From sle-updates at lists.suse.com Thu Dec 2 12:07:17 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Dec 2021 13:07:17 +0100 (CET) Subject: SUSE-SU-2021:3878-1: moderate: Security update for gmp Message-ID: <20211202120717.1232EFBB3@maintenance.suse.de> SUSE Security Update: Security update for gmp ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3878-1 Rating: moderate References: #1192717 Cross-References: CVE-2021-43618 CVSS scores: CVE-2021-43618 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gmp fixes the following issues: - CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-3878=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3878=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): gmp-debugsource-5.1.3-4.3.1 gmp-devel-5.1.3-4.3.1 libgmpxx4-5.1.3-4.3.1 libgmpxx4-debuginfo-5.1.3-4.3.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): gmp-debugsource-5.1.3-4.3.1 libgmp10-5.1.3-4.3.1 libgmp10-debuginfo-5.1.3-4.3.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libgmp10-32bit-5.1.3-4.3.1 libgmp10-debuginfo-32bit-5.1.3-4.3.1 References: https://www.suse.com/security/cve/CVE-2021-43618.html https://bugzilla.suse.com/1192717 From sle-updates at lists.suse.com Thu Dec 2 12:08:28 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Dec 2021 13:08:28 +0100 (CET) Subject: SUSE-RU-2021:3863-1: moderate: Recommended update for kdump Message-ID: <20211202120828.60725FBB3@maintenance.suse.de> SUSE Recommended Update: Recommended update for kdump ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3863-1 Rating: moderate References: #1189923 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for kdump fixes the following issues: - Add watchdog modules to kdump initrd to prevent that the crash dump may be interrupted by a watchdog, which caused hpwdt kernel module not building (bsc#1189923) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3863=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): kdump-0.8.16-11.16.1 kdump-debuginfo-0.8.16-11.16.1 kdump-debugsource-0.8.16-11.16.1 References: https://bugzilla.suse.com/1189923 From sle-updates at lists.suse.com Thu Dec 2 12:09:39 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Dec 2021 13:09:39 +0100 (CET) Subject: SUSE-RU-2021:3879-1: moderate: Recommended update for rmt-server Message-ID: <20211202120939.C5F34FBB3@maintenance.suse.de> SUSE Recommended Update: Recommended update for rmt-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3879-1 Rating: moderate References: #1176628 #1188043 #1189805 #951189 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP2 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for rmt-server fixes the following issues: - Version 2.7.0 - Allow to validate all versions when they are of the same product and arch. - De-register BYOS systems using RMT as a proxy from SCC. - De-activate a single product from a BYOS proxy system. - Add the handling of the BYOS systems that use RMT as a SCC proxy. - Add subscription support in RMT. RMT can now consume registration codes supplied when registering a system. - Add host's login header to API requests to SCC. If the information is available, RMT will send it on requests to attach the registration proxy to a host system in SCC. - Add extra check to product dependency on RMT API. Now, when a system tries to activate a module through RMT, if it requires a root product which is not activated, the activation will fail (bsc#951189). - Load global configuration only if it can be ready by the current process. - Handle special characters in package names (bsc#1189805) - Add release_stage to all api endpoints to allow external programm determine product stage. (bsc#1176628) - Fix broken links (bsc#1188043) - Additional debug output for mirroring subcommand with '--debug' flag. - Update translations. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-3879=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2021-3879=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): rmt-server-2.7.0-3.20.1 rmt-server-config-2.7.0-3.20.1 rmt-server-debuginfo-2.7.0-3.20.1 rmt-server-debugsource-2.7.0-3.20.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (aarch64 ppc64le s390x x86_64): rmt-server-debuginfo-2.7.0-3.20.1 rmt-server-debugsource-2.7.0-3.20.1 rmt-server-pubcloud-2.7.0-3.20.1 References: https://bugzilla.suse.com/1176628 https://bugzilla.suse.com/1188043 https://bugzilla.suse.com/1189805 https://bugzilla.suse.com/951189 From sle-updates at lists.suse.com Thu Dec 2 12:11:14 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Dec 2021 13:11:14 +0100 (CET) Subject: SUSE-RU-2021:3862-1: moderate: Recommended update for policycoreutils Message-ID: <20211202121114.0BCA3FBB3@maintenance.suse.de> SUSE Recommended Update: Recommended update for policycoreutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3862-1 Rating: moderate References: #1190098 Affected Products: SUSE MicroOS 5.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for policycoreutils fixes the following issues: - Adjust SUSE pam setup to fix authentication failures (bsc#1190098) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-3862=1 Package List: - SUSE MicroOS 5.1 (aarch64 s390x x86_64): policycoreutils-3.1-4.3.1 policycoreutils-debuginfo-3.1-4.3.1 policycoreutils-debugsource-3.1-4.3.1 policycoreutils-devel-3.1-4.3.1 policycoreutils-devel-debuginfo-3.1-4.3.1 - SUSE MicroOS 5.1 (noarch): policycoreutils-python-utils-3.1-4.3.1 python3-policycoreutils-3.1-4.3.1 References: https://bugzilla.suse.com/1190098 From sle-updates at lists.suse.com Thu Dec 2 12:12:28 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Dec 2021 13:12:28 +0100 (CET) Subject: SUSE-SU-2021:3875-1: important: Security update for openssh Message-ID: <20211202121228.2D89AFBB3@maintenance.suse.de> SUSE Security Update: Security update for openssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3875-1 Rating: important References: #1190975 Cross-References: CVE-2021-41617 CVSS scores: CVE-2021-41617 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-41617 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssh fixes the following issues: - CVE-2021-41617: Fixed privilege escalation when AuthorizedKeysCommand/AuthorizedPrincipalsCommand are configured (bsc#1190975). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-3875=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-3875=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-3875=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3875=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-3875=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): openssh-7.2p2-78.13.1 openssh-askpass-gnome-7.2p2-78.13.1 openssh-askpass-gnome-debuginfo-7.2p2-78.13.1 openssh-debuginfo-7.2p2-78.13.1 openssh-debugsource-7.2p2-78.13.1 openssh-fips-7.2p2-78.13.1 openssh-helpers-7.2p2-78.13.1 openssh-helpers-debuginfo-7.2p2-78.13.1 - SUSE OpenStack Cloud 9 (x86_64): openssh-7.2p2-78.13.1 openssh-askpass-gnome-7.2p2-78.13.1 openssh-askpass-gnome-debuginfo-7.2p2-78.13.1 openssh-debuginfo-7.2p2-78.13.1 openssh-debugsource-7.2p2-78.13.1 openssh-fips-7.2p2-78.13.1 openssh-helpers-7.2p2-78.13.1 openssh-helpers-debuginfo-7.2p2-78.13.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): openssh-7.2p2-78.13.1 openssh-askpass-gnome-7.2p2-78.13.1 openssh-askpass-gnome-debuginfo-7.2p2-78.13.1 openssh-debuginfo-7.2p2-78.13.1 openssh-debugsource-7.2p2-78.13.1 openssh-fips-7.2p2-78.13.1 openssh-helpers-7.2p2-78.13.1 openssh-helpers-debuginfo-7.2p2-78.13.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): openssh-7.2p2-78.13.1 openssh-askpass-gnome-7.2p2-78.13.1 openssh-askpass-gnome-debuginfo-7.2p2-78.13.1 openssh-debuginfo-7.2p2-78.13.1 openssh-debugsource-7.2p2-78.13.1 openssh-fips-7.2p2-78.13.1 openssh-helpers-7.2p2-78.13.1 openssh-helpers-debuginfo-7.2p2-78.13.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): openssh-7.2p2-78.13.1 openssh-askpass-gnome-7.2p2-78.13.1 openssh-askpass-gnome-debuginfo-7.2p2-78.13.1 openssh-debuginfo-7.2p2-78.13.1 openssh-debugsource-7.2p2-78.13.1 openssh-fips-7.2p2-78.13.1 openssh-helpers-7.2p2-78.13.1 openssh-helpers-debuginfo-7.2p2-78.13.1 References: https://www.suse.com/security/cve/CVE-2021-41617.html https://bugzilla.suse.com/1190975 From sle-updates at lists.suse.com Thu Dec 2 12:13:49 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Dec 2021 13:13:49 +0100 (CET) Subject: SUSE-SU-2021:3874-1: important: Security update for webkit2gtk3 Message-ID: <20211202121349.DA925FBB3@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3874-1 Rating: important References: #1192063 Cross-References: CVE-2021-30846 CVE-2021-30851 CVSS scores: CVE-2021-30846 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30846 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30851 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30851 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for webkit2gtk3 fixes the following issues: - CVE-2021-30846: Fixed memory corruption issue that could lead to arbitrary code execution when processing maliciously crafted web content (bsc#1192063). - CVE-2021-30851: Fixed memory corruption vulnerability that could lead to arbitrary code execution when processing maliciously crafted web content (bsc#1192063). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-3874=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-3874=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3874=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3874=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): typelib-1_0-JavaScriptCore-4_0-2.34.1-18.1 typelib-1_0-WebKit2-4_0-2.34.1-18.1 typelib-1_0-WebKit2WebExtension-4_0-2.34.1-18.1 webkit2gtk3-debugsource-2.34.1-18.1 webkit2gtk3-devel-2.34.1-18.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): typelib-1_0-JavaScriptCore-4_0-2.34.1-18.1 typelib-1_0-WebKit2-4_0-2.34.1-18.1 typelib-1_0-WebKit2WebExtension-4_0-2.34.1-18.1 webkit2gtk3-debugsource-2.34.1-18.1 webkit2gtk3-devel-2.34.1-18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.34.1-18.1 libjavascriptcoregtk-4_0-18-debuginfo-2.34.1-18.1 libwebkit2gtk-4_0-37-2.34.1-18.1 libwebkit2gtk-4_0-37-debuginfo-2.34.1-18.1 webkit2gtk-4_0-injected-bundles-2.34.1-18.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.1-18.1 webkit2gtk3-debugsource-2.34.1-18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): libwebkit2gtk3-lang-2.34.1-18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.34.1-18.1 libjavascriptcoregtk-4_0-18-debuginfo-2.34.1-18.1 libwebkit2gtk-4_0-37-2.34.1-18.1 libwebkit2gtk-4_0-37-debuginfo-2.34.1-18.1 webkit2gtk-4_0-injected-bundles-2.34.1-18.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.1-18.1 webkit2gtk3-debugsource-2.34.1-18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): libwebkit2gtk3-lang-2.34.1-18.1 References: https://www.suse.com/security/cve/CVE-2021-30846.html https://www.suse.com/security/cve/CVE-2021-30851.html https://bugzilla.suse.com/1192063 From sle-updates at lists.suse.com Thu Dec 2 14:16:50 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Dec 2021 15:16:50 +0100 (CET) Subject: SUSE-RU-2021:3883-1: moderate: Recommended update for timezone Message-ID: <20211202141650.E78C0FBB3@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3883-1 Rating: moderate References: #1177460 Affected Products: SUSE MicroOS 5.1 SUSE MicroOS 5.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for timezone fixes the following issues: Update timezone to 2021e (bsc#1177460) - Palestine will fall back 10-29 (not 10-30) at 01:00 - Fiji suspends DST for the 2021/2022 season - 'zic -r' marks unspecified timestamps with "-00" - Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers - Refresh timezone info for china Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-3883=1 - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-3883=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-3883=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-3883=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-3883=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-3883=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-3883=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3883=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3883=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-3883=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-3883=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3883=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3883=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-3883=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE MicroOS 5.1 (aarch64 s390x x86_64): timezone-2021e-75.4.1 timezone-debuginfo-2021e-75.4.1 timezone-debugsource-2021e-75.4.1 - SUSE MicroOS 5.0 (aarch64 x86_64): timezone-2021e-75.4.1 timezone-debuginfo-2021e-75.4.1 timezone-debugsource-2021e-75.4.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): timezone-2021e-75.4.1 timezone-debuginfo-2021e-75.4.1 timezone-debugsource-2021e-75.4.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): timezone-java-2021e-3.50.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): timezone-2021e-75.4.1 timezone-debuginfo-2021e-75.4.1 timezone-debugsource-2021e-75.4.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): timezone-java-2021e-3.50.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): timezone-2021e-75.4.1 timezone-debuginfo-2021e-75.4.1 timezone-debugsource-2021e-75.4.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): timezone-java-2021e-3.50.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): timezone-2021e-75.4.1 timezone-debuginfo-2021e-75.4.1 timezone-debugsource-2021e-75.4.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): timezone-java-2021e-3.50.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): timezone-2021e-75.4.1 timezone-debuginfo-2021e-75.4.1 timezone-debugsource-2021e-75.4.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): timezone-java-2021e-3.50.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): timezone-2021e-75.4.1 timezone-debuginfo-2021e-75.4.1 timezone-debugsource-2021e-75.4.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): timezone-java-2021e-3.50.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): timezone-2021e-75.4.1 timezone-debuginfo-2021e-75.4.1 timezone-debugsource-2021e-75.4.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): timezone-java-2021e-3.50.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): timezone-2021e-75.4.1 timezone-debuginfo-2021e-75.4.1 timezone-debugsource-2021e-75.4.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): timezone-java-2021e-3.50.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): timezone-2021e-75.4.1 timezone-debuginfo-2021e-75.4.1 timezone-debugsource-2021e-75.4.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): timezone-java-2021e-3.50.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): timezone-2021e-75.4.1 timezone-debuginfo-2021e-75.4.1 timezone-debugsource-2021e-75.4.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): timezone-java-2021e-3.50.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): timezone-2021e-75.4.1 timezone-debuginfo-2021e-75.4.1 timezone-debugsource-2021e-75.4.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): timezone-java-2021e-3.50.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): timezone-2021e-75.4.1 timezone-debuginfo-2021e-75.4.1 timezone-debugsource-2021e-75.4.1 - SUSE Enterprise Storage 6 (noarch): timezone-java-2021e-3.50.1 - SUSE CaaS Platform 4.0 (noarch): timezone-java-2021e-3.50.1 - SUSE CaaS Platform 4.0 (x86_64): timezone-2021e-75.4.1 timezone-debuginfo-2021e-75.4.1 timezone-debugsource-2021e-75.4.1 References: https://bugzilla.suse.com/1177460 From sle-updates at lists.suse.com Thu Dec 2 14:18:16 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Dec 2021 15:18:16 +0100 (CET) Subject: SUSE-RU-2021:3882-1: moderate: Recommended update for timezone Message-ID: <20211202141816.13942FBB3@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3882-1 Rating: moderate References: #1177460 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for timezone fixes the following issues: Update timezone to 2021e (bsc#1177460) - Palestine will fall back 10-29 (not 10-30) at 01:00 - Fiji suspends DST for the 2021/2022 season - 'zic -r' marks unspecified timestamps with "-00" - Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers - Refresh timezone info for china Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-3882=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-3882=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-3882=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-3882=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-3882=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-3882=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3882=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-3882=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-3882=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-3882=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-3882=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-3882=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): timezone-2021e-74.55.1 timezone-debuginfo-2021e-74.55.1 timezone-debugsource-2021e-74.55.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): timezone-java-2021e-0.74.55.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): timezone-java-2021e-0.74.55.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): timezone-2021e-74.55.1 timezone-debuginfo-2021e-74.55.1 timezone-debugsource-2021e-74.55.1 - SUSE OpenStack Cloud 9 (noarch): timezone-java-2021e-0.74.55.1 - SUSE OpenStack Cloud 9 (x86_64): timezone-2021e-74.55.1 timezone-debuginfo-2021e-74.55.1 timezone-debugsource-2021e-74.55.1 - SUSE OpenStack Cloud 8 (noarch): timezone-java-2021e-0.74.55.1 - SUSE OpenStack Cloud 8 (x86_64): timezone-2021e-74.55.1 timezone-debuginfo-2021e-74.55.1 timezone-debugsource-2021e-74.55.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): timezone-2021e-74.55.1 timezone-debuginfo-2021e-74.55.1 timezone-debugsource-2021e-74.55.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): timezone-java-2021e-0.74.55.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): timezone-2021e-74.55.1 timezone-debuginfo-2021e-74.55.1 timezone-debugsource-2021e-74.55.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): timezone-java-2021e-0.74.55.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): timezone-2021e-74.55.1 timezone-debuginfo-2021e-74.55.1 timezone-debugsource-2021e-74.55.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): timezone-java-2021e-0.74.55.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): timezone-2021e-74.55.1 timezone-debuginfo-2021e-74.55.1 timezone-debugsource-2021e-74.55.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): timezone-java-2021e-0.74.55.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): timezone-2021e-74.55.1 timezone-debuginfo-2021e-74.55.1 timezone-debugsource-2021e-74.55.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): timezone-java-2021e-0.74.55.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): timezone-2021e-74.55.1 timezone-debuginfo-2021e-74.55.1 timezone-debugsource-2021e-74.55.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): timezone-java-2021e-0.74.55.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): timezone-2021e-74.55.1 timezone-debuginfo-2021e-74.55.1 timezone-debugsource-2021e-74.55.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): timezone-java-2021e-0.74.55.1 - HPE Helion Openstack 8 (noarch): timezone-java-2021e-0.74.55.1 - HPE Helion Openstack 8 (x86_64): timezone-2021e-74.55.1 timezone-debuginfo-2021e-74.55.1 timezone-debugsource-2021e-74.55.1 References: https://bugzilla.suse.com/1177460 From sle-updates at lists.suse.com Thu Dec 2 14:19:29 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Dec 2021 15:19:29 +0100 (CET) Subject: SUSE-FU-2021:3885-1: moderate: Feature update for libetonyek libmwaw Message-ID: <20211202141929.43E35FBB3@maintenance.suse.de> SUSE Feature Update: Feature update for libetonyek libmwaw ______________________________________________________________________________ Announcement ID: SUSE-FU-2021:3885-1 Rating: moderate References: SLE-18213 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that has 0 feature fixes and contains one feature can now be installed. Description: This feature update for libetonyek and libmwaw fixes the following issues: Update libetonyek to 0.1.10 (jsc#SLE-18213): - Use mdds-1.5 by default. - Parse shadow. - Improve detection of the "new" formats. - Fix handling of text baseline shift. - Improve various formats. - Various small bugfixes and fuzzer fixes - Fix some ambiguities in type resolutions on older compilers Update libmwaw to 0.3.20 (jsc#SLE-18213): - Add a parser for 'Student Writing Center' files (v1) - Add a parser for 'Word Maker' files (v1) - Add a parser for 'Canvas 9/10' files (Mac) - Add a parser for 'Canvas 7/8' files (Mac) - Add a parser for 'Canvas Image files' (Mac 5-8, Windows 5-6) - Add a parser for 'Canvas 6' (Mac and Windows) - Add a parser for 'Canvas 5' (Mac and Windows) - Add basic support for 'hatch' - Add basic support for 'drop cap' Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2021-3885=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-3885=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): libetonyek-0_1-1-0.1.10-10.9.1 libetonyek-0_1-1-debuginfo-0.1.10-10.9.1 libetonyek-debugsource-0.1.10-10.9.1 libmwaw-0_3-3-0.3.20-7.21.1 libmwaw-0_3-3-debuginfo-0.3.20-7.21.1 libmwaw-debugsource-0.3.20-7.21.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libetonyek-0_1-1-0.1.10-10.9.1 libetonyek-debugsource-0.1.10-10.9.1 libetonyek-devel-0.1.10-10.9.1 libmwaw-0_3-3-0.3.20-7.21.1 libmwaw-debugsource-0.3.20-7.21.1 libmwaw-devel-0.3.20-7.21.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): libetonyek-devel-doc-0.1.10-10.9.1 libmwaw-devel-doc-0.3.20-7.21.1 References: From sle-updates at lists.suse.com Thu Dec 2 14:20:33 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Dec 2021 15:20:33 +0100 (CET) Subject: SUSE-FU-2021:3884-1: moderate: Feature update for libmwaw and libetonyek Message-ID: <20211202142033.1205BFBB3@maintenance.suse.de> SUSE Feature Update: Feature update for libmwaw and libetonyek ______________________________________________________________________________ Announcement ID: SUSE-FU-2021:3884-1 Rating: moderate References: SLE-18214 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 ______________________________________________________________________________ An update that has 0 feature fixes and contains one feature can now be installed. Description: This update for libmwaw and libetonyek fixes the following issues: libetonyek: update to version 0.1.10 (jsc#SLE-18214) - Use mdds-1.5 by default. - Parse shadow. - Improve detection of the "new" formats. - Fix handling of text baseline shift. - Improve various formats. - Various small bugfixes and fuzzer fixes libmwaw: update to 0.3.20 (jsc#SLE-18214) - add a parser for Student Writing Center files (v1) - add a parser for Word Maker files (v1) - add a parser for Canvas 9/10 files (Mac) - add a parser for Canvas 7/8 files (Mac) - add a parser for Canvas Image files (Mac 5-8, Windows 5-6) - add a parser for Canvas 6 (Mac and Windows) - remove many coverity warnings - add a parser for Canvas 5 (Mac and Windows) - add basic support for hatch - add basic support for drop cap Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2021-3884=1 - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2021-3884=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-3884=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): libetonyek-0_1-1-0.1.10-3.3.1 libetonyek-0_1-1-debuginfo-0.1.10-3.3.1 libetonyek-debuginfo-0.1.10-3.3.1 libetonyek-debugsource-0.1.10-3.3.1 libmwaw-0_3-3-0.3.20-4.14.1 libmwaw-0_3-3-debuginfo-0.3.20-4.14.1 libmwaw-debuginfo-0.3.20-4.14.1 libmwaw-debugsource-0.3.20-4.14.1 - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): libetonyek-0_1-1-0.1.10-3.3.1 libetonyek-0_1-1-debuginfo-0.1.10-3.3.1 libetonyek-debuginfo-0.1.10-3.3.1 libetonyek-debugsource-0.1.10-3.3.1 libmwaw-0_3-3-0.3.20-4.14.1 libmwaw-0_3-3-debuginfo-0.3.20-4.14.1 libmwaw-debuginfo-0.3.20-4.14.1 libmwaw-debugsource-0.3.20-4.14.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x): libetonyek-0_1-1-0.1.10-3.3.1 libetonyek-0_1-1-debuginfo-0.1.10-3.3.1 libetonyek-debuginfo-0.1.10-3.3.1 libetonyek-debugsource-0.1.10-3.3.1 libetonyek-devel-0.1.10-3.3.1 libetonyek-tools-0.1.10-3.3.1 libetonyek-tools-debuginfo-0.1.10-3.3.1 libmwaw-0_3-3-0.3.20-4.14.1 libmwaw-0_3-3-debuginfo-0.3.20-4.14.1 libmwaw-debuginfo-0.3.20-4.14.1 libmwaw-debugsource-0.3.20-4.14.1 libmwaw-devel-0.3.20-4.14.1 libmwaw-tools-0.3.20-4.14.1 libmwaw-tools-debuginfo-0.3.20-4.14.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch): libetonyek-devel-doc-0.1.10-3.3.1 libmwaw-devel-doc-0.3.20-4.14.1 References: From sle-updates at lists.suse.com Thu Dec 2 17:17:28 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Dec 2021 18:17:28 +0100 (CET) Subject: SUSE-SU-2021:3886-1: important: Security update for nodejs14 Message-ID: <20211202171728.93222FBB3@maintenance.suse.de> SUSE Security Update: Security update for nodejs14 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3886-1 Rating: important References: #1190053 #1190054 #1190055 #1190056 #1190057 #1191601 #1191602 Cross-References: CVE-2021-22959 CVE-2021-22960 CVE-2021-37701 CVE-2021-37712 CVE-2021-37713 CVE-2021-39134 CVE-2021-39135 CVSS scores: CVE-2021-22959 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2021-22959 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-22960 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-37701 (NVD) : 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N CVE-2021-37701 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-37712 (NVD) : 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N CVE-2021-37712 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-39134 (NVD) : 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N CVE-2021-39134 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-39135 (NVD) : 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for nodejs14 fixes the following issues: nodejs14 was updated to 14.18.1: * deps: update llhttp to 2.1.4 Security fixes: - HTTP Request Smuggling due to spaced in headers (bsc#1191601, CVE-2021-22959) - HTTP Request Smuggling when parsing the body (bsc#1191602, CVE-2021-22960) Changes in 14.18.0: * buffer: + introduce Blob + add base64url encoding option * child_process: + allow options.cwd receive a URL + add timeout to spawn and fork + allow promisified exec to be cancel + add 'overlapped' stdio flag * dns: add "tries" option to Resolve options * fs: + allow empty string for temp directory prefix + allow no-params fsPromises fileHandle read + add support for async iterators to fsPromises.writeFile * http2: add support for sensitive headers * process: add 'worker' event * tls: allow reading data into a static buffer * worker: add setEnvironmentData/getEnvironmentData Changes in 14.17.6: * deps: upgrade npm to 6.14.15 which fixes a number of security issues (bsc#1190057, CVE-2021-37701, bsc#1190056, CVE-2021-37712, bsc#1190055, CVE-2021-37713, bsc#1190054, CVE-2021-39134, bsc#1190053, CVE-2021-39135) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2021-3886=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): nodejs14-14.18.1-6.18.2 nodejs14-debuginfo-14.18.1-6.18.2 nodejs14-debugsource-14.18.1-6.18.2 nodejs14-devel-14.18.1-6.18.2 npm14-14.18.1-6.18.2 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs14-docs-14.18.1-6.18.2 References: https://www.suse.com/security/cve/CVE-2021-22959.html https://www.suse.com/security/cve/CVE-2021-22960.html https://www.suse.com/security/cve/CVE-2021-37701.html https://www.suse.com/security/cve/CVE-2021-37712.html https://www.suse.com/security/cve/CVE-2021-37713.html https://www.suse.com/security/cve/CVE-2021-39134.html https://www.suse.com/security/cve/CVE-2021-39135.html https://bugzilla.suse.com/1190053 https://bugzilla.suse.com/1190054 https://bugzilla.suse.com/1190055 https://bugzilla.suse.com/1190056 https://bugzilla.suse.com/1190057 https://bugzilla.suse.com/1191601 https://bugzilla.suse.com/1191602 From sle-updates at lists.suse.com Thu Dec 2 20:16:06 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 2 Dec 2021 21:16:06 +0100 (CET) Subject: SUSE-RU-2021:1805-2: moderate: Recommended update for amazon-ssm-agent and amazon-ecs-init Message-ID: <20211202201606.E999DFBB3@maintenance.suse.de> SUSE Recommended Update: Recommended update for amazon-ssm-agent and amazon-ecs-init ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:1805-2 Rating: moderate References: #1186239 #1186262 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for amazon-ssm-agent and amazon-ecs-init fixes the following issues: - Added support for Amazon ECS Anywhere (bsc#1186239, bsc#1186262) The amazon-ssm-agent package provides a RELEASENOTES.md file with a more detailed list of all changes. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2021-1805=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15 (aarch64 ppc64le s390x x86_64): amazon-ssm-agent-3.0.1209.0-5.6.1 References: https://bugzilla.suse.com/1186239 https://bugzilla.suse.com/1186262 From sle-updates at lists.suse.com Fri Dec 3 07:40:32 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Dec 2021 08:40:32 +0100 (CET) Subject: SUSE-CU-2021:541-1: Security update of suse/sles12sp4 Message-ID: <20211203074032.F10A7FC9F@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:541-1 Container Tags : suse/sles12sp4:26.383 , suse/sles12sp4:latest Container Release : 26.383 Severity : moderate Type : security References : 1192717 CVE-2021-43618 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3878-1 Released: Thu Dec 2 09:13:51 2021 Summary: Security update for gmp Type: security Severity: moderate References: 1192717,CVE-2021-43618 This update for gmp fixes the following issues: - CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717). The following package changes have been done: - base-container-licenses-3.0-1.253 updated - container-suseconnect-2.0.0-1.147 updated - libgmp10-5.1.3-4.3.1 updated From sle-updates at lists.suse.com Fri Dec 3 07:52:08 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Dec 2021 08:52:08 +0100 (CET) Subject: SUSE-CU-2021:543-1: Security update of suse/sles12sp5 Message-ID: <20211203075208.E562EFC9F@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:543-1 Container Tags : suse/sles12sp5:6.5.265 , suse/sles12sp5:latest Container Release : 6.5.265 Severity : moderate Type : security References : 1192717 CVE-2021-43618 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3878-1 Released: Thu Dec 2 09:13:51 2021 Summary: Security update for gmp Type: security Severity: moderate References: 1192717,CVE-2021-43618 This update for gmp fixes the following issues: - CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717). The following package changes have been done: - libgmp10-5.1.3-4.3.1 updated From sle-updates at lists.suse.com Fri Dec 3 08:14:52 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Dec 2021 09:14:52 +0100 (CET) Subject: SUSE-CU-2021:545-1: Security update of suse/sle15 Message-ID: <20211203081452.8C81AFC9F@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:545-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.483 Container Release : 4.22.483 Severity : moderate Type : security References : 1027496 1183085 CVE-2016-10228 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3830-1 Released: Wed Dec 1 13:45:46 2021 Summary: Security update for glibc Type: security Severity: moderate References: 1027496,1183085,CVE-2016-10228 This update for glibc fixes the following issues: - libio: do not attempt to free wide buffers of legacy streams (bsc#1183085) - CVE-2016-10228: Rewrite iconv option parsing to fix security issue (bsc#1027496) The following package changes have been done: - glibc-2.26-13.62.1 updated From sle-updates at lists.suse.com Fri Dec 3 08:34:13 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Dec 2021 09:34:13 +0100 (CET) Subject: SUSE-CU-2021:547-1: Security update of suse/sle15 Message-ID: <20211203083413.67E4DFD0A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:547-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.538 Container Release : 6.2.538 Severity : moderate Type : security References : 1027496 1183085 CVE-2016-10228 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3830-1 Released: Wed Dec 1 13:45:46 2021 Summary: Security update for glibc Type: security Severity: moderate References: 1027496,1183085,CVE-2016-10228 This update for glibc fixes the following issues: - libio: do not attempt to free wide buffers of legacy streams (bsc#1183085) - CVE-2016-10228: Rewrite iconv option parsing to fix security issue (bsc#1027496) The following package changes have been done: - glibc-2.26-13.62.1 updated From sle-updates at lists.suse.com Fri Dec 3 14:19:27 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Dec 2021 15:19:27 +0100 (CET) Subject: SUSE-SU-2021:3901-1: moderate: Security Beta update for SUSE Manager Client Tools Message-ID: <20211203141927.0FD29FC9F@maintenance.suse.de> SUSE Security Update: Security Beta update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3901-1 Rating: moderate References: #1164192 #1167586 #1168327 #1173103 #1173692 #1180650 #1181223 #1184659 #1185131 #1186287 #1186310 #1186581 #1186674 #1186738 #1187787 #1187813 #1188042 #1188170 #1188259 #1188647 #1188977 #1189040 #1190265 #1190446 #1190512 #1191412 #1191431 ECO-3212 ECO-3319 SLE-18028 SLE-18033 Cross-References: CVE-2021-21996 CVSS scores: CVE-2021-21996 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Affected Products: SUSE Manager Debian 10-CLIENT-TOOLS-BETA ______________________________________________________________________________ An update that solves one vulnerability, contains four features and has 26 fixes is now available. Description: This update fixes the following issues: salt: - Simplify "transactional_update" module to not use SSH wrapper and allow more flexible execution - Add "--no-return-event" option to salt-call to prevent sending return event back to master. - Make "state.highstate" to acts on concurrent flag. - Fix print regression for yumnotify plugin - Use dnfnotify instead yumnotify for relevant distros - Dnfnotify pkgset plugin implementation - Add rpm_vercmp python library support for version comparison - Prevent pkg plugins errors on missing cookie path (bsc#1186738) - Fix ip6_interface grain to not leak secondary IPv4 aliases (bsc#1191412) - Make "salt-api" package to require python3-cherrypy on RHEL systems - Make "tar" as required for "salt-transactional-update" package - Fix issues with salt-ssh's extra-filerefs - Fix crash when calling manage.not_alive runners - Do not consider skipped targets as failed for ansible.playbooks state (bsc#1190446) - Do not break master_tops for minion with version lower to 3003 - Support querying for JSON data in external sql pillar - Update to Salt release version 3003.3 - See release notes: https://docs.saltstack.com/en/latest/topics/releases/3003.3.html - Exclude the full path of a download URL to prevent injection of malicious code (bsc#1190265) (CVE-2021-21996) - Fix wrong relative paths resolution with Jinja renderer when importing subdirectories - Don't pass shell="/sbin/nologin" to onlyif/unless checks (bsc#1188259) - Add missing aarch64 to rpm package architectures - Backport of upstream PR#59492 - Fix failing unit test for systemd - Fix error handling in openscap module (bsc#1188647) - Better handling of bad public keys from minions (bsc#1189040) - Define license macro as doc in spec file if not existing - Add standalone formulas configuration for salt minion and remove salt-master requirement (bsc#1168327) - Do noop for services states when running systemd in offline mode (bsc#1187787) - Transactional_updates: do not execute states in parallel but use a queue (bsc#1188170) - Handle "master tops" data when states are applied by "transactional_update" (bsc#1187787) - Enhance openscap module: add "xccdf_eval" call - Virt: pass emulator when getting domain capabilities from libvirt - Adding preliminary support for Rocky Linux - Implementation of held/unheld functions for state pkg (bsc#1187813) - Replace deprecated Thread.isAlive() with Thread.is_alive() - Fix exception in yumpkg.remove for not installed package - Fix save for iptables state module (bsc#1185131) - Virt: use /dev/kvm to detect KVM - Zypperpkg: improve logic for handling vendorchange flags - Add bundled provides for tornado to the spec file - Enhance logging when inotify beacon is missing pyinotify (bsc#1186310) - Add "python3-pyinotify" as a recommended package for Salt in SUSE/openSUSE distros - Fix tmpfiles.d configuration for salt to not use legacy paths (bsc#1173103) - Detect Python version to use inside container (bsc#1167586) (bsc#1164192) - Handle volumes on stopped pools in virt.vm_info (bsc#1186287) - Grains.extra: support old non-intel kernels (bsc#1180650) - Fix missing minion returns in batch mode (bsc#1184659) - Parsing Epoch out of version provided during pkg remove (bsc#1173692) - Check if dpkgnotify is executable (bsc#1186674) - Update to Salt release version 3002.2 (jsc#ECO-3212) (jsc#SLE-18033) - Add subpackage salt-transactional-update (jsc#SLE-18028) scap-security-guide: - Fix SLE-12 build issue caused by '\xb0' character (bsc#1191431). - Updated to 0.1.58 release (jsc#ECO-3319) - Support for Script Checking Engine (SCE) - Split RHEL 8 CIS profile using new controls file format - CIS Profiles for SLE12 - Initial Ubuntu 20.04 STIG Profiles - Addition of an automated CCE adder - Updated to 0.1.57 release (jsc#ECO-3319) - CIS profile for RHEL 7 is updated - initial CIS profiles for Ubuntu 20.04 - Major improvement of RHEL 9 content - new release process implemented using Github actions - Specify the maintainer, for deb packages. - Updated to 0.1.56 release (jsc#ECO-3319) - Align ism_o profile with latest ISM SSP (#6878) - Align RHEL 7 STIG profile with DISA STIG V3R3 - Creating new RHEL 7 STIG GUI profile (#6863) - Creating new RHEL 8 STIG GUI profile (#6862) - Add the RHEL9 product (#6801) - Initial support for SUSE SLE-15 (#6666) - add support for osbuild blueprint remediations (#6970) - Updated to a intermediate GIT snapshot of 20210323 (jsc#ECO-3319) - initial SLES15 STIG added - more SLES 12 STIG work - correct tables and cross references for SLES 12 and 15 STIG - Updated to 0.1.55 release (jsc#ECO-3319) - big update of rules used in SLES-12 STIG profile - Render policy to HTML (#6532) - Add variable support to yamlfile_value template (#6563) - Introduce new template for dconf configuration files (#6118) - Avoid some non sles12 sp2 available macros. spacecmd: - Version 4.3.4-1 * Update translation strings - Version 4.3.3-1 * Improved event history listing and added new system_eventdetails command to retrieve the details of an event * configchannel_updatefile handles directory properly (bsc#1190512) - Version 4.3.2-1 * Add schedule_archivecompleted to mass archive actions (bsc#1181223) * Make schedule_deletearchived to get all actions without display limit * Allow passing a date limit for schedule_deletearchived on spacecmd (bsc#1181223) * Remove whoami from the list of unauthenticated commands (bsc#1188977) - Version 4.3.1-1 - Use correct API endpoint in list_proxies (bsc#1188042) - Add schedule_deletearchived to bulk delete archived actions (bsc#1181223) - Make spacecmd aware of retracted patches/packages - Version 4.2.10-1 - Enhance help for installation types when creating distributions (bsc#1186581) - Version 4.2.9-1 - Parse empty argument when nothing in between the separator Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Debian 10-CLIENT-TOOLS-BETA: zypper in -t patch SUSE-Debian-10-CLIENT-TOOLS-BETA-2021-3901=1 Package List: - SUSE Manager Debian 10-CLIENT-TOOLS-BETA (all): salt-common-3003.3+ds-1+2.27.1 salt-minion-3003.3+ds-1+2.27.1 scap-security-guide-debian-0.1.58-2.6.1 spacecmd-4.3.4-2.20.1 References: https://www.suse.com/security/cve/CVE-2021-21996.html https://bugzilla.suse.com/1164192 https://bugzilla.suse.com/1167586 https://bugzilla.suse.com/1168327 https://bugzilla.suse.com/1173103 https://bugzilla.suse.com/1173692 https://bugzilla.suse.com/1180650 https://bugzilla.suse.com/1181223 https://bugzilla.suse.com/1184659 https://bugzilla.suse.com/1185131 https://bugzilla.suse.com/1186287 https://bugzilla.suse.com/1186310 https://bugzilla.suse.com/1186581 https://bugzilla.suse.com/1186674 https://bugzilla.suse.com/1186738 https://bugzilla.suse.com/1187787 https://bugzilla.suse.com/1187813 https://bugzilla.suse.com/1188042 https://bugzilla.suse.com/1188170 https://bugzilla.suse.com/1188259 https://bugzilla.suse.com/1188647 https://bugzilla.suse.com/1188977 https://bugzilla.suse.com/1189040 https://bugzilla.suse.com/1190265 https://bugzilla.suse.com/1190446 https://bugzilla.suse.com/1190512 https://bugzilla.suse.com/1191412 https://bugzilla.suse.com/1191431 From sle-updates at lists.suse.com Fri Dec 3 14:24:05 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Dec 2021 15:24:05 +0100 (CET) Subject: SUSE-SU-2021:3907-1: moderate: Security Beta update for SUSE Manager Client Tools Message-ID: <20211203142405.A7866FC9F@maintenance.suse.de> SUSE Security Update: Security Beta update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3907-1 Rating: moderate References: #1175478 #1181223 #1186242 #1186508 #1186581 #1186650 #1188042 #1188977 #1189458 #1190512 SLE-18254 Cross-References: CVE-2021-27962 CVE-2021-28146 CVE-2021-28147 CVE-2021-28148 CVE-2021-29622 CVSS scores: CVE-2021-27962 (NVD) : 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N CVE-2021-27962 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-28147 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-28148 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-29622 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: SUSE Manager Tools 12-BETA ______________________________________________________________________________ An update that solves 5 vulnerabilities, contains one feature and has 5 fixes is now available. Description: This update fixes the following issues: cobbler: - Fixed rce in the xmlrpc which additionally allowed arbirtrary file read and write as root (bsc#1189458) golang-github-prometheus-prometheus: - Provide and reload firewalld configuration only for: + openSUSE Leap 15.0, 15.1, 15.2 + SUSE SLE15, SLE15 SP1, SLE15 SP2 - Refresh patches + Changed: - Upgrade to upstream version 2.27.1 (jsc#SLE-18254) + Bugfix: * SECURITY: Fix arbitrary redirects under the /new endpoint (CVE-2021-29622, bsc#1186242) - Upgrade to upstream version 2.27.0 + Features: * Promtool: Retroactive rule evaluation functionality. #7675 * Configuration: Environment variable expansion for external labels. Behind --enable-feature=expand-external-labels flag. #8649 * TSDB: Add a flag(--storage.tsdb.max-block-chunk-segment-size) to control the max chunks file size of the blocks for small Prometheus instances. #8478 * UI: Add a dark theme. #8604 * AWS Lightsail Discovery: Add AWS Lightsail Discovery. #8693 * Docker Discovery: Add Docker Service Discovery. #8629 * OAuth: Allow OAuth 2.0 to be used anywhere an HTTP client is used. #8761 * Remote Write: Send exemplars via remote write. Experimental and disabled by default. #8296 + Enhancements: * Digital Ocean Discovery: Add __meta_digitalocean_vpc label. #8642 * Scaleway Discovery: Read Scaleway secret from a file. #8643 * Scrape: Add configurable limits for label size and count. #8777 * UI: Add 16w and 26w time range steps. #8656 * Templating: Enable parsing strings in humanize functions. #8682 + Bugfixes: * UI: Provide errors instead of blank page on TSDB Status Page. #8654 #8659 * TSDB: Do not panic when writing very large records to the WAL. #8790 * TSDB: Avoid panic when mmaped memory is referenced after the file is closed. #8723 * Scaleway Discovery: Fix nil pointer dereference. #8737 * Consul Discovery: Restart no longer required after config update with no targets. #8766 - Update package with changes from `server:monitoring` bsc#1175478 Left out removal of firewalld related configuration files as SLE-15-SP1's `firewalld` package does not contain prometheus configuration yet. grafana: - Add URL to package source code in the login page footer - Update to version 7.5.7: * Updated relref to "Configuring exemplars" section (#34240) (#34243) * Added exemplar topic (#34147) (#34226) * Quota: Do not count folders towards dashboard quota (#32519) (#34025) * Instructions to separate emails with semicolons (#32499) (#34138) * Docs: Remove documentation of v8 generic OAuth feature (#34018) * Annotations: Prevent orphaned annotation tags cleanup when no annotations were cleaned (#33957) (#33975) * [GH-33898] Add missing --no-cache to Dockerfile. (#33906) (#33935) * ReleaseNotes: Updated changelog and release notes for 7.5.6 (#33932) (#33936) * Stop hoisting @icons/material (#33922) * Chore: fix react-color version in yarn.lock (#33914) * "Release: Updated versions in package to 7.5.6" (#33909) * Loki: fix label browser crashing when + typed (#33900) (#33901) * Document `hide_version` flag (#33670) (#33881) * Add isolation level db configuration parameter (#33830) (#33878) * Sanitize PromLink button (#33874) (#33876) * Removed content as per MarcusE's suggestion in https://github.com/grafana/grafana/issues/33822. (#33870) (#33872) * Docs feedback: /administration/provisioning.md (#33804) (#33842) * Docs: delete from high availability docs references to removed configurations related to session storage (#33827) (#33851) * Docs: Update _index.md (#33797) (#33799) * Docs: Update installation.md (#33656) (#33703) * GraphNG: uPlot 1.6.9 (#33598) (#33612) * dont consider invalid email address a failed email (#33671) (#33681) * InfluxDB: Improve measurement-autocomplete behavior in query editor (#33494) (#33625) * add template for dashboard url parameters (#33549) (#33588) * Add note to Snapshot API doc to specify that user has to provide the entire dashboard model (#33572) (#33586) * Update team.md (#33454) (#33536) * Removed duplicate file "dashboard_folder_permissions.md (#33497) * Document customQueryParameters for prometheus datasource provisioning (#33440) (#33495) * ReleaseNotes: Updated changelog and release notes for 7.5.5 (#33473) (#33492) * Documentation: Update developer-guide.md (#33478) (#33490) * add closed parenthesis to fix a hyperlink (#33471) (#33481) - Update to version 7.5.5: * "Release: Updated versions in package to 7.5.5" (#33469) * GraphNG: Fix exemplars window position (#33427) (#33462) * Remove field limitation from slack notification (#33113) (#33455) * Prometheus: Support POST in template variables (#33321) (#33441) * Instrumentation: Add success rate metrics for email notifications (#33359) (#33409) * Use either moment objects (for absolute times in the datepicker) or string (for relative time) (#33315) (#33406) * Docs: Removed type from find annotations example. (#33399) (#33403) * [v7.5.x]: FrontendMetrics: Adds new backend api that frontend can use to push frontend measurements and counters to prometheus (#33255) * Updated label for add panel. (#33285) (#33286) * Bug: Add git to Dockerfile.ubuntu (#33247) (#33248) * Docs: Sync latest master docs with 7.5.x (#33156) * Docs: Update getting-started-influxdb.md (#33234) (#33241) * Doc: Document the X-Grafana-Org-Id HTTP header (#32478) (#33239) * Minor Changes in Auditing.md (#31435) (#33238) * Docs: Add license check endpoint doc (#32987) (#33236) * Postgres: Fix time group macro when TimescaleDB is enabled and interval is less than a second (#33153) (#33219) * Docs: InfluxDB doc improvements (#32815) (#33185) * [v7.5.x] Loki: Pass Skip TLS Verify setting to alert queries (#33031) * update cla (#33181) * Fix inefficient regular expression (#33155) (#33159) * Auth: Don't clear auth token cookie when lookup token fails (#32999) (#33136) * Elasticsearch: Add documentation for supported Elasticsearch query transformations (#33072) (#33128) * Update team.md (#33060) (#33084) * GE issue 1268 (#33049) (#33081) * Fixed some formatting issues for PRs from yesterday. (#33078) (#33079) * Explore: Load default data source in Explore when the provided source does not exist (#32992) (#33061) * Docs: Replace next with latest in aliases (#33054) (#33059) * Added missing link item. (#33052) (#33055) * Backport 33034 (#33038) * Docs: Backport 32916 to v7.5x (#33008) * ReleaseNotes: Updated changelog and release notes for 7.5.4 (#32973) (#32998) * Elasticsearch: Force re-rendering of each editor row type change (#32993) (#32996) * Docs: Sync release branch with latest docs (#32986) - Update to version 7.5.4: * "Release: Updated versions in package to 7.5.4" (#32971) * fix(datasource_srv): prevent infinite loop where default datasource is named default (#32949) (#32967) * Added Azure Monitor support for Microsoft.AppConfiguration/configurationStores namespace (#32123) (#32968) * fix sqlite3 tx retry condition operator precedence (#32897) (#32952) * AzureMonitor: Add support for Virtual WAN namespaces (#32935) (#32947) * Plugins: Allow a non-dashboard page to be the default home page (#32926) (#32945) * GraphNG: uPlot 1.6.8 (#32859) (#32863) * Alerting: Add ability to include aliases with dashes (/) and at (@) signs in InfluxDB (#32844) * Prometheus: Allow exemplars endpoint in data source proxy (#32802) (#32804) * [v7.5.x] Table: Fixes table data links so they refer to correct row after sorting (#32758) * TablePanel: Makes sorting case-insensitive (#32435) (#32752) - Update to version 7.5.3: * "Release: Updated versions in package to 7.5.3" (#32745) * FolderPicker: Prevent dropdown menu from disappearing off screen (#32603) (#32741) * Loki: Remove empty annotations tags (#32359) (#32490) * SingleStat: fix wrong call to getDataLinkUIModel (#32721) (#32739) * Prometheus: Fix instant query to run two times when exemplars enabled (#32508) (#32726) * Elasticsearch: Fix bucket script variable duplication in UI (#32705) (#32714) * Variables: Confirms selection before opening new picker (#32586) (#32710) * CloudWarch: Fix service quotas link (#32686) (#32689) * Configuration: Prevent browser hanging / crashing with large number of org users (#32546) (#32598) * chore: bump execa to v2.1.0 (#32543) (#32592) * Explore: Fix bug where navigating to explore would result in wrong query and datasource to be shown (#32558) * Fix broken gtime tests (#32582) (#32587) * resolve conflicts (#32567) * gtime: Make ParseInterval deterministic (#32539) (#32560) * Dashboard: No longer includes default datasource when externally exporting dashboard with row (#32494) (#32535) * TextboxVariable: Limits the length of the preview value (#32472) (#32530) * AdHocVariable: Adds default data source (#32470) (#32476) * Variables: Fixes Unsupported data format error for null values (#32480) (#32487) * Prometheus: align exemplars check to latest api change (#32513) (#32515) * "Release: Updated versions in package to 7.5.2" (#32502) * SigV4: Add support EC2 IAM role auth and possibility to toggle auth providers (#32444) (#32488) * Set spanNulls to default (#32471) (#32486) * Graph: Fix setting right y-axis when standard option unit is configured (#32426) (#32442) * API: Return 409 on datasource version conflict (#32425) (#32433) * API: Return 400 on invalid Annotation requests (#32429) (#32431) * Variables: Fixes problem with data source variable when default ds is selected (#32384) (#32424) * Table: Fixes so links work for image cells (#32370) (#32410) * Variables: Fixes error when manually non-matching entering custom value in variable input/picker (#32390) (#32394) * DashboardQueryEditor: Run query after selecting source panel (#32383) (#32395) * API: Datasource endpoint should return 400 bad request if id and orgId is invalid (#32392) (#32397) * "Release: Updated versions in package to 7.5.1" (#32362) * MSSQL: Upgrade go-mssqldb (#32347) (#32361) * GraphNG: Fix tooltip displaying wrong or no data (#32312) (#32348) * "Release: Updated versions in package to 7.5.0" (#32308) * Loki: Fix text search in Label browser (#32293) (#32306) * Explore: Show all dataFrames in data tab in Inspector (#32161) (#32299) * PieChartV2: Add migration from old piechart (#32259) (#32291) * LibraryPanels: Adds Type and Description to DB (#32258) (#32288) * LibraryPanels: Prevents deletion of connected library panels (#32277) (#32284) * Library Panels: Add "Discard" button to panel save modal (#31647) (#32281) * LibraryPanels: Changes to non readonly reducer (#32193) (#32200) * Notifications: InfluxDB - Fix regex to include metrics with hyphen in aliases (#32224) (#32262) * SSE/InfluxDB: Change InfluxQL to work with server side expressions (#31691) (#32102) * DashboardSettings: Fixes issue with tags list not updating when changes are made (#32241) (#32247) * Logs: If log message missing, use empty string (#32080) (#32243) * CloudWatch: Use latest version of aws sdk (#32217) (#32223) * Release: Updated versions in package to 7.5.0-beta.2 (#32158) * HttpServer: Make read timeout configurable but disabled by default (#31575) (#32154) * GraphNG: Ignore string fields when building data for uPlot in GraphNG (#32150) (#32151) * Fix loading timezone info on windows (#32029) (#32149) * SQLStore: Close session in withDbSession (#31775) (#32108) * Remove datalink template suggestions for accessing specific fields when there are multiple dataframes. (#32057) (#32148) * GraphNG: make sure dataset and config are in sync when initializing and re-initializing uPlot (#32106) (#32125) * MixedDataSource: Name is updated when data source variable changes (#32090) (#32144) * Backport 32005 to v7.5.x #32128 (#32130) * Loki: Label browser UI updates (#31737) (#32119) * ValueMappings: Fixes value 0 not being mapped (#31924) (#31929) * GraphNG: Fix tooltip series color for multi data frame scenario (#32098) (#32103) * LibraryPanels: Improves the Get All experience (#32028) (#32093) * Grafana/ui: display all selected levels for selected value when searching (#32030) (#32032) * Exemplars: always query exemplars (#31673) (#32024) * [v7.5.x] TimePicker: Fixes hidden time picker shown in kiosk TV mode (#32055) * Chore: Collect elasticsearch version usage stats (#31787) (#32063) * Chore: Tidy up Go deps (#32053) * GraphNG: Fix PlotLegend field display name being outdated (#32064) (#32066) * Data proxy: Fix encoded characters in URL path should be proxied encoded (#30597) (#32060) * [v7.5.x] Auth: Allow soft token revocation (#32037) * Snapshots: Fix usage of sign in link from the snapshot page (#31986) (#32036) * Make master green (#32011) (#32015) * Query editor: avoid avoiding word wrap on query editor components (#31949) (#31982) * Variables: Fixes filtering in picker with null items (#31979) (#31995) * TooltipContainer - use resize observer instead of getClientBoundingRect (#31937) (#32003) * Loki: Fix autocomplete when re-editing Loki label values (#31828) (#31987) * Loki: Fix type errors in language_provider (#31902) (#31945) * PanelInspect: Interpolates variables in CSV file name (#31936) (#31977) * Cloudwatch: use shared library for aws auth (#29550) (#31946) * Tooltip: partial perf improvement (#31774) (#31837) (#31957) * Backport 31913 to v7.5.x (#31955) * Grafana/ui: fix searchable options for Cascader with options update (#31906) (#31938) * Variables: Do not reset description on variable type change (#31933) (#31939) * [v7.5.x] AnnotationList: Adds spacing to UI (#31888) (#31894) * Elasticseach: Support histogram fields (#29079) (#31914) * Chore: upgrade eslint and fork-ts-checker-webpack-plugin (#31854) (#31896) * Update scripts and Dockerfiles to use Go 1.16.1 (#31881) (#31891) * Templating: use dashboard timerange when variables are set to refresh 'On Dashboard Load' (#31721) (#31801) * [v7.5.x] Tempo: Add test for backend data source (#31835) (#31882) * Run go mod tidy to update go.mod and go.sum (#31859) * Grafana/ui: display all selected levels for Cascader (#31729) (#31862) * CloudWatch: Consume the grafana/aws-sdk (#31807) (#31861) * Cloudwatch: ListMetrics API page limit (#31788) (#31851) * Remove invalid attribute (#31848) (#31850) * CloudWatch: Restrict auth provider and assume role usage according to??? (#31845) * CloudWatch: Add support for EC2 IAM role (#31804) (#31841) * Loki, Prometheus: Change the placement for query type explanation (#31784) (#31819) * Variables: Improves inspection performance and unknown filtering (#31811) (#31813) * Change piechart plugin state to beta (#31797) (#31798) * ReduceTransform: Include series with numeric string names (#31763) (#31794) * Annotations: Make the annotation clean up batch size configurable (#31487) (#31769) * Fix escaping in ANSI and dynamic button removal (#31731) (#31767) * DataLinks: Bring back single click links for Stat, Gauge and BarGauge panel (#31692) (#31718) * log skipped, performed and duration for migrations (#31722) (#31754) * Search: Make items more compact (#31734) (#31750) * loki_datasource: add documentation to label_format and line_format (#31710) (#31746) * Tempo: Convert tempo to backend data source2 (#31733) * Elasticsearch: Fix script fields in query editor (#31681) (#31727) * Elasticsearch: revert to isoWeek when resolving weekly indices (#31709) (#31717) * Admin: Keeps expired api keys visible in table after delete (#31636) (#31675) * Tempo: set authentication header properly (#31699) (#31701) * Tempo: convert to backend data source (#31618) (#31695) * Update package.json (#31672) * Release: Bump version to 7.5.0-beta.1 (#31664) * Fix whatsNewUrl version to 7.5 (#31666) * Chore: add alias for what's new 7.5 (#31669) * Docs: Update doc for PostgreSQL authentication (#31434) * Docs: document report template variables (#31637) * AzureMonitor: Add deprecation message for App Insights/Insights Analytics (#30633) * Color: Fixes issue where colors where reset to gray when switch panels (#31611) * Live: Use pure WebSocket transport (#31630) * Docs: Fix broken image link (#31661) * Docs: Add Whats new in 7.5 (#31659) * Docs: Fix links for 7.5 (#31658) * Update enterprise-configuration.md (#31656) * Explore/Logs: Escaping of incorrectly escaped log lines (#31352) * Tracing: Small improvements to trace types (#31646) * Update _index.md (#31645) * AlertingNG: code refactoring (#30787) * Remove pkill gpg-agent (#31169) * Remove format for plugin routes (#31633) * Library Panels: Change unsaved change detection logic (#31477) * CloudWatch: Added AWS Timestream Metrics and Dimensions (#31624) * add new metrics and dimensions (#31595) * fix devenv dashboard content typo (#31583) * DashList: Sort starred and searched dashboard alphabetically (#31605) * Docs: Update whats-new-in-v7-4.md (#31612) * SSE: Add "Classic Condition" on backend (#31511) * InfluxDB: Improve maxDataPoints error-message in Flux-mode, raise limits (#31259) * Alerting: PagerDuty: adding current state to the payload (#29270) * devenv: Fix typo (#31589) * Loki: Label browser (#30351) * LibraryPanels: No save modal when user is on same dashboard (#31606) * Bug: adding resolution for `react-use-measure` to prevent plugin tests from failing. (#31603) * Update node-graph.md (#31571) * test: pass Cypress options objects into selector wrappers (#31567) * Loki: Add support for alerting (#31424) * Tracing: Specify type of the data frame that is expected for TraceView (#31465) * LibraryPanels: Adds version column (#31590) * PieChart: Add color changing options to pie chart (#31588) * Explore: keep enabled/disabled state in angular based QueryEditors correctly (#31558) * Bring back correct legend sizing afer PlotLegend refactor (#31582) * Alerting: Fix bug in Discord for when name for metric value is absent (#31257) * LibraryPanels: Deletes library panels during folder deletion (#31572) * chore: bump lodash to 4.17.21 (#31549) * Elasticsearch: Fix impossibility to perform non-logs queries after importing queries from loki or prometheus in explore (#31518) * TestData: Fixes never ending annotations scenario (#31573) * CloudWatch: Added AWS Network Firewall metrics and dimensions (#31498) * propagate plugin unavailable message to UI (#31560) * ConfirmButton: updates story from knobs to controls (#31476) * Loki: Refactor line limit to use grafana/ui component (#31509) * LibraryPanels: Adds folder checks and permissions (#31473) * Add guide on custom option editors (#31254) * PieChart: Update text color and minor changes (#31546) * Grafana-data: bump markedjs to v2.x to resolve vulnerability (#31036) * Chore(deps): Bump google.golang.org/api from 0.39.0 to 0.40.0 (#31210) * PieChart: Improve piechart legend and options (#31446) * Chore(deps): Bump google.golang.org/grpc from 1.35.0 to 1.36.0 (#31541) * Chore(deps): Bump github.com/aws/aws-sdk-go from 1.37.7 to 1.37.20 (#31538) * Chore(deps): Bump github.com/prometheus/common from 0.17.0 to 0.18.0 (#31539) * Add multiselect options ui (#31501) * Profile: Fixes profile preferences being accessible when anonymous access was enabled (#31516) * Variables: Fixes error with: cannot read property length of undefined (#31458) * Explore: Show ANSI colored logs in logs context (#31510) * LogsPanel: Show all received logs (#31505) * AddPanel: Design polish (#31484) * TimeSeriesPanel: Remove unnecessary margin from legend (#31467) * influxdb: flux: handle is-hidden (#31324) * Graph: Fix tooltip not showing when close to the edge of viewport (#31493) * FolderPicker: Remove useNewForms from FolderPicker (#31485) * Add reportVariables feature toggle (#31469) * Grafana datasource: support multiple targets (#31495) * Update license-restrictions.md (#31488) * Docs: Derived fields links in logs detail view (#31482) * Docs: Add new data source links to Enterprise page (#31480) * Convert annotations to dataframes (#31400) * ReleaseNotes: Updated changelog and release notes for v7.4.2 (#31475) * GrafanaUI: Fixes typescript error for missing css prop (#31479) * Login: handle custom token creation error messages (#31283) * Library Panels: Don't list current panel in available panels list (#31472) * DashboardSettings: Migrate Link Settings to React (#31150) * Frontend changes for library panels feature (#30653) * Alerting notifier SensuGo: improvements in default message (#31428) * AppPlugins: Options to disable showing config page in nav (#31354) * add aws config (#31464) * Heatmap: Fix missing/wrong value in heatmap legend (#31430) * Chore: Fixes small typos (#31461) * Graphite/SSE: update graphite to work with server side expressions (#31455) * update the lastest version to 7.4.3 (#31457) * ReleaseNotes: Updated changelog and release notes for 7.4.3 (#31454) * AWS: Add aws plugin configuration (#31312) * Revert ""Release: Updated versions in package to 7.4.3" (#31444)" (#31452) * Remove UserSyncInfo.tsx (#31450) * Elasticsearch: Add word highlighting to search results (#30293) * Chore: Fix eslint react hook warnings in grafana-ui (#31092) * CloudWatch: Make it possible to specify custom api endpoint (#31402) * Chore: fixed incorrect naming for disable settings (#31448) * TraceViewer: Fix show log marker in spanbar (#30742) * LibraryPanels: Adds permissions to getAllHandler (#31416) * NamedColorsPalette: updates story from knobs to controls (#31443) * "Release: Updated versions in package to 7.4.3" (#31444) * ColorPicker: updates story from knobs to controls (#31429) * Streaming: Fixes an issue with time series panel and streaming data source when scrolling back from being out of view (#31431) * ClipboardButton: updates story from knobs to controls (#31422) * we should never log unhashed tokens (#31432) * CI: Upgrade Dockerfiles wrt. Go, Node, Debian (#31407) * Elasticsearch: Fix query initialization logic & query transformation from Promethous/Loki (#31322) * Postgres: allow providing TLS/SSL certificates as text in addition to file paths (#30353) * CloudWatch: Added AWS Ground Station metrics and dimensions (#31362) * TraceViewer: Fix trace to logs icon to show in right pane (#31414) * add hg team as migrations code owners (#31420) * Remove tidy-check script (#31423) * InfluxDB: handle columns named "table" (#30985) * Prometheus: Use configured HTTP method for /series and /labels endpoints (#31401) * Devenv: Add gdev-influxdb2 data source (#31250) * Update grabpl from 0.5.38 to 0.5.42 version (#31419) * Move NOOP_CONTROL to storybook utils and change to a standalone file (#31421) * remove squadcast details from docs (#31413) * Add new Cloudwatch AWS/DDoSProtection metrics and dimensions (#31297) * Logging: add frontend logging helpers to @grafana/runtime package (#30482) * CallToActionCard: updates story from knobs to controls (#31393) * Add eu-south-1 cloudwatch region, closes #31197 (#31198) * Chore: Upgrade eslint packages (#31408) * Cascader: updates story from knobs to controls (#31399) * addressed issues 28763 and 30314. (#31404) * Added section Query a time series database by id (#31337) * Prometheus: Change default httpMethod for new instances to POST (#31292) * Data source list: Use Card component (#31326) * Chore: Remove gotest.tools dependency (#31391) * Revert "StoryBook: Introduces Grafana Controls (#31351)" (#31388) * Chore(deps): Bump github.com/prometheus/common from 0.15.0 to 0.17.0 (#31387) * AdHocVariables: Fixes crash when values are stored as numbers (#31382) * Chore(deps): Bump github.com/golang/mock from 1.4.4 to 1.5.0 (#31379) * Chore: Fix strict errors, down to 416 (#31365) * Chore(deps): Bump github.com/getsentry/sentry-go from 0.9.0 to 0.10.0 (#31378) * StoryBook: Introduces Grafana Controls (#31351) * ReleaseNotes: Updated changelog and release notes for 7.4.2 (#31313) * Theming: Support for runtime theme switching and hooks for custom themes (#31301) * Devenv: Remove old-versioned loki blocks and update prometheus2 block (#31282) * Zipkin: Show success on test data source (#30829) * Update grot template (needs more info) (#31350) * DatasourceSrv: Fix instance retrieval when datasource variable value set to "default" (#31347) * TimeSeriesPanel: Fixes overlapping time axis ticks (#31332) * Grafana/UI: Add basic legend to the PieChart (#31278) * SAML: single logout only enabled in enterprise (#31325) * QueryEditor: handle query.hide changes in angular based query-editors (#31336) * DashboardLinks: Fixes another issue where dashboard links cause full page reload (#31334) * LibraryPanels: Syncs panel title with name (#31311) * Chore: Upgrade golangci-lint (#31330) * Add info to docs about concurrent session limits (#31333) * Table: Fixes issue with fixed min and auto max with bar gauge cell (#31316) * BarGuage: updates story from knobs to controls (#31223) * Docs: Clarifies how to add Key/Value pairs (#31303) * Usagestats: Exclude folders from total dashboard count (#31320) * ButtonCascader: updates story from knobs to controls (#31288) * test: allow check for Table as well as Graph for Explore e2e flow (#31290) * Grafana-UI: Update tooltip type (#31310) * fix 7.4.2 release note (#31299) * Add `--tries 3` arg when triggering e2e-tests upon releasing (#31285) * Chore: reduce strict errors for variables (#31241) * update latest release version (#31296) * ReleaseNotes: Updated changelog and release notes for 7.4.2 (#31291) * Correct name of Discord notifier tests (#31277) * Docs: Clarifies custom date formats for variables (#31271) * BigValue: updates story from knobs to controls (#31240) * Docs: Annotations update (#31194) * Introduce functions for interacting with library panels API (#30993) * Search: display sort metadata (#31167) * Folders: Editors should be able to edit name and delete folders (#31242) * Make Datetime local (No date if today) working (#31274) * UsageStats: Purpose named variables (#31264) * Snapshots: Disallow anonymous user to create snapshots (#31263) * only update usagestats every 30min (#31131) * Chore: grafana-toolkit uses grafana-ui and grafana-data workspaces (#30701) * Grafana-UI: Add id to Select to make it easier to test (#31230) * Prometheus: Fix enabling of disabled queries when editing in dashboard (#31055) * UI/Card: Fix handling of 'onClick' callback (#31225) * Loki: Add line limit for annotations (#31183) * Remove deprecated and breaking loki config field (#31227) * SqlDataSources: Fixes the Show Generated SQL button in query editors (#31236) * LibraryPanels: Disconnect before connect during dashboard save (#31235) * Disable Change Password for OAuth users (#27886) * TagsInput: Design update and component refactor (#31163) * Variables: Adds back default option for data source variable (#31208) * IPv6: Support host address configured with enclosing square brackets (#31226) * Postgres: Fix timeGroup macro converts long intervals to invalid numbers when TimescaleDB is enabled (#31179) * GraphNG: refactor core to class component (#30941) * Remove last synchronisation field from LDAP debug view (#30984) * Chore: Upgrade grafana-plugin-sdk-go to v0.88.0 (#30975) * Graph: Make axes unit option work even when field option unit is set (#31205) * AlertingNG: Test definition (#30886) * Docs: Update Influx config options (#31146) * WIP: Skip this call when we skip migrations (#31216) * use 0.1.0 (#31215) * DataSourceSrv: Filter out non queryable data sources by default (#31144) * QueryEditors: Fixes issue that happens after moving queries then editing would update other queries (#31193) * Chore: report eslint no-explicit-any errors to metrics (#31182) * Chore(deps): Bump cloud.google.com/go/storage from 1.12.0 to 1.13.0 (#31211) * Chore(deps): Bump xorm.io/xorm from 0.8.1 to 0.8.2 (#30773) * Alerting: Fix modal text for deleting obsolete notifier (#31171) * Chore(deps): Bump github.com/linkedin/goavro/v2 from 2.9.7 to 2.10.0 (#31204) * Variables: Fixes missing empty elements from regex filters (#31156) * StatPanels: Fixes to palette color scheme is not cleared when loading panel (#31126) * Fixed the typo. (#31189) * Docs: Rewrite preferences docs (#31154) * Explore/Refactor: Simplify URL handling (#29173) * DashboardLinks: Fixes links always cause full page reload (#31178) * Replace PR with Commit truncated hash when build fails (#31177) * Alert: update story to use controls (#31145) * Permissions: Fix team and role permissions on folders/dashboards not displayed for non Grafana Admin users (#31132) * CloudWatch: Ensure empty query row errors are not passed to the panel (#31172) * Update prometheus.md (#31173) * Variables: Extend option pickers to accept custom onChange callback (#30913) * Prometheus: Multiply exemplars timestamp to follow api change (#31143) * DashboardListPanel: Fixes issue with folder picker always showing All and using old form styles (#31160) * Add author name and pr number in drone pipeline notifications (#31124) * Prometheus: Add documentation for ad-hoc filters (#31122) * DataSourceSettings: Fixes add header button, it should not trigger a save & test action (#31135) * Alerting: Fix so that sending an alert with the Alertmanager notifier doesn't fail when one of multiple configured URL's are down (#31079) * Chore: Update latest.json (#31139) * Docs: add 7.4.1 relese notes link (#31137) * PieChart: Progress on new core pie chart (#28020) * ReleaseNotes: Updated changelog and release notes for 7.4.1 (#31133) * Eslint: no-duplicate-imports rule (bump grafana-eslint-config) (#30989) * Transforms: Fixes Outer join issue with duplicate field names not getting the same unique field names as before (#31121) * MuxWriter: Handle error for already closed file (#31119) * Logging: sourcemap transform asset urls from CDN in logged stacktraces (#31115) * Search: add sort information in dashboard results (#30609) * area/grafana/e2e: ginstall should pull version specified (#31056) * Exemplars: Change CTA style (#30880) * Influx: Make max series limit configurable and show the limiting message if applied (#31025) * Docs: request security (#30937) * update configurePanel for 7.4.0 changes (#31093) * Elasticsearch: fix log row context erroring out (#31088) * Prometheus: Fix issues with ad-hoc filters (#30931) * LogsPanel: Add deduplication option for logs (#31019) * Drone: Make sure CDN upload is ok before pushing docker images (#31075) * PluginManager: Remove some global state (#31081) * test: update addDashboard flow for v7.4.0 changes (#31059) * Transformations: Fixed typo in FilterByValue transformer description. (#31078) * Docs: Group id should be 0 instead of 1 in Docker upgrade notes (#31074) * Usage stats: Adds source/distributor setting (#31039) * CDN: Add CDN upload step to enterprise and release pipelines (#31058) * Chore: Replace native select with grafana ui select (#31030) * Docs: Update json-model.md (#31066) * Docs: Update whats-new-in-v7-4.md (#31069) * Added hyperlinks to Graphite documentation (#31064) * DashboardSettings: Update to new form styles (#31022) * CDN: Fixing drone CI config (#31052) * convert path to posix by default (#31045) * DashboardLinks: Fixes crash when link has no title (#31008) * Alerting: Fixes so notification channels are properly deleted (#31040) * Explore: Remove emotion error when displaying logs (#31026) * Elasticsearch: Fix alias field value not being shown in query editor (#30992) * CDN: Adds uppload to CDN step to drone CI (#30879) * Improved glossary (#31004) * BarGauge: Improvements to value sizing and table inner width calculations (#30990) * Drone: Fix deployment image (#31027) * ColorPicker: migrated styles from sass to emotion (#30909) * Dashboard: Migrate general settings to react (#30914) * Chore(deps): Bump github.com/jung-kurt/gofpdf from 1.10.1 to 1.16.2 (#30586) * Chore(deps): Bump github.com/aws/aws-sdk-go from 1.36.31 to 1.37.7 (#31018) * Prometheus: Min step defaults to seconds when no unit is set to prevent errors when running alerts. (#30966) * Chore(deps): Bump github.com/magefile/mage from 1.10.0 to 1.11.0 (#31017) * Chore(deps): Bump github.com/grpc-ecosystem/go-grpc-middleware (#31013) * Graph: Fixes so graph is shown for non numeric time values (#30972) * CloudMonitoring: Prevent resource type variable function from crashing (#30901) * Chore(deps): Bump google.golang.org/api from 0.33.0 to 0.39.0 (#30971) * Build: Releases e2e and e2e-selectors too (#31006) * TextPanel: Fixes so panel title is updated when variables change (#30884) * Docs: Update configuration.md (login_maximum_inactive_lifetime_duration, login_maximum_lifetime_duration) (#31000) * instrumentation: make the first database histogram bucket smaller (#30995) * Grafana/UI: Remove DismissableFeatureInfoBox and replace with LocalSt??? (#30988) * StatPanel: Fixes issue formatting date values using unit option (#30979) * Chore(deps): Bump actions/cache from v2 to v2.1.4 (#30973) * Units: Fixes formatting of duration units (#30982) * Elasticsearch: Show Size setting for raw_data metric (#30980) * Alerts: Dedupe alerts so that we do not fill the screen with the same alert messsage (#30935) * make sure service and slo display name is passed to segment comp (#30900) * assign changes in cloud datasources to the new cloud datasources team (#30645) * Table: Updates devenv test dashboard after change to TestData Randrom Table response (#30927) * Theme: Use higher order theme color variables rather then is light/dark logic (#30939) * Docs: Add alias for what's new in 7.4 (#30945) * e2e: extends selector factory to plugins (#30932) * Chore: Upgrade docker build image (#30820) * Docs: updated developer guide (#29978) * Alerts: Update Alert storybook to show more states (#30908) * Variables: Adds queryparam formatting option (#30858) * Chore: pad unknown values with undefined (#30808) * Transformers: add search to transform selection (#30854) * Exemplars: change api to reflect latest changes (#30910) * docs: use selinux relabelling on docker containers (#27685) * Docs: Fix bad image path for alert notification template (#30911) * Make value mappings correctly interpret numeric-like strings (#30893) * Chore: Update latest.json (#30905) * Docs: Update whats-new-in-v7-4.md (#30882) * Dashboard: Ignore changes to dashboard when the user session expires (#30897) * ReleaseNotes: Updated changelog and release notes for 7.4.0 (#30902) * test: add support for timeout to be passed in for addDatasource (#30736) * increase page size and make sure the cache supports query params (#30892) * DataSourceSettings: Adds info box and link to Grafana Cloud (#30891) * OAuth: custom username docs (#28400) * Panels: Remove value mapping of values that have been formatted #26763 (#30868) * Alerting: Fixes alert panel header icon not showing (#30840) * AlertingNG: Edit Alert Definition (#30676) * Logging: sourcemap support for frontend stacktraces (#30590) * Added "Restart Grafana" topic. (#30844) * Docs: Org, Team, and User Admin (#30756) * bump grabpl version to 0.5.36 (#30874) * Plugins: Requests validator (#30445) * Docs: Update whats-new-in-v7-4.md (#30876) * Docs: Add server view folder (#30849) * Fixed image name and path (#30871) * Grafana-ui: fixes closing modals with escape key (#30745) * InfluxDB: Add http configuration when selecting InfluxDB v2 flavor (#30827) * TestData: Fixes issue with for ever loading state when all queries are hidden (#30861) * Chart/Tooltip: refactored style declaration (#30824) * ReleaseNotes: Updated changelog and release notes for 7.4.0-beta1 (#30853) * Grafana-ui: fixes no data message in Table component (#30821) * grafana/ui: Update pagination component for large number of pages (#30151) * Alerting: Customise OK notification priorities for Pushover notifier (#30169) * DashboardLinks: Support variable expression in to tooltip - Issue #30409 (#30569) * Chore: Remove panelTime.html, closes #30097 (#30842) * Docs: Time series panel, bar alignment docs (#30780) * Chore: add more docs annotations (#30847) * Transforms: allow boolean in field calculations (#30802) * Prometheus: Add tooltip to explain possibility to use patterns in text and title fields in annotations (#30825) * Update prometheus.md with image link fix (#30833) * BarChart: inside-align strokes, upgrade uPlot to 1.6.4. (#30806) * Update license-expiration.md (#30839) * Explore rewrite (#30804) * Prometheus: Set type of labels to string (#30831) * GrafanaUI: Add a way to persistently close InfoBox (#30716) * Fix typo in transformer registry (#30712) * Elasticsearch: Display errors with text responses (#30122) * CDN: Fixes cdn path when Grafana is under sub path (#30822) * TraceViewer: Fix lazy loading (#30700) * FormField: migrated sass styling to emotion (#30392) * AlertingNG: change API permissions (#30781) * Variables: Clears drop down state when leaving dashboard (#30810) * Grafana-UI: Add story/docs for ErrorBoundary (#30304) * Add missing callback dependency (#30797) * PanelLibrary: Adds library panel meta information to dashboard json (#30770) * Chore(deps): Bump gonum.org/v1/gonum from 0.6.0 to 0.8.2 (#30343) * Chore(deps): Bump gopkg.in/yaml.v2 from 2.3.0 to 2.4.0 (#30771) * GraphNG: improve behavior when switching between solid/dash/dots (#30796) * Chore(deps): Bump github.com/hashicorp/go-hclog from 0.14.1 to 0.15.0 (#30778) * Add width for Variable Editors (#30791) * Chore: Remove warning when calling resource (#30752) * Auth: Use SigV4 lib from grafana-aws-sdk (#30713) * Panels: Fixes so panels are refreshed when scrolling past them fast (#30784) * GraphNG: add bar alignment option (#30499) * Expressions: Measure total transformation requests and elapsed time (#30514) * Menu: Mark menu components as internal (#30740) * TableInputCSV: migrated styles from sass to emotion (#30554) * CDN: Fix passing correct prefix to GetContentDeliveryURL (#30777) * Chore(deps): Bump gopkg.in/ini.v1 from 1.57.0 to 1.62.0 (#30772) * CDN: Adds support for serving assets over a CDN (#30691) * PanelEdit: Trigger refresh when changing data source (#30744) * Chore: remove __debug_bin (#30725) * BarChart: add alpha bar chart panel (#30323) * Docs: Time series panel (#30690) * Backend Plugins: Convert test data source to use SDK contracts (#29916) * Docs: Update whats-new-in-v7-4.md (#30747) * Add link to Elasticsearch docs. (#30748) * Mobile: Fixes issue scrolling on mobile in chrome (#30746) * TagsInput: Make placeholder configurable (#30718) * Docs: Add config settings for fonts in reporting (#30421) * Add menu.yaml to .gitignore (#30743) * bump cypress to 6.3.0 (#30644) * Datasource: Use json-iterator configuration compatible with standard library (#30732) * AlertingNG: Update UX to use new PageToolbar component (#30680) * Docs: Add usage insights export feature (#30376) * skip symlinks to directories when generating plugin manifest (#30721) * PluginCiE2E: Upgrade base images (#30696) * Variables: Fixes so text format will show All instead of custom all (#30730) * PanelLibrary: better handling of deleted panels (#30709) * Added section "Curated dashboards for Google Cloud Monitoring" for 7.4 What's New (#30724) * Added "curated dashboards" information and broke down, rearranged topics. (#30659) * Transform: improve the "outer join" performance/behavior (#30407) * Add alt text to plugin logos (#30710) * Deleted menu.yaml file (#30717) * Dashboard: Top Share URL icon should share panel URL when on viewPanel page (#30000) * Added entry for web server. (#30715) * DashboardPicker: switch to promise-based debounce, return dashboard UID (#30706) * Use connected GraphNG in Explore (#30707) * Fix documentation for streaming data sources (#30704) * PanelLibrary: changes casing of responses and adds meta property (#30668) * Influx: Show all datapoints for dynamically windowed flux query (#30688) * Trace: trace to logs design update (#30637) * DeployImage: Switch base images to Debian (#30684) * Chore: remove CSP debug logging line (#30689) * Docs: 7.4 documentation for expressions (#30524) * PanelEdit: Get rid of last remaining usage of navbar-button (#30682) * Grafana-UI: Fix setting default value for MultiSelect (#30671) * CustomScrollbar: migrated styles from sass to emotion (#30506) * DashboardSettings & PanelEdit: Use new PageToolbar (#30675) * Explore: Fix jumpy live tailing (#30650) * ci(npm-publish): add missing github package token to env vars (#30665) * PageToolbar: Extracting navbar styles & layout into a modern emotion based component (#30588) * AlertingNG: pause/unpause definitions via the API (#30627) * Docs: Refer to product docs in whats new for alerting templating feature (#30652) * ReleaseNotes: Updated changelog and release notes for 7.4.0-beta1 (#30666) * Variables: Fixes display value when using capture groups in regex (#30636) * Docs: Update _index.md (#30655) * Docs: Auditing updates (#30433) * Docs: add hidden_users configuration field (#30435) * Docs: Define TLS/SSL terminology (#30533) * Docs: Fix expressions enabled description (#30589) * Docs: Update ES screenshots (#30598) * Licensing Docs: Adding license restrictions docs (#30216) * Update documentation-style-guide.md (#30611) * Docs: Update queries.md (#30616) * chore(grafana-ui): bump storybook to 6.1.15 (#30642) * DashboardSettings: fixes vertical scrolling (#30640) * Usage Stats: Remove unused method for getting user stats (#30074) * Grafana/UI: Unit picker should not set a category as unit (#30638) * Graph: Fixes auto decimals issue in legend and tooltip (#30628) * AlertingNG: List saved Alert definitions in Alert Rule list (#30603) * chore: bump redux toolkit to 1.5.0 for immer 8.0.1 vulnerability fix (#30605) * Grafana/UI: Add disable prop to Segment (#30539) * Variables: Fixes so queries work for numbers values too (#30602) * Admin: Fixes so form values are filled in from backend (#30544) * Docs: Add new override info and add whats new 7.4 links (#30615) * TestData: Improve what's new in v7.4 (#30612) * Docs: Update 7.4 What's New to use more correct description of alerting notification template feature (#30502) * NodeGraph: Add docs (#30504) * Loki: Improve live tailing errors and fix Explore's logs container type errors (#30517) * TimeRangePicker: Updates components to use new ToolbarButton & ButtonGroup (#30570) * Update styling.md guide (#30594) * TestData: Adding what's new in v7.4 to the devenv dashboards (#30568) * Chore(deps): Bump github.com/aws/aws-sdk-go from 1.35.5 to 1.36.31 (#30583) * Chore(deps): Bump github.com/prometheus/client_golang (#30585) * Chore(deps): Bump gopkg.in/macaron.v1 from 1.3.9 to 1.4.0 (#30587) * Chore(deps): Bump github.com/google/uuid from 1.1.5 to 1.2.0 (#30584) * Explore: Fix logs hover state so that it is visible and in dark mode & simply hover code (#30572) * RefreshPicker: Fixes so valid intervals in url are visible in RefreshPicker (#30474) * Add documentation for Exemplars (#30317) * OldGraph: Fix height issue in Firefox (#30565) * XY Chart: fix editor error with empty frame (no fields) (#30573) * ButtonSelect & RefreshPicker: Rewrite of components to use new emotion based ToolbarButton & Menu (#30510) * XY Chart: share legend config with timeseries (#30559) * configuration.md: Document Content Security Policy options (#30413) * DataFrame: cache frame/field index in field state (#30529) * List + before -; rm old Git ref; reformat. (#30543) * Expressions: Add option to disable feature (#30541) * Explore: Fix loading visualisation on the top of the new time series panel (#30553) * Prometheus: Fix show query instead of Value if no __name__ and metric (#30511) * Decimals: Big Improvements to auto decimals and fixes to auto decimals bug found in 7.4-beta1 (#30519) * Postgres: Convert tests to stdlib (#30536) * Storybook: Migrate card story to use controls (#30535) * AlertingNG: Enable UI to Save Alert Definitions (#30394) * Postgres: Be consistent about TLS/SSL terminology (#30532) * Loki: Append refId to logs uid (#30418) * Postgres: Fix indentation (#30531) * GraphNG: uPlot 1.6.3 (fix bands not filling below 0). close #30523. (#30527) * updates for e2e docker image (#30465) * GraphNG: uPlot 1.6.2 (#30521) * Docs: Update whats-new-in-v7-4.md (#30520) * Prettier: ignore build and devenv dirs (#30501) * Chore: Upgrade grabpl version (#30486) * Explore: Update styling of buttons (#30493) * Cloud Monitoring: Fix legend naming with display name override (#30440) * GraphNG: Disable Plot logging by default (#30390) * Admin: Fixes so whole org drop down is visible when adding users to org (#30481) * Docs: include Makefile option for local assets (#30455) * Footer: Fixes layout issue in footer (#30443) * TimeSeriesPanel: Fixed default value for gradientMode (#30484) * Docs: fix typo in what's new doc (#30489) * Chore: adds wait to e2e test (#30488) * chore: update packages dependent on dot-prop to fix security vulnerability (#30432) * Dashboard: Remove Icon and change copy -> Copy to clipboard in the share embedded panel modal (#30480) * Chore: fix spelling mistake (#30473) * Chore: Restrict internal imports from other packages (#30453) * Docs: What's new fixes and improvements (#30469) * Timeseries: only migrage point size when configured (#30461) * Alerting: Hides threshold handle for percentual thresholds (#30431) * Graph: Fixes so only users with correct permissions can add annotations (#30419) * Chore: update latest version to 7.4.0-beta1 (#30452) * Docs: Add whats new 7.4 links (#30463) * Update whats-new-in-v7-4.md (#30460) * docs: 7.4 what's new (Add expressions note) (#30446) * Chore: Upgrade build pipeline tool (#30456) * PanelModel: Make sure the angular options are passed to react panel type changed handler (#30441) * Expressions: Fix button icon (#30444) * ReleaseNotes: Updated changelog and release notes for 7.4.0-beta1 (#30449) * Docs: Fix img link for alert notification template (#30436) * grafana/ui: Fix internal import from grafana/data (#30439) * prevent field config from being overwritten (#30437) * PanelOptions: Refactoring applying panel and field options out of PanelModel and add property clean up for properties not in field config registry (#30389) * Dashboard: Remove template variables option from ShareModal (#30395) * Added doc content for variables inspector code change by Hugo (#30408) * Docs: update license expiration behavior for reporting (#30420) * Chore: use old version format in package.json (#30430) * Chore: upgrade NPM security vulnerabilities (#30397) * "Release: Updated versions in package to 7.5.0-pre.0" (#30428) * contribute: Add backend and configuration guidelines for PRs (#30426) * Chore: Update what's new URL (#30424) - Update to version 7.4.5 * Security: Fix API permissions issues related to team-sync CVE-2021-28146, CVE-2021-28147. (Enterprise) * Security: Usage insights requires signed in users CVE-2021-28148. (Enterprise) * Security: Do not allow editors to incorrectly bypass permissions on the default data source. CVE-2021-27962. (Enterprise) mgr-cfg: - Version 4.3.2-1 * Remove unused legacy code - Version 4.3.1-1 - Bump version to 4.3.0 mgr-custom-info: - Version 4.3.2-1 * Remove unused legacy code - Version 4.3.1-1 - Bump version to 4.3.0 mgr-daemon: - Version 4.3.2-1 * Update translation strings - Version 4.3.1-1 - Bump version to 4.3.0 mgr-osad: - Version 4.3.2-1 * Removed spacewalk-selinux dependencies. * Updated source url. - Version 4.3.1-1 - Bump version to 4.3.0 mgr-push: - Version 4.3.1-1 - Bump version to 4.3.0 mgr-virtualization: - Version 4.3.1-1 - Bump version to 4.3.0 rhnlib: - Version 4.3.1-1 - Bump version to 4.3.0 spacecmd: - Version 4.3.4-1 * Update translation strings - Version 4.3.3-1 * Improved event history listing and added new system_eventdetails command to retrieve the details of an event * configchannel_updatefile handles directory properly (bsc#1190512) - Version 4.3.2-1 * Add schedule_archivecompleted to mass archive actions (bsc#1181223) * Make schedule_deletearchived to get all actions without display limit * Allow passing a date limit for schedule_deletearchived on spacecmd (bsc#1181223) * Remove whoami from the list of unauthenticated commands (bsc#1188977) - Version 4.3.1-1 - Use correct API endpoint in list_proxies (bsc#1188042) - Add schedule_deletearchived to bulk delete archived actions (bsc#1181223) - Make spacecmd aware of retracted patches/packages - Version 4.2.10-1 - Enhance help for installation types when creating distributions (bsc#1186581) - Version 4.2.9-1 - Parse empty argument when nothing in between the separator spacewalk-client-tools: - Version 4.3.4-1 * Update translation strings - Version 4.3.3-1 * Remove unused legacy code - Version 4.3.2-1 - Version 4.3.1-1 - Bump version to 4.3.0 - Version 4.2.11-1 - Update translation strings spacewalk-koan: - Version 4.3.1-1 - Fix for spacewalk-koan tests after switching to the new Docker images spacewalk-oscap: - Version 4.3.1-1 - Bump version to 4.3.0 spacewalk-remote-utils: - Version 4.3.1-1 - Bump version to 4.3.0 supportutils-plugin-susemanager-client: - Version 4.3.1-1 - Bump version to 4.3.0 suseRegisterInfo: - Version 4.3.1-1 - Bump version to 4.3.0 uyuni-common-libs: - Version 4.3.1-1 - Handle broken RPM packages to prevent exceptions causing fails on repository synchronization (bsc#1186650) - Version 4.2.4-1 - Maintainer field in debian packages are only recommended (bsc#1186508) zypp-plugin-spacewalk: - 1.0.10 * Use proxy configured in up2date config when it is defined - Added RHEL8 build. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12-BETA: zypper in -t patch SUSE-SLE-Manager-Tools-12-BETA-2021-3907=1 Package List: - SUSE Manager Tools 12-BETA (aarch64 ppc64le s390x x86_64): golang-github-prometheus-prometheus-2.27.1-4.21.1 grafana-7.5.7-4.15.1 prometheus-blackbox_exporter-0.19.0-3.3.1 prometheus-blackbox_exporter-debuginfo-0.19.0-3.3.1 python2-uyuni-common-libs-4.3.1-3.21.1 - SUSE Manager Tools 12-BETA (noarch): koan-2.6.6-52.9.1 mgr-cfg-4.3.2-4.15.1 mgr-cfg-actions-4.3.2-4.15.1 mgr-cfg-client-4.3.2-4.15.1 mgr-cfg-management-4.3.2-4.15.1 mgr-custom-info-4.3.2-4.9.1 mgr-daemon-4.3.2-4.15.1 mgr-osad-4.3.2-4.18.2 mgr-push-4.3.1-4.9.1 mgr-virtualization-host-4.3.1-4.9.2 python2-mgr-cfg-4.3.2-4.15.1 python2-mgr-cfg-actions-4.3.2-4.15.1 python2-mgr-cfg-client-4.3.2-4.15.1 python2-mgr-cfg-management-4.3.2-4.15.1 python2-mgr-osa-common-4.3.2-4.18.2 python2-mgr-osad-4.3.2-4.18.2 python2-mgr-push-4.3.1-4.9.1 python2-mgr-virtualization-common-4.3.1-4.9.2 python2-mgr-virtualization-host-4.3.1-4.9.2 python2-rhnlib-4.3.1-24.18.1 python2-spacewalk-check-4.3.4-55.33.1 python2-spacewalk-client-setup-4.3.4-55.33.1 python2-spacewalk-client-tools-4.3.4-55.33.1 python2-spacewalk-koan-4.3.1-27.9.1 python2-spacewalk-oscap-4.3.1-22.9.1 python2-suseRegisterInfo-4.3.1-28.15.1 python2-zypp-plugin-spacewalk-1.0.10-33.15.1 spacecmd-4.3.4-41.27.1 spacewalk-check-4.3.4-55.33.1 spacewalk-client-setup-4.3.4-55.33.1 spacewalk-client-tools-4.3.4-55.33.1 spacewalk-koan-4.3.1-27.9.1 spacewalk-oscap-4.3.1-22.9.1 spacewalk-remote-utils-4.3.1-27.9.1 supportutils-plugin-susemanager-client-4.3.1-9.12.1 suseRegisterInfo-4.3.1-28.15.1 system-user-grafana-1.0.0-3.5.1 system-user-prometheus-1.0.0-3.5.1 sysuser-shadow-2.0-4.5.1 zypp-plugin-spacewalk-1.0.10-33.15.1 References: https://www.suse.com/security/cve/CVE-2021-27962.html https://www.suse.com/security/cve/CVE-2021-28146.html https://www.suse.com/security/cve/CVE-2021-28147.html https://www.suse.com/security/cve/CVE-2021-28148.html https://www.suse.com/security/cve/CVE-2021-29622.html https://bugzilla.suse.com/1175478 https://bugzilla.suse.com/1181223 https://bugzilla.suse.com/1186242 https://bugzilla.suse.com/1186508 https://bugzilla.suse.com/1186581 https://bugzilla.suse.com/1186650 https://bugzilla.suse.com/1188042 https://bugzilla.suse.com/1188977 https://bugzilla.suse.com/1189458 https://bugzilla.suse.com/1190512 From sle-updates at lists.suse.com Fri Dec 3 14:29:26 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Dec 2021 15:29:26 +0100 (CET) Subject: SUSE-SU-2021:3887-1: important: Security update for openssh Message-ID: <20211203142926.56312FC9F@maintenance.suse.de> SUSE Security Update: Security update for openssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3887-1 Rating: important References: #1190975 Cross-References: CVE-2021-41617 CVSS scores: CVE-2021-41617 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-41617 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssh fixes the following issues: - CVE-2021-41617: Fixed privilege escalation when AuthorizedKeysCommand/AuthorizedPrincipalsCommand are configured (bsc#1190975). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-3887=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-3887=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3887=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3887=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): openssh-7.6p1-9.44.1 openssh-askpass-gnome-7.6p1-9.44.1 openssh-askpass-gnome-debuginfo-7.6p1-9.44.1 openssh-debuginfo-7.6p1-9.44.1 openssh-debugsource-7.6p1-9.44.1 openssh-fips-7.6p1-9.44.1 openssh-helpers-7.6p1-9.44.1 openssh-helpers-debuginfo-7.6p1-9.44.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): openssh-7.6p1-9.44.1 openssh-askpass-gnome-7.6p1-9.44.1 openssh-askpass-gnome-debuginfo-7.6p1-9.44.1 openssh-debuginfo-7.6p1-9.44.1 openssh-debugsource-7.6p1-9.44.1 openssh-fips-7.6p1-9.44.1 openssh-helpers-7.6p1-9.44.1 openssh-helpers-debuginfo-7.6p1-9.44.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): openssh-7.6p1-9.44.1 openssh-askpass-gnome-7.6p1-9.44.1 openssh-askpass-gnome-debuginfo-7.6p1-9.44.1 openssh-debuginfo-7.6p1-9.44.1 openssh-debugsource-7.6p1-9.44.1 openssh-fips-7.6p1-9.44.1 openssh-helpers-7.6p1-9.44.1 openssh-helpers-debuginfo-7.6p1-9.44.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): openssh-7.6p1-9.44.1 openssh-askpass-gnome-7.6p1-9.44.1 openssh-askpass-gnome-debuginfo-7.6p1-9.44.1 openssh-debuginfo-7.6p1-9.44.1 openssh-debugsource-7.6p1-9.44.1 openssh-fips-7.6p1-9.44.1 openssh-helpers-7.6p1-9.44.1 openssh-helpers-debuginfo-7.6p1-9.44.1 References: https://www.suse.com/security/cve/CVE-2021-41617.html https://bugzilla.suse.com/1190975 From sle-updates at lists.suse.com Fri Dec 3 14:30:41 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Dec 2021 15:30:41 +0100 (CET) Subject: SUSE-RU-2021:3893-1: moderate: Recommended update for crmsh Message-ID: <20211203143041.6B76BFC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3893-1 Rating: moderate References: #1192618 Affected Products: SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for crmsh fixes the following issue: - Fix: ui_resource: Parse node and lifetime correctly (bsc#1192618) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2021-3893=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-3893=1 Package List: - SUSE Linux Enterprise High Availability 15-SP3 (noarch): crmsh-4.3.1+20211119.97feb471-5.71.1 crmsh-scripts-4.3.1+20211119.97feb471-5.71.1 - SUSE Linux Enterprise High Availability 15-SP2 (noarch): crmsh-4.3.1+20211119.97feb471-5.71.1 crmsh-scripts-4.3.1+20211119.97feb471-5.71.1 References: https://bugzilla.suse.com/1192618 From sle-updates at lists.suse.com Fri Dec 3 14:31:57 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Dec 2021 15:31:57 +0100 (CET) Subject: SUSE-SU-2021:3906-1: moderate: Security Beta update for Salt Message-ID: <20211203143157.67D0CFC9F@maintenance.suse.de> SUSE Security Update: Security Beta update for Salt ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3906-1 Rating: moderate References: #1164192 #1167586 #1168327 #1180650 #1184659 #1185131 #1186287 #1186310 #1186674 #1187787 #1187813 #1188170 #1188641 #1188647 #1189040 #1189043 #1190114 #1190265 #1190446 #1191412 Cross-References: CVE-2021-21996 CVSS scores: CVE-2021-21996 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Affected Products: SUSE Manager Tools 12-BETA ______________________________________________________________________________ An update that solves one vulnerability and has 19 fixes is now available. Description: This update fixes the following issues: salt: - Remove wrong _parse_cpe_name from grains.core - Prevent tracebacks if directory for cookie is missing - Fix file.find tracebacks with non utf8 file names (bsc#1190114) - Fix ip6_interface grain to not leak secondary IPv4 aliases (bsc#1191412) - Do not consider skipped targets as failed for ansible.playbooks state (bsc#1190446) - Fix traceback.*_exc() calls - Fix the regression of docker_container state module - Support querying for JSON data in external sql pillar - Exclude the full path of a download URL to prevent injection of malicious code (bsc#1190265) (CVE-2021-21996) - Fix wrong relative paths resolution with Jinja renderer when importing subdirectories - Fix python-MarkupSafe dependency (bsc#1189043) - Add missing aarch64 to rpm package architectures - Consolidate some state requisites (bsc#1188641) - Fix failing unit test for systemd - Fix error handling in openscap module (bsc#1188647) - Better handling of bad public keys from minions (bsc#1189040) - Define license macro as doc in spec file if not existing - Add standalone formulas configuration for salt minion and remove salt-master requirement (bsc#1168327) - Do noop for services states when running systemd in offline mode (bsc#1187787) - Transactional_updates: do not execute states in parallel but use a queue (bsc#1188170) - Handle "master tops" data when states are applied by "transactional_update" (bsc#1187787) - Enhance openscap module: add "xccdf_eval" call - Virt: pass emulator when getting domain capabilities from libvirt - Implementation of held/unheld functions for state pkg (bsc#1187813) - Fix exception in yumpkg.remove for not installed package - Fix save for iptables state module (bsc#1185131) - Virt: use /dev/kvm to detect KVM - Zypperpkg: improve logic for handling vendorchange flags - Add bundled provides for tornado to the spec file - Enhance logging when inotify beacon is missing pyinotify (bsc#1186310) - Add "python3-pyinotify" as a recommended package for Salt in SUSE/openSUSE distros - Check if dpkgnotify is executable (bsc#1186674) - Detect Python version to use inside container (bsc#1167586) (bsc#1164192) - Handle volumes on stopped pools in virt.vm_info (bsc#1186287) - Grains.extra: support old non-intel kernels (bsc#1180650) - Fix missing minion returns in batch mode (bsc#1184659) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12-BETA: zypper in -t patch SUSE-SLE-Manager-Tools-12-BETA-2021-3906=1 Package List: - SUSE Manager Tools 12-BETA (aarch64 ppc64le s390x x86_64): python-MarkupSafe-0.23-6.5.1 python-MarkupSafe-debuginfo-0.23-6.5.1 python-MarkupSafe-debugsource-0.23-6.5.1 python-PyYAML-5.1.2-29.5.1 python-PyYAML-debuginfo-5.1.2-29.5.1 python-PyYAML-debugsource-5.1.2-29.5.1 python-msgpack-python-0.4.6-11.5.1 python-msgpack-python-debuginfo-0.4.6-11.5.1 python-msgpack-python-debugsource-0.4.6-11.5.1 python-psutil-5.2.2-18.5.1 python-psutil-debuginfo-5.2.2-18.5.1 python-psutil-debugsource-5.2.2-18.5.1 python-pycrypto-2.6.1-13.5.1 python-pyzmq-14.0.0-12.5.1 python-pyzmq-debuginfo-14.0.0-12.5.1 python-pyzmq-debugsource-14.0.0-12.5.1 python2-salt-3000-49.38.2 python3-MarkupSafe-0.23-6.5.1 python3-PyYAML-5.1.2-29.5.1 python3-msgpack-python-0.4.6-11.5.1 python3-psutil-5.2.2-18.5.1 python3-pycrypto-2.6.1-13.5.1 python3-pyzmq-14.0.0-12.5.1 python3-salt-3000-49.38.2 salt-3000-49.38.2 salt-doc-3000-49.38.2 salt-minion-3000-49.38.2 - SUSE Manager Tools 12-BETA (ppc64le s390x x86_64): python-pycrypto-debuginfo-2.6.1-13.5.1 - SUSE Manager Tools 12-BETA (noarch): python-Jinja2-2.8-22.5.1 python-singledispatch-3.4.0.3-4.8.1 python3-Jinja2-2.8-22.5.1 References: https://www.suse.com/security/cve/CVE-2021-21996.html https://bugzilla.suse.com/1164192 https://bugzilla.suse.com/1167586 https://bugzilla.suse.com/1168327 https://bugzilla.suse.com/1180650 https://bugzilla.suse.com/1184659 https://bugzilla.suse.com/1185131 https://bugzilla.suse.com/1186287 https://bugzilla.suse.com/1186310 https://bugzilla.suse.com/1186674 https://bugzilla.suse.com/1187787 https://bugzilla.suse.com/1187813 https://bugzilla.suse.com/1188170 https://bugzilla.suse.com/1188641 https://bugzilla.suse.com/1188647 https://bugzilla.suse.com/1189040 https://bugzilla.suse.com/1189043 https://bugzilla.suse.com/1190114 https://bugzilla.suse.com/1190265 https://bugzilla.suse.com/1190446 https://bugzilla.suse.com/1191412 From sle-updates at lists.suse.com Fri Dec 3 14:37:01 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Dec 2021 15:37:01 +0100 (CET) Subject: SUSE-RU-2021:3896-1: Recommended update for release-notes-sles Message-ID: <20211203143701.B0BD3FC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3896-1 Rating: low References: #1183034 #1183998 #1191408 #1191917 #1193054 #933411 SLE-22593 Affected Products: SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Installer 15-SP3 ______________________________________________________________________________ An update that has 6 recommended fixes and contains one feature can now be installed. Description: This update for release-notes-sles fixes the following issues: Release notes update to version 15.3.20211201. (bsc#933411) - Added note about the disabled usage of unprivileged eBPF (jsc#SLE-22593) - Document the value change for 'ping_group_range'. (bsc#1193054) - Document the deprecation of 'KillMode=none'. (bsc#1183034) - Document the removal of NodeJS 10. (bsc#1191917) - Document where Vagrant Boxes is supported. - Updated note about PostgreSQL support. (bsc#1183998) - Updated note about AutoYaST compact mode. (bsc#1191408) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-2021-3896=1 - SUSE Linux Enterprise Installer 15-SP3: zypper in -t patch SUSE-SLE-INSTALLER-15-SP3-2021-3896=1 Package List: - SUSE Linux Enterprise Server 15-SP3 (noarch): release-notes-sles-15.3.20211201-3.17.1 - SUSE Linux Enterprise Installer 15-SP3 (noarch): release-notes-sles-15.3.20211201-3.17.1 References: https://bugzilla.suse.com/1183034 https://bugzilla.suse.com/1183998 https://bugzilla.suse.com/1191408 https://bugzilla.suse.com/1191917 https://bugzilla.suse.com/1193054 https://bugzilla.suse.com/933411 From sle-updates at lists.suse.com Fri Dec 3 14:38:52 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Dec 2021 15:38:52 +0100 (CET) Subject: SUSE-RU-2021:3892-1: moderate: Recommended update for crmsh Message-ID: <20211203143852.4610DFC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3892-1 Rating: moderate References: #1192618 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for crmsh fixes the following issue: - Fix: ui_resource: Parse node and lifetime correctly (bsc#1192618) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2021-3892=1 Package List: - SUSE Linux Enterprise High Availability 15 (noarch): crmsh-4.3.1+20211119.97feb471-3.89.1 crmsh-scripts-4.3.1+20211119.97feb471-3.89.1 References: https://bugzilla.suse.com/1192618 From sle-updates at lists.suse.com Fri Dec 3 14:40:05 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Dec 2021 15:40:05 +0100 (CET) Subject: SUSE-RU-2021:3895-1: Recommended update for release-notes-sles Message-ID: <20211203144005.82735FC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3895-1 Rating: low References: #1183998 #1193054 #933411 SLE-22018 Affected Products: SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Installer 15-SP2 ______________________________________________________________________________ An update that has three recommended fixes and contains one feature can now be installed. Description: This update for release-notes-sles fixes the following issues: Release notes update to version 15.2.20211130 (bsc#933411) - Document the value change for 'ping_group_range'. (bsc#1193054) - Document where Vagrant Boxes is supported. - Updated note about PostgreSQL support. (bsc#1183998) - Replaced 'master' with 'main' (jsc#SLE-22018) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-2021-3895=1 - SUSE Linux Enterprise Installer 15-SP2: zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2021-3895=1 Package List: - SUSE Linux Enterprise Server 15-SP2 (noarch): release-notes-sles-15.2.20211130-3.26.1 - SUSE Linux Enterprise Installer 15-SP2 (noarch): release-notes-sles-15.2.20211130-3.26.1 References: https://bugzilla.suse.com/1183998 https://bugzilla.suse.com/1193054 https://bugzilla.suse.com/933411 From sle-updates at lists.suse.com Fri Dec 3 14:41:36 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Dec 2021 15:41:36 +0100 (CET) Subject: SUSE-RU-2021:3897-1: Recommended update for release-notes-sles Message-ID: <20211203144136.9B53EFD0A@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3897-1 Rating: low References: #1193054 #933411 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Installer 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for release-notes-sles fixes the following issues: Release notes update to version 15.0.20211130. (bsc#933411) - Document the value change for 'ping_group_range'. (bsc#1193054) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-3897=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-3897=1 - SUSE Linux Enterprise Installer 15: zypper in -t patch SUSE-SLE-INSTALLER-15-2021-3897=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (noarch): release-notes-sles-15.0.20211130-3.24.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): release-notes-sles-15.0.20211130-3.24.1 - SUSE Linux Enterprise Installer 15 (noarch): release-notes-sles-15.0.20211130-3.24.1 References: https://bugzilla.suse.com/1193054 https://bugzilla.suse.com/933411 From sle-updates at lists.suse.com Fri Dec 3 14:42:56 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Dec 2021 15:42:56 +0100 (CET) Subject: SUSE-SU-2021:3903-1: moderate: Security Beta update for SUSE Manager Client Tools Message-ID: <20211203144256.243F9FD0A@maintenance.suse.de> SUSE Security Update: Security Beta update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3903-1 Rating: moderate References: #1164192 #1167586 #1168327 #1173103 #1173692 #1180650 #1181223 #1184659 #1185131 #1186287 #1186310 #1186581 #1186674 #1186738 #1187787 #1187813 #1188042 #1188170 #1188259 #1188647 #1188977 #1189040 #1190265 #1190446 #1190512 #1191412 #1191431 ECO-3212 ECO-3319 SLE-18028 SLE-18033 Cross-References: CVE-2021-21996 CVSS scores: CVE-2021-21996 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Affected Products: SUSE Manager Ubuntu 18.04-CLIENT-TOOLS-BETA ______________________________________________________________________________ An update that solves one vulnerability, contains four features and has 26 fixes is now available. Description: This update fixes the following issues: salt: - Simplify "transactional_update" module to not use SSH wrapper and allow more flexible execution - Add "--no-return-event" option to salt-call to prevent sending return event back to master. - Make "state.highstate" to acts on concurrent flag. - Fix print regression for yumnotify plugin - Use dnfnotify instead yumnotify for relevant distros - Dnfnotify pkgset plugin implementation - Add rpm_vercmp python library support for version comparison - Prevent pkg plugins errors on missing cookie path (bsc#1186738) - Fix ip6_interface grain to not leak secondary IPv4 aliases (bsc#1191412) - Make "salt-api" package to require python3-cherrypy on RHEL systems - Make "tar" as required for "salt-transactional-update" package - Fix issues with salt-ssh's extra-filerefs - Fix crash when calling manage.not_alive runners - Do not consider skipped targets as failed for ansible.playbooks state (bsc#1190446) - Do not break master_tops for minion with version lower to 3003 - Support querying for JSON data in external sql pillar - Update to Salt release version 3003.3 - See release notes: https://docs.saltstack.com/en/latest/topics/releases/3003.3.html - Exclude the full path of a download URL to prevent injection of malicious code (bsc#1190265) (CVE-2021-21996) - Fix wrong relative paths resolution with Jinja renderer when importing subdirectories - Don't pass shell="/sbin/nologin" to onlyif/unless checks (bsc#1188259) - Add missing aarch64 to rpm package architectures - Backport of upstream PR#59492 - Fix failing unit test for systemd - Fix error handling in openscap module (bsc#1188647) - Better handling of bad public keys from minions (bsc#1189040) - Define license macro as doc in spec file if not existing - Add standalone formulas configuration for salt minion and remove salt-master requirement (bsc#1168327) - Do noop for services states when running systemd in offline mode (bsc#1187787) - Transactional_updates: do not execute states in parallel but use a queue (bsc#1188170) - Handle "master tops" data when states are applied by "transactional_update" (bsc#1187787) - Enhance openscap module: add "xccdf_eval" call - Virt: pass emulator when getting domain capabilities from libvirt - Adding preliminary support for Rocky Linux - Implementation of held/unheld functions for state pkg (bsc#1187813) - Replace deprecated Thread.isAlive() with Thread.is_alive() - Fix exception in yumpkg.remove for not installed package - Fix save for iptables state module (bsc#1185131) - Virt: use /dev/kvm to detect KVM - Zypperpkg: improve logic for handling vendorchange flags - Add bundled provides for tornado to the spec file - Enhance logging when inotify beacon is missing pyinotify (bsc#1186310) - Add "python3-pyinotify" as a recommended package for Salt in SUSE/openSUSE distros - Fix tmpfiles.d configuration for salt to not use legacy paths (bsc#1173103) - Detect Python version to use inside container (bsc#1167586) (bsc#1164192) - Handle volumes on stopped pools in virt.vm_info (bsc#1186287) - Grains.extra: support old non-intel kernels (bsc#1180650) - Fix missing minion returns in batch mode (bsc#1184659) - Parsing Epoch out of version provided during pkg remove (bsc#1173692) - Check if dpkgnotify is executable (bsc#1186674) - Update to Salt release version 3002.2 (jsc#ECO-3212) (jsc#SLE-18033) - Add subpackage salt-transactional-update (jsc#SLE-18028) scap-security-guide: - Fix SLE-12 build issue caused by '\xb0' character (bsc#1191431). - Updated to 0.1.58 release (jsc#ECO-3319) - Support for Script Checking Engine (SCE) - Split RHEL 8 CIS profile using new controls file format - CIS Profiles for SLE12 - Initial Ubuntu 20.04 STIG Profiles - Addition of an automated CCE adder - Updated to 0.1.57 release (jsc#ECO-3319) - CIS profile for RHEL 7 is updated - initial CIS profiles for Ubuntu 20.04 - Major improvement of RHEL 9 content - new release process implemented using Github actions - Specify the maintainer, for deb packages. - Updated to 0.1.56 release (jsc#ECO-3319) - Align ism_o profile with latest ISM SSP (#6878) - Align RHEL 7 STIG profile with DISA STIG V3R3 - Creating new RHEL 7 STIG GUI profile (#6863) - Creating new RHEL 8 STIG GUI profile (#6862) - Add the RHEL9 product (#6801) - Initial support for SUSE SLE-15 (#6666) - add support for osbuild blueprint remediations (#6970) - Updated to a intermediate GIT snapshot of 20210323 (jsc#ECO-3319) - initial SLES15 STIG added - more SLES 12 STIG work - correct tables and cross references for SLES 12 and 15 STIG - Updated to 0.1.55 release (jsc#ECO-3319) - big update of rules used in SLES-12 STIG profile - Render policy to HTML (#6532) - Add variable support to yamlfile_value template (#6563) - Introduce new template for dconf configuration files (#6118) - Avoid some non sles12 sp2 available macros. spacecmd: - Version 4.3.4-1 * Update translation strings - Version 4.3.3-1 * Improved event history listing and added new system_eventdetails command to retrieve the details of an event * configchannel_updatefile handles directory properly (bsc#1190512) - Version 4.3.2-1 * Add schedule_archivecompleted to mass archive actions (bsc#1181223) * Make schedule_deletearchived to get all actions without display limit * Allow passing a date limit for schedule_deletearchived on spacecmd (bsc#1181223) * Remove whoami from the list of unauthenticated commands (bsc#1188977) - Version 4.3.1-1 - Use correct API endpoint in list_proxies (bsc#1188042) - Add schedule_deletearchived to bulk delete archived actions (bsc#1181223) - Make spacecmd aware of retracted patches/packages - Version 4.2.10-1 - Enhance help for installation types when creating distributions (bsc#1186581) - Version 4.2.9-1 - Parse empty argument when nothing in between the separator Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS-BETA: zypper in -t patch SUSE-Ubuntu-18.04-CLIENT-TOOLS-BETA-2021-3903=1 Package List: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS-BETA (all): python3-contextvars-2.4-1 python3-immutables-0.11-1 salt-common-3003.3+ds-1+27.45.1 salt-minion-3003.3+ds-1+27.45.1 scap-security-guide-ubuntu-0.1.58-2.6.1 spacecmd-4.3.4-2.27.1 References: https://www.suse.com/security/cve/CVE-2021-21996.html https://bugzilla.suse.com/1164192 https://bugzilla.suse.com/1167586 https://bugzilla.suse.com/1168327 https://bugzilla.suse.com/1173103 https://bugzilla.suse.com/1173692 https://bugzilla.suse.com/1180650 https://bugzilla.suse.com/1181223 https://bugzilla.suse.com/1184659 https://bugzilla.suse.com/1185131 https://bugzilla.suse.com/1186287 https://bugzilla.suse.com/1186310 https://bugzilla.suse.com/1186581 https://bugzilla.suse.com/1186674 https://bugzilla.suse.com/1186738 https://bugzilla.suse.com/1187787 https://bugzilla.suse.com/1187813 https://bugzilla.suse.com/1188042 https://bugzilla.suse.com/1188170 https://bugzilla.suse.com/1188259 https://bugzilla.suse.com/1188647 https://bugzilla.suse.com/1188977 https://bugzilla.suse.com/1189040 https://bugzilla.suse.com/1190265 https://bugzilla.suse.com/1190446 https://bugzilla.suse.com/1190512 https://bugzilla.suse.com/1191412 https://bugzilla.suse.com/1191431 From sle-updates at lists.suse.com Fri Dec 3 14:47:56 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Dec 2021 15:47:56 +0100 (CET) Subject: SUSE-RU-2021:3894-1: Recommended update for bzip2 Message-ID: <20211203144756.DD3F8FC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for bzip2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3894-1 Rating: low References: #1191648 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for bzip2 fixes the following issues: - Enables build time tests of bzip2. (bsc#1191648) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-3894=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-3894=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-3894=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-3894=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-3894=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-3894=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-3894=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3894=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-3894=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-3894=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-3894=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-3894=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-3894=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): bzip2-1.0.6-30.14.1 bzip2-debuginfo-1.0.6-30.14.1 bzip2-debugsource-1.0.6-30.14.1 libbz2-1-1.0.6-30.14.1 libbz2-1-32bit-1.0.6-30.14.1 libbz2-1-debuginfo-1.0.6-30.14.1 libbz2-1-debuginfo-32bit-1.0.6-30.14.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): bzip2-doc-1.0.6-30.14.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): bzip2-1.0.6-30.14.1 bzip2-debuginfo-1.0.6-30.14.1 bzip2-debugsource-1.0.6-30.14.1 libbz2-1-1.0.6-30.14.1 libbz2-1-32bit-1.0.6-30.14.1 libbz2-1-debuginfo-1.0.6-30.14.1 libbz2-1-debuginfo-32bit-1.0.6-30.14.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): bzip2-doc-1.0.6-30.14.1 - SUSE OpenStack Cloud 9 (x86_64): bzip2-1.0.6-30.14.1 bzip2-debuginfo-1.0.6-30.14.1 bzip2-debugsource-1.0.6-30.14.1 libbz2-1-1.0.6-30.14.1 libbz2-1-32bit-1.0.6-30.14.1 libbz2-1-debuginfo-1.0.6-30.14.1 libbz2-1-debuginfo-32bit-1.0.6-30.14.1 - SUSE OpenStack Cloud 9 (noarch): bzip2-doc-1.0.6-30.14.1 - SUSE OpenStack Cloud 8 (noarch): bzip2-doc-1.0.6-30.14.1 - SUSE OpenStack Cloud 8 (x86_64): bzip2-1.0.6-30.14.1 bzip2-debuginfo-1.0.6-30.14.1 bzip2-debugsource-1.0.6-30.14.1 libbz2-1-1.0.6-30.14.1 libbz2-1-32bit-1.0.6-30.14.1 libbz2-1-debuginfo-1.0.6-30.14.1 libbz2-1-debuginfo-32bit-1.0.6-30.14.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): bzip2-debuginfo-1.0.6-30.14.1 bzip2-debugsource-1.0.6-30.14.1 libbz2-devel-1.0.6-30.14.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): bzip2-1.0.6-30.14.1 bzip2-debuginfo-1.0.6-30.14.1 bzip2-debugsource-1.0.6-30.14.1 libbz2-1-1.0.6-30.14.1 libbz2-1-debuginfo-1.0.6-30.14.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): bzip2-doc-1.0.6-30.14.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libbz2-1-32bit-1.0.6-30.14.1 libbz2-1-debuginfo-32bit-1.0.6-30.14.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): bzip2-1.0.6-30.14.1 bzip2-debuginfo-1.0.6-30.14.1 bzip2-debugsource-1.0.6-30.14.1 libbz2-1-1.0.6-30.14.1 libbz2-1-debuginfo-1.0.6-30.14.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libbz2-1-32bit-1.0.6-30.14.1 libbz2-1-debuginfo-32bit-1.0.6-30.14.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): bzip2-doc-1.0.6-30.14.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): bzip2-1.0.6-30.14.1 bzip2-debuginfo-1.0.6-30.14.1 bzip2-debugsource-1.0.6-30.14.1 libbz2-1-1.0.6-30.14.1 libbz2-1-debuginfo-1.0.6-30.14.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libbz2-1-32bit-1.0.6-30.14.1 libbz2-1-debuginfo-32bit-1.0.6-30.14.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): bzip2-doc-1.0.6-30.14.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): bzip2-1.0.6-30.14.1 bzip2-debuginfo-1.0.6-30.14.1 bzip2-debugsource-1.0.6-30.14.1 libbz2-1-1.0.6-30.14.1 libbz2-1-debuginfo-1.0.6-30.14.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libbz2-1-32bit-1.0.6-30.14.1 libbz2-1-debuginfo-32bit-1.0.6-30.14.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): bzip2-doc-1.0.6-30.14.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): bzip2-1.0.6-30.14.1 bzip2-debuginfo-1.0.6-30.14.1 bzip2-debugsource-1.0.6-30.14.1 libbz2-1-1.0.6-30.14.1 libbz2-1-debuginfo-1.0.6-30.14.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libbz2-1-32bit-1.0.6-30.14.1 libbz2-1-debuginfo-32bit-1.0.6-30.14.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): bzip2-doc-1.0.6-30.14.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): bzip2-doc-1.0.6-30.14.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): bzip2-1.0.6-30.14.1 bzip2-debuginfo-1.0.6-30.14.1 bzip2-debugsource-1.0.6-30.14.1 libbz2-1-1.0.6-30.14.1 libbz2-1-32bit-1.0.6-30.14.1 libbz2-1-debuginfo-1.0.6-30.14.1 libbz2-1-debuginfo-32bit-1.0.6-30.14.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): bzip2-1.0.6-30.14.1 bzip2-debuginfo-1.0.6-30.14.1 bzip2-debugsource-1.0.6-30.14.1 libbz2-1-1.0.6-30.14.1 libbz2-1-32bit-1.0.6-30.14.1 libbz2-1-debuginfo-1.0.6-30.14.1 libbz2-1-debuginfo-32bit-1.0.6-30.14.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): bzip2-doc-1.0.6-30.14.1 - HPE Helion Openstack 8 (noarch): bzip2-doc-1.0.6-30.14.1 - HPE Helion Openstack 8 (x86_64): bzip2-1.0.6-30.14.1 bzip2-debuginfo-1.0.6-30.14.1 bzip2-debugsource-1.0.6-30.14.1 libbz2-1-1.0.6-30.14.1 libbz2-1-32bit-1.0.6-30.14.1 libbz2-1-debuginfo-1.0.6-30.14.1 libbz2-1-debuginfo-32bit-1.0.6-30.14.1 References: https://bugzilla.suse.com/1191648 From sle-updates at lists.suse.com Fri Dec 3 14:50:21 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Dec 2021 15:50:21 +0100 (CET) Subject: SUSE-SU-2021:3888-1: moderate: Security update for xen Message-ID: <20211203145021.572C9FC9F@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3888-1 Rating: moderate References: #1027519 #1191363 #1192554 #1192557 #1192559 Cross-References: CVE-2021-28702 CVE-2021-28704 CVE-2021-28705 CVE-2021-28706 CVE-2021-28707 CVE-2021-28708 CVE-2021-28709 CVSS scores: CVE-2021-28702 (NVD) : 7.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVE-2021-28704 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28705 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28706 (NVD) : 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H CVE-2021-28706 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28707 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28708 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28709 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2021-28702: Fixed PCI devices with RMRRs not deassigned correctly (XSA-386) (bsc#1191363). - CVE-2021-28704, CVE-2021-28707, CVE-2021-28708: Fixed PoD operations on misaligned GFNs (XSA-388) (bsc#1192557). - CVE-2021-28705, CVE-2021-28709: Fixed issues with partially successful P2M updates on x86 (XSA-389) (bsc#1192559). - CVE-2021-28706: Fixed guests may exceed their designated memory limit (XSA-385) (bsc#1192554). - Update to Xen 4.13.4 bug fix release (bsc#1027519). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-3888=1 - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-3888=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3888=1 Package List: - SUSE MicroOS 5.0 (x86_64): xen-debugsource-4.13.4_02-3.40.1 xen-libs-4.13.4_02-3.40.1 xen-libs-debuginfo-4.13.4_02-3.40.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): xen-tools-xendomains-wait-disk-4.13.4_02-3.40.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (x86_64): xen-4.13.4_02-3.40.1 xen-debugsource-4.13.4_02-3.40.1 xen-devel-4.13.4_02-3.40.1 xen-tools-4.13.4_02-3.40.1 xen-tools-debuginfo-4.13.4_02-3.40.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): xen-debugsource-4.13.4_02-3.40.1 xen-libs-4.13.4_02-3.40.1 xen-libs-debuginfo-4.13.4_02-3.40.1 xen-tools-domU-4.13.4_02-3.40.1 xen-tools-domU-debuginfo-4.13.4_02-3.40.1 References: https://www.suse.com/security/cve/CVE-2021-28702.html https://www.suse.com/security/cve/CVE-2021-28704.html https://www.suse.com/security/cve/CVE-2021-28705.html https://www.suse.com/security/cve/CVE-2021-28706.html https://www.suse.com/security/cve/CVE-2021-28707.html https://www.suse.com/security/cve/CVE-2021-28708.html https://www.suse.com/security/cve/CVE-2021-28709.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1191363 https://bugzilla.suse.com/1192554 https://bugzilla.suse.com/1192557 https://bugzilla.suse.com/1192559 From sle-updates at lists.suse.com Fri Dec 3 14:52:06 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Dec 2021 15:52:06 +0100 (CET) Subject: SUSE-RU-2021:3898-1: Recommended update for release-notes-sles Message-ID: <20211203145206.AFDD2FC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3898-1 Rating: low References: #1176440 #1178382 #1185109 #1188305 #1193054 #933411 ECO-1179 SLE-10669 SLE-12120 SLE-12481 SLE-12800 SLE-22018 SLE-3034 SLE-3055 SLE-3067 SLE-3101 SLE-3103 SLE-3251 SLE-3443 SLE-3613 SLE-3811 SLE-3890 SLE-3990 Affected Products: SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Installer 15-SP1 SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has 6 recommended fixes and contains 17 features can now be installed. Description: This update for release-notes-sles fixes the following issues: Release notes update to version 15.1.20211130 (bsc#933411) - Document the value change for 'ping_group_range'. (bsc#1193054) - Added note about the technology preview 'schedutil' (bsc#1176440) - Document where Vagrant Boxes is supported. - Replaced 'master' with alternatives (jsc#SLE-22018) - Added note about gnutls 3.6.6 (jsc#327114) - Added note about multi-pathed RBD (jsc#326853) - Added note about python-apache-libcloud (jsc#SLE-10669) - Added note about Strongswan 5.8.2 (jsc#ECO-1179) - Added note about cron and systemd-timers (jsc#SLE-3034) - Added note about libtss2 update (jsc#SLE-3103) - Added note about OpenJDK support (jsc#SLE-3101) - Added note about AD Domain Controller (jsc#SLE-3251) - Added note about dmidecode (jsc#SLE-3443) - Added note about Flatpak update (jsc#SLE-3890) - Added note about YaST license move (jsc#SLE-3067) - Added note about Hi1620 support (jsc#SLE-3055) - Added note about Bcache in YaST partitioner (jsc#SLE-3990) - Added note about Sierra Wireless EM7565 (jsc#SLE-3811) - Added note about DIMM management update (jsc#SLE-3613) - Added note about adding Golang (jsc#SLE-12120) - Added note about sssd-winbind-idmap (jsc#SLE-12481) - Added note about Salt 3002 (jsc#SLE-12800) - Added note about Subscription Management Tool and SUSE Linux Enterprise 12 (bsc#1178382) - Fixed IBM-Z doc link (bsc#1185109) - Updated stylesheets - Removed mention of SUSE Enterprise Storage (bsc#1188305) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-3898=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-3898=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-3898=1 - SUSE Linux Enterprise Installer 15-SP1: zypper in -t patch SUSE-SLE-INSTALLER-15-SP1-2021-3898=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-3898=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): release-notes-sles-15.1.20211130-3.25.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): release-notes-sles-15.1.20211130-3.25.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): release-notes-sles-15.1.20211130-3.25.1 - SUSE Linux Enterprise Installer 15-SP1 (noarch): release-notes-sles-15.1.20211130-3.25.1 - SUSE Enterprise Storage 6 (noarch): release-notes-sles-15.1.20211130-3.25.1 - SUSE CaaS Platform 4.0 (noarch): release-notes-sles-15.1.20211130-3.25.1 References: https://bugzilla.suse.com/1176440 https://bugzilla.suse.com/1178382 https://bugzilla.suse.com/1185109 https://bugzilla.suse.com/1188305 https://bugzilla.suse.com/1193054 https://bugzilla.suse.com/933411 From sle-updates at lists.suse.com Fri Dec 3 14:54:06 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Dec 2021 15:54:06 +0100 (CET) Subject: SUSE-RU-2021:3890-1: moderate: Recommended update for gdb Message-ID: <20211203145406.D6F27FC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for gdb ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3890-1 Rating: moderate References: #1180786 #1184214 #1185638 #1186040 #1187044 SLE-19618 SLE-19619 SLE-19620 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP2 ______________________________________________________________________________ An update that has 5 recommended fixes and contains three features can now be installed. Description: This update for gdb fixes the following issues: Rebase to 11.1 release (as in fedora 35 @ 9cd9368): * GDB now supports general memory tagging functionality if the underlying architecture supports the proper primitives and hooks. Currently this is enabled only for AArch64 MTE. * GDB will now look for the .gdbinit file in a config directory before looking for ~/.gdbinit. The file is searched for in the following locations: $XDG_CONFIG_HOME/gdb/gdbinit, $HOME/.config/gdb/gdbinit, $HOME/.gdbinit. * GDB will now load and process commands from ~/.config/gdb/gdbearlyinit or ~/.gdbearlyinit if these files are present. These files are processed earlier than any of the other initialization files and can affect parts of GDB's startup that previously had already been completed before the initialization files were read, for example styling of the initial GDB greeting. * GDB now has two new options "--early-init-command" and "--early-init-eval-command" with corresponding short options "-eix" and "-eiex" that allow options (that would normally appear in a gdbearlyinit file) to be passed on the command line. * set startup-quietly on|off show startup-quietly When 'on', this causes GDB to act as if "-silent" were passed on the command line. This command needs to be added to an early initialization file (e.g. ~/.config/gdb/gdbearlyinit) in order to affect GDB. * For RISC-V targets, the target feature "org.gnu.gdb.riscv.vector" is now understood by GDB, and can be used to describe the vector registers of a target. * TUI windows now support mouse actions. The mouse wheel scrolls the appropriate window. * Key combinations that do not have a specific action on the focused window are passed to GDB. For example, you now can use Ctrl-Left/Ctrl-Right to move between words in the command window regardless of which window is in focus. Previously you would need to focus on the command window for such key combinations to work. * set python ignore-environment on|off show python ignore-environment When 'on', this causes GDB's builtin Python to ignore any environment variables that would otherwise affect how Python behaves. This command needs to be added to an early initialization file (e.g. ~/.config/gdb/gdbearlyinit) in order to affect GDB. * set python dont-write-bytecode auto|on|off show python dont-write-bytecode When 'on', this causes GDB's builtin Python to not write any byte-code (.pyc files) to disk. This command needs to be added to an early initialization file (e.g. ~/.config/gdb/gdbearlyinit) in order to affect GDB. When 'off' byte-code will always be written. When set to 'auto' (the default) Python will check the PYTHONDONTWRITEBYTECODE environment variable. * break [PROBE_MODIFIER] [LOCATION] [thread THREADNUM] [-force-condition] [if CONDITION] This command would previously refuse setting a breakpoint if the CONDITION expression is invalid at a location. It now accepts and defines the breakpoint if there is at least one location at which the CONDITION is valid. The locations for which the CONDITION is invalid, are automatically disabled. If CONDITION is invalid at all of the locations, setting the breakpoint is still rejected. However, the '-force-condition' flag can be used in this case for forcing GDB to define the breakpoint, making all the current locations automatically disabled. This may be useful if the user knows the condition will become meaningful at a future location, e.g. due to a shared library load. - Update libipt to v2.0.4. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-3890=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-3890=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): gdb-11.1-8.27.1 gdb-debuginfo-11.1-8.27.1 gdb-debugsource-11.1-8.27.1 gdbserver-11.1-8.27.1 gdbserver-debuginfo-11.1-8.27.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): gdb-11.1-8.27.1 gdb-debuginfo-11.1-8.27.1 gdb-debugsource-11.1-8.27.1 gdbserver-11.1-8.27.1 gdbserver-debuginfo-11.1-8.27.1 References: https://bugzilla.suse.com/1180786 https://bugzilla.suse.com/1184214 https://bugzilla.suse.com/1185638 https://bugzilla.suse.com/1186040 https://bugzilla.suse.com/1187044 From sle-updates at lists.suse.com Fri Dec 3 14:55:45 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Dec 2021 15:55:45 +0100 (CET) Subject: SUSE-SU-2021:3902-1: moderate: Security Beta update for SUSE Manager Client Tools Message-ID: <20211203145545.751B5FC9F@maintenance.suse.de> SUSE Security Update: Security Beta update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3902-1 Rating: moderate References: #1164192 #1167586 #1168327 #1173103 #1173692 #1180650 #1181223 #1184659 #1185131 #1186287 #1186310 #1186581 #1186674 #1186738 #1187787 #1187813 #1188042 #1188170 #1188259 #1188647 #1188977 #1189040 #1190265 #1190446 #1190512 #1191412 #1191431 ECO-3212 ECO-3319 SLE-18028 SLE-18033 Cross-References: CVE-2021-21996 CVSS scores: CVE-2021-21996 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Affected Products: SUSE Manager Ubuntu 20.04-CLIENT-TOOLS-BETA ______________________________________________________________________________ An update that solves one vulnerability, contains four features and has 26 fixes is now available. Description: This update fixes the following issues: salt: - Simplify "transactional_update" module to not use SSH wrapper and allow more flexible execution - Add "--no-return-event" option to salt-call to prevent sending return event back to master. - Make "state.highstate" to acts on concurrent flag. - Fix print regression for yumnotify plugin - Use dnfnotify instead yumnotify for relevant distros - Dnfnotify pkgset plugin implementation - Add rpm_vercmp python library support for version comparison - Prevent pkg plugins errors on missing cookie path (bsc#1186738) - Fix ip6_interface grain to not leak secondary IPv4 aliases (bsc#1191412) - Make "salt-api" package to require python3-cherrypy on RHEL systems - Make "tar" as required for "salt-transactional-update" package - Fix issues with salt-ssh's extra-filerefs - Fix crash when calling manage.not_alive runners - Do not consider skipped targets as failed for ansible.playbooks state (bsc#1190446) - Do not break master_tops for minion with version lower to 3003 - Support querying for JSON data in external sql pillar - Update to Salt release version 3003.3 - See release notes: https://docs.saltstack.com/en/latest/topics/releases/3003.3.html - Exclude the full path of a download URL to prevent injection of malicious code (bsc#1190265) (CVE-2021-21996) - Fix wrong relative paths resolution with Jinja renderer when importing subdirectories - Don't pass shell="/sbin/nologin" to onlyif/unless checks (bsc#1188259) - Add missing aarch64 to rpm package architectures - Backport of upstream PR#59492 - Fix failing unit test for systemd - Fix error handling in openscap module (bsc#1188647) - Better handling of bad public keys from minions (bsc#1189040) - Define license macro as doc in spec file if not existing - Add standalone formulas configuration for salt minion and remove salt-master requirement (bsc#1168327) - Do noop for services states when running systemd in offline mode (bsc#1187787) - Transactional_updates: do not execute states in parallel but use a queue (bsc#1188170) - Handle "master tops" data when states are applied by "transactional_update" (bsc#1187787) - Enhance openscap module: add "xccdf_eval" call - Virt: pass emulator when getting domain capabilities from libvirt - Adding preliminary support for Rocky Linux - Implementation of held/unheld functions for state pkg (bsc#1187813) - Replace deprecated Thread.isAlive() with Thread.is_alive() - Fix exception in yumpkg.remove for not installed package - Fix save for iptables state module (bsc#1185131) - Virt: use /dev/kvm to detect KVM - Zypperpkg: improve logic for handling vendorchange flags - Add bundled provides for tornado to the spec file - Enhance logging when inotify beacon is missing pyinotify (bsc#1186310) - Add "python3-pyinotify" as a recommended package for Salt in SUSE/openSUSE distros - Fix tmpfiles.d configuration for salt to not use legacy paths (bsc#1173103) - Detect Python version to use inside container (bsc#1167586) (bsc#1164192) - Handle volumes on stopped pools in virt.vm_info (bsc#1186287) - Grains.extra: support old non-intel kernels (bsc#1180650) - Fix missing minion returns in batch mode (bsc#1184659) - Parsing Epoch out of version provided during pkg remove (bsc#1173692) - Check if dpkgnotify is executable (bsc#1186674) - Update to Salt release version 3002.2 (jsc#ECO-3212) (jsc#SLE-18033) - Add subpackage salt-transactional-update (jsc#SLE-18028) scap-security-guide: - Fix SLE-12 build issue caused by '\xb0' character (bsc#1191431). - Updated to 0.1.58 release (jsc#ECO-3319) - Support for Script Checking Engine (SCE) - Split RHEL 8 CIS profile using new controls file format - CIS Profiles for SLE12 - Initial Ubuntu 20.04 STIG Profiles - Addition of an automated CCE adder - Updated to 0.1.57 release (jsc#ECO-3319) - CIS profile for RHEL 7 is updated - initial CIS profiles for Ubuntu 20.04 - Major improvement of RHEL 9 content - new release process implemented using Github actions - Specify the maintainer, for deb packages. - Updated to 0.1.56 release (jsc#ECO-3319) - Align ism_o profile with latest ISM SSP (#6878) - Align RHEL 7 STIG profile with DISA STIG V3R3 - Creating new RHEL 7 STIG GUI profile (#6863) - Creating new RHEL 8 STIG GUI profile (#6862) - Add the RHEL9 product (#6801) - Initial support for SUSE SLE-15 (#6666) - add support for osbuild blueprint remediations (#6970) - Updated to a intermediate GIT snapshot of 20210323 (jsc#ECO-3319) - initial SLES15 STIG added - more SLES 12 STIG work - correct tables and cross references for SLES 12 and 15 STIG - Updated to 0.1.55 release (jsc#ECO-3319) - big update of rules used in SLES-12 STIG profile - Render policy to HTML (#6532) - Add variable support to yamlfile_value template (#6563) - Introduce new template for dconf configuration files (#6118) - Avoid some non sles12 sp2 available macros. spacecmd: - Version 4.3.4-1 * Update translation strings - Version 4.3.3-1 * Improved event history listing and added new system_eventdetails command to retrieve the details of an event * configchannel_updatefile handles directory properly (bsc#1190512) - Version 4.3.2-1 * Add schedule_archivecompleted to mass archive actions (bsc#1181223) * Make schedule_deletearchived to get all actions without display limit * Allow passing a date limit for schedule_deletearchived on spacecmd (bsc#1181223) * Remove whoami from the list of unauthenticated commands (bsc#1188977) - Version 4.3.1-1 - Use correct API endpoint in list_proxies (bsc#1188042) - Add schedule_deletearchived to bulk delete archived actions (bsc#1181223) - Make spacecmd aware of retracted patches/packages - Version 4.2.10-1 - Enhance help for installation types when creating distributions (bsc#1186581) - Version 4.2.9-1 - Parse empty argument when nothing in between the separator Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS-BETA: zypper in -t patch SUSE-Ubuntu-20.04-CLIENT-TOOLS-BETA-2021-3902=1 Package List: - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS-BETA (amd64): librpm8-4.14.2.1+dfsg1-1build2 librpmbuild8-4.14.2.1+dfsg1-1build2 librpmio8-4.14.2.1+dfsg1-1build2 librpmsign8-4.14.2.1+dfsg1-1build2 python3-rpm-4.14.2.1+dfsg1-1build2 rpm-common-4.14.2.1+dfsg1-1build2 - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS-BETA (all): salt-common-3003.3+ds-1+2.30.2 salt-minion-3003.3+ds-1+2.30.2 scap-security-guide-ubuntu-0.1.58-2.6.2 spacecmd-4.3.4-2.21.2 References: https://www.suse.com/security/cve/CVE-2021-21996.html https://bugzilla.suse.com/1164192 https://bugzilla.suse.com/1167586 https://bugzilla.suse.com/1168327 https://bugzilla.suse.com/1173103 https://bugzilla.suse.com/1173692 https://bugzilla.suse.com/1180650 https://bugzilla.suse.com/1181223 https://bugzilla.suse.com/1184659 https://bugzilla.suse.com/1185131 https://bugzilla.suse.com/1186287 https://bugzilla.suse.com/1186310 https://bugzilla.suse.com/1186581 https://bugzilla.suse.com/1186674 https://bugzilla.suse.com/1186738 https://bugzilla.suse.com/1187787 https://bugzilla.suse.com/1187813 https://bugzilla.suse.com/1188042 https://bugzilla.suse.com/1188170 https://bugzilla.suse.com/1188259 https://bugzilla.suse.com/1188647 https://bugzilla.suse.com/1188977 https://bugzilla.suse.com/1189040 https://bugzilla.suse.com/1190265 https://bugzilla.suse.com/1190446 https://bugzilla.suse.com/1190512 https://bugzilla.suse.com/1191412 https://bugzilla.suse.com/1191431 From sle-updates at lists.suse.com Fri Dec 3 15:00:14 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Dec 2021 16:00:14 +0100 (CET) Subject: SUSE-SU-2021:3908-1: moderate: Security Beta update for SUMA client tools Message-ID: <20211203150014.B901CFC9F@maintenance.suse.de> SUSE Security Update: Security Beta update for SUMA client tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3908-1 Rating: moderate References: #1164192 #1167586 #1168327 #1170823 #1173103 #1173692 #1175478 #1180650 #1181223 #1184659 #1185131 #1186242 #1186287 #1186310 #1186508 #1186581 #1186650 #1186674 #1186738 #1187787 #1187813 #1188042 #1188170 #1188259 #1188647 #1188846 #1188977 #1189040 #1190265 #1190446 #1190512 #1191412 #1191448 ECO-3212 SLE-18028 SLE-18033 SLE-18254 Cross-References: CVE-2021-21996 CVE-2021-27962 CVE-2021-28146 CVE-2021-28147 CVE-2021-28148 CVE-2021-29622 CVSS scores: CVE-2021-21996 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L CVE-2021-27962 (NVD) : 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N CVE-2021-27962 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-28147 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-28148 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-29622 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: SUSE Manager Tools 15-BETA ______________________________________________________________________________ An update that solves 6 vulnerabilities, contains four features and has 27 fixes is now available. Description: This update fixes the following issues: dracut-saltboot: - Fix dependencies of python libs (bsc#1188846) - Update to version 0.1.1628156312.dbd0dec - Force installation of libexpat.so.1 (bsc#1188846) - Update to version 0.1.1627546504.96a0b3e - Use kernel parameters from PXE formula also for local boot golang-github-prometheus-prometheus: - Provide and reload firewalld configuration only for: + openSUSE Leap 15.0, 15.1, 15.2 + SUSE SLE15, SLE15 SP1, SLE15 SP2 - Refresh patches + Changed: - Upgrade to upstream version 2.27.1 (jsc#SLE-18254) + Bugfix: * SECURITY: Fix arbitrary redirects under the /new endpoint (CVE-2021-29622, bsc#1186242) - Upgrade to upstream version 2.27.0 + Features: * Promtool: Retroactive rule evaluation functionality. #7675 * Configuration: Environment variable expansion for external labels. Behind --enable-feature=expand-external-labels flag. #8649 * TSDB: Add a flag(--storage.tsdb.max-block-chunk-segment-size) to control the max chunks file size of the blocks for small Prometheus instances. #8478 * UI: Add a dark theme. #8604 * AWS Lightsail Discovery: Add AWS Lightsail Discovery. #8693 * Docker Discovery: Add Docker Service Discovery. #8629 * OAuth: Allow OAuth 2.0 to be used anywhere an HTTP client is used. #8761 * Remote Write: Send exemplars via remote write. Experimental and disabled by default. #8296 + Enhancements: * Digital Ocean Discovery: Add __meta_digitalocean_vpc label. #8642 * Scaleway Discovery: Read Scaleway secret from a file. #8643 * Scrape: Add configurable limits for label size and count. #8777 * UI: Add 16w and 26w time range steps. #8656 * Templating: Enable parsing strings in humanize functions. #8682 + Bugfixes: * UI: Provide errors instead of blank page on TSDB Status Page. #8654 #8659 * TSDB: Do not panic when writing very large records to the WAL. #8790 * TSDB: Avoid panic when mmaped memory is referenced after the file is closed. #8723 * Scaleway Discovery: Fix nil pointer dereference. #8737 * Consul Discovery: Restart no longer required after config update with no targets. #8766 - Update package with changes from `server:monitoring` bsc#1175478 Left out removal of firewalld related configuration files as SLE-15-SP1's `firewalld` package does not contain prometheus configuration yet. grafana: - Add URL to package source code in the login page footer - Update to version 7.5.7: * Updated relref to "Configuring exemplars" section (#34240) (#34243) * Added exemplar topic (#34147) (#34226) * Quota: Do not count folders towards dashboard quota (#32519) (#34025) * Instructions to separate emails with semicolons (#32499) (#34138) * Docs: Remove documentation of v8 generic OAuth feature (#34018) * Annotations: Prevent orphaned annotation tags cleanup when no annotations were cleaned (#33957) (#33975) * [GH-33898] Add missing --no-cache to Dockerfile. (#33906) (#33935) * ReleaseNotes: Updated changelog and release notes for 7.5.6 (#33932) (#33936) * Stop hoisting @icons/material (#33922) * Chore: fix react-color version in yarn.lock (#33914) * "Release: Updated versions in package to 7.5.6" (#33909) * Loki: fix label browser crashing when + typed (#33900) (#33901) * Document `hide_version` flag (#33670) (#33881) * Add isolation level db configuration parameter (#33830) (#33878) * Sanitize PromLink button (#33874) (#33876) * Removed content as per MarcusE's suggestion in https://github.com/grafana/grafana/issues/33822. (#33870) (#33872) * Docs feedback: /administration/provisioning.md (#33804) (#33842) * Docs: delete from high availability docs references to removed configurations related to session storage (#33827) (#33851) * Docs: Update _index.md (#33797) (#33799) * Docs: Update installation.md (#33656) (#33703) * GraphNG: uPlot 1.6.9 (#33598) (#33612) * dont consider invalid email address a failed email (#33671) (#33681) * InfluxDB: Improve measurement-autocomplete behavior in query editor (#33494) (#33625) * add template for dashboard url parameters (#33549) (#33588) * Add note to Snapshot API doc to specify that user has to provide the entire dashboard model (#33572) (#33586) * Update team.md (#33454) (#33536) * Removed duplicate file "dashboard_folder_permissions.md (#33497) * Document customQueryParameters for prometheus datasource provisioning (#33440) (#33495) * ReleaseNotes: Updated changelog and release notes for 7.5.5 (#33473) (#33492) * Documentation: Update developer-guide.md (#33478) (#33490) * add closed parenthesis to fix a hyperlink (#33471) (#33481) - Update to version 7.5.5: * "Release: Updated versions in package to 7.5.5" (#33469) * GraphNG: Fix exemplars window position (#33427) (#33462) * Remove field limitation from slack notification (#33113) (#33455) * Prometheus: Support POST in template variables (#33321) (#33441) * Instrumentation: Add success rate metrics for email notifications (#33359) (#33409) * Use either moment objects (for absolute times in the datepicker) or string (for relative time) (#33315) (#33406) * Docs: Removed type from find annotations example. (#33399) (#33403) * [v7.5.x]: FrontendMetrics: Adds new backend api that frontend can use to push frontend measurements and counters to prometheus (#33255) * Updated label for add panel. (#33285) (#33286) * Bug: Add git to Dockerfile.ubuntu (#33247) (#33248) * Docs: Sync latest master docs with 7.5.x (#33156) * Docs: Update getting-started-influxdb.md (#33234) (#33241) * Doc: Document the X-Grafana-Org-Id HTTP header (#32478) (#33239) * Minor Changes in Auditing.md (#31435) (#33238) * Docs: Add license check endpoint doc (#32987) (#33236) * Postgres: Fix time group macro when TimescaleDB is enabled and interval is less than a second (#33153) (#33219) * Docs: InfluxDB doc improvements (#32815) (#33185) * [v7.5.x] Loki: Pass Skip TLS Verify setting to alert queries (#33031) * update cla (#33181) * Fix inefficient regular expression (#33155) (#33159) * Auth: Don't clear auth token cookie when lookup token fails (#32999) (#33136) * Elasticsearch: Add documentation for supported Elasticsearch query transformations (#33072) (#33128) * Update team.md (#33060) (#33084) * GE issue 1268 (#33049) (#33081) * Fixed some formatting issues for PRs from yesterday. (#33078) (#33079) * Explore: Load default data source in Explore when the provided source does not exist (#32992) (#33061) * Docs: Replace next with latest in aliases (#33054) (#33059) * Added missing link item. (#33052) (#33055) * Backport 33034 (#33038) * Docs: Backport 32916 to v7.5x (#33008) * ReleaseNotes: Updated changelog and release notes for 7.5.4 (#32973) (#32998) * Elasticsearch: Force re-rendering of each editor row type change (#32993) (#32996) * Docs: Sync release branch with latest docs (#32986) - Update to version 7.5.4: * "Release: Updated versions in package to 7.5.4" (#32971) * fix(datasource_srv): prevent infinite loop where default datasource is named default (#32949) (#32967) * Added Azure Monitor support for Microsoft.AppConfiguration/configurationStores namespace (#32123) (#32968) * fix sqlite3 tx retry condition operator precedence (#32897) (#32952) * AzureMonitor: Add support for Virtual WAN namespaces (#32935) (#32947) * Plugins: Allow a non-dashboard page to be the default home page (#32926) (#32945) * GraphNG: uPlot 1.6.8 (#32859) (#32863) * Alerting: Add ability to include aliases with dashes (/) and at (@) signs in InfluxDB (#32844) * Prometheus: Allow exemplars endpoint in data source proxy (#32802) (#32804) * [v7.5.x] Table: Fixes table data links so they refer to correct row after sorting (#32758) * TablePanel: Makes sorting case-insensitive (#32435) (#32752) - Update to version 7.5.3: * "Release: Updated versions in package to 7.5.3" (#32745) * FolderPicker: Prevent dropdown menu from disappearing off screen (#32603) (#32741) * Loki: Remove empty annotations tags (#32359) (#32490) * SingleStat: fix wrong call to getDataLinkUIModel (#32721) (#32739) * Prometheus: Fix instant query to run two times when exemplars enabled (#32508) (#32726) * Elasticsearch: Fix bucket script variable duplication in UI (#32705) (#32714) * Variables: Confirms selection before opening new picker (#32586) (#32710) * CloudWarch: Fix service quotas link (#32686) (#32689) * Configuration: Prevent browser hanging / crashing with large number of org users (#32546) (#32598) * chore: bump execa to v2.1.0 (#32543) (#32592) * Explore: Fix bug where navigating to explore would result in wrong query and datasource to be shown (#32558) * Fix broken gtime tests (#32582) (#32587) * resolve conflicts (#32567) * gtime: Make ParseInterval deterministic (#32539) (#32560) * Dashboard: No longer includes default datasource when externally exporting dashboard with row (#32494) (#32535) * TextboxVariable: Limits the length of the preview value (#32472) (#32530) * AdHocVariable: Adds default data source (#32470) (#32476) * Variables: Fixes Unsupported data format error for null values (#32480) (#32487) * Prometheus: align exemplars check to latest api change (#32513) (#32515) * "Release: Updated versions in package to 7.5.2" (#32502) * SigV4: Add support EC2 IAM role auth and possibility to toggle auth providers (#32444) (#32488) * Set spanNulls to default (#32471) (#32486) * Graph: Fix setting right y-axis when standard option unit is configured (#32426) (#32442) * API: Return 409 on datasource version conflict (#32425) (#32433) * API: Return 400 on invalid Annotation requests (#32429) (#32431) * Variables: Fixes problem with data source variable when default ds is selected (#32384) (#32424) * Table: Fixes so links work for image cells (#32370) (#32410) * Variables: Fixes error when manually non-matching entering custom value in variable input/picker (#32390) (#32394) * DashboardQueryEditor: Run query after selecting source panel (#32383) (#32395) * API: Datasource endpoint should return 400 bad request if id and orgId is invalid (#32392) (#32397) * "Release: Updated versions in package to 7.5.1" (#32362) * MSSQL: Upgrade go-mssqldb (#32347) (#32361) * GraphNG: Fix tooltip displaying wrong or no data (#32312) (#32348) * "Release: Updated versions in package to 7.5.0" (#32308) * Loki: Fix text search in Label browser (#32293) (#32306) * Explore: Show all dataFrames in data tab in Inspector (#32161) (#32299) * PieChartV2: Add migration from old piechart (#32259) (#32291) * LibraryPanels: Adds Type and Description to DB (#32258) (#32288) * LibraryPanels: Prevents deletion of connected library panels (#32277) (#32284) * Library Panels: Add "Discard" button to panel save modal (#31647) (#32281) * LibraryPanels: Changes to non readonly reducer (#32193) (#32200) * Notifications: InfluxDB - Fix regex to include metrics with hyphen in aliases (#32224) (#32262) * SSE/InfluxDB: Change InfluxQL to work with server side expressions (#31691) (#32102) * DashboardSettings: Fixes issue with tags list not updating when changes are made (#32241) (#32247) * Logs: If log message missing, use empty string (#32080) (#32243) * CloudWatch: Use latest version of aws sdk (#32217) (#32223) * Release: Updated versions in package to 7.5.0-beta.2 (#32158) * HttpServer: Make read timeout configurable but disabled by default (#31575) (#32154) * GraphNG: Ignore string fields when building data for uPlot in GraphNG (#32150) (#32151) * Fix loading timezone info on windows (#32029) (#32149) * SQLStore: Close session in withDbSession (#31775) (#32108) * Remove datalink template suggestions for accessing specific fields when there are multiple dataframes. (#32057) (#32148) * GraphNG: make sure dataset and config are in sync when initializing and re-initializing uPlot (#32106) (#32125) * MixedDataSource: Name is updated when data source variable changes (#32090) (#32144) * Backport 32005 to v7.5.x #32128 (#32130) * Loki: Label browser UI updates (#31737) (#32119) * ValueMappings: Fixes value 0 not being mapped (#31924) (#31929) * GraphNG: Fix tooltip series color for multi data frame scenario (#32098) (#32103) * LibraryPanels: Improves the Get All experience (#32028) (#32093) * Grafana/ui: display all selected levels for selected value when searching (#32030) (#32032) * Exemplars: always query exemplars (#31673) (#32024) * [v7.5.x] TimePicker: Fixes hidden time picker shown in kiosk TV mode (#32055) * Chore: Collect elasticsearch version usage stats (#31787) (#32063) * Chore: Tidy up Go deps (#32053) * GraphNG: Fix PlotLegend field display name being outdated (#32064) (#32066) * Data proxy: Fix encoded characters in URL path should be proxied encoded (#30597) (#32060) * [v7.5.x] Auth: Allow soft token revocation (#32037) * Snapshots: Fix usage of sign in link from the snapshot page (#31986) (#32036) * Make master green (#32011) (#32015) * Query editor: avoid avoiding word wrap on query editor components (#31949) (#31982) * Variables: Fixes filtering in picker with null items (#31979) (#31995) * TooltipContainer - use resize observer instead of getClientBoundingRect (#31937) (#32003) * Loki: Fix autocomplete when re-editing Loki label values (#31828) (#31987) * Loki: Fix type errors in language_provider (#31902) (#31945) * PanelInspect: Interpolates variables in CSV file name (#31936) (#31977) * Cloudwatch: use shared library for aws auth (#29550) (#31946) * Tooltip: partial perf improvement (#31774) (#31837) (#31957) * Backport 31913 to v7.5.x (#31955) * Grafana/ui: fix searchable options for Cascader with options update (#31906) (#31938) * Variables: Do not reset description on variable type change (#31933) (#31939) * [v7.5.x] AnnotationList: Adds spacing to UI (#31888) (#31894) * Elasticseach: Support histogram fields (#29079) (#31914) * Chore: upgrade eslint and fork-ts-checker-webpack-plugin (#31854) (#31896) * Update scripts and Dockerfiles to use Go 1.16.1 (#31881) (#31891) * Templating: use dashboard timerange when variables are set to refresh 'On Dashboard Load' (#31721) (#31801) * [v7.5.x] Tempo: Add test for backend data source (#31835) (#31882) * Run go mod tidy to update go.mod and go.sum (#31859) * Grafana/ui: display all selected levels for Cascader (#31729) (#31862) * CloudWatch: Consume the grafana/aws-sdk (#31807) (#31861) * Cloudwatch: ListMetrics API page limit (#31788) (#31851) * Remove invalid attribute (#31848) (#31850) * CloudWatch: Restrict auth provider and assume role usage according to??? (#31845) * CloudWatch: Add support for EC2 IAM role (#31804) (#31841) * Loki, Prometheus: Change the placement for query type explanation (#31784) (#31819) * Variables: Improves inspection performance and unknown filtering (#31811) (#31813) * Change piechart plugin state to beta (#31797) (#31798) * ReduceTransform: Include series with numeric string names (#31763) (#31794) * Annotations: Make the annotation clean up batch size configurable (#31487) (#31769) * Fix escaping in ANSI and dynamic button removal (#31731) (#31767) * DataLinks: Bring back single click links for Stat, Gauge and BarGauge panel (#31692) (#31718) * log skipped, performed and duration for migrations (#31722) (#31754) * Search: Make items more compact (#31734) (#31750) * loki_datasource: add documentation to label_format and line_format (#31710) (#31746) * Tempo: Convert tempo to backend data source2 (#31733) * Elasticsearch: Fix script fields in query editor (#31681) (#31727) * Elasticsearch: revert to isoWeek when resolving weekly indices (#31709) (#31717) * Admin: Keeps expired api keys visible in table after delete (#31636) (#31675) * Tempo: set authentication header properly (#31699) (#31701) * Tempo: convert to backend data source (#31618) (#31695) * Update package.json (#31672) * Release: Bump version to 7.5.0-beta.1 (#31664) * Fix whatsNewUrl version to 7.5 (#31666) * Chore: add alias for what's new 7.5 (#31669) * Docs: Update doc for PostgreSQL authentication (#31434) * Docs: document report template variables (#31637) * AzureMonitor: Add deprecation message for App Insights/Insights Analytics (#30633) * Color: Fixes issue where colors where reset to gray when switch panels (#31611) * Live: Use pure WebSocket transport (#31630) * Docs: Fix broken image link (#31661) * Docs: Add Whats new in 7.5 (#31659) * Docs: Fix links for 7.5 (#31658) * Update enterprise-configuration.md (#31656) * Explore/Logs: Escaping of incorrectly escaped log lines (#31352) * Tracing: Small improvements to trace types (#31646) * Update _index.md (#31645) * AlertingNG: code refactoring (#30787) * Remove pkill gpg-agent (#31169) * Remove format for plugin routes (#31633) * Library Panels: Change unsaved change detection logic (#31477) * CloudWatch: Added AWS Timestream Metrics and Dimensions (#31624) * add new metrics and dimensions (#31595) * fix devenv dashboard content typo (#31583) * DashList: Sort starred and searched dashboard alphabetically (#31605) * Docs: Update whats-new-in-v7-4.md (#31612) * SSE: Add "Classic Condition" on backend (#31511) * InfluxDB: Improve maxDataPoints error-message in Flux-mode, raise limits (#31259) * Alerting: PagerDuty: adding current state to the payload (#29270) * devenv: Fix typo (#31589) * Loki: Label browser (#30351) * LibraryPanels: No save modal when user is on same dashboard (#31606) * Bug: adding resolution for `react-use-measure` to prevent plugin tests from failing. (#31603) * Update node-graph.md (#31571) * test: pass Cypress options objects into selector wrappers (#31567) * Loki: Add support for alerting (#31424) * Tracing: Specify type of the data frame that is expected for TraceView (#31465) * LibraryPanels: Adds version column (#31590) * PieChart: Add color changing options to pie chart (#31588) * Explore: keep enabled/disabled state in angular based QueryEditors correctly (#31558) * Bring back correct legend sizing afer PlotLegend refactor (#31582) * Alerting: Fix bug in Discord for when name for metric value is absent (#31257) * LibraryPanels: Deletes library panels during folder deletion (#31572) * chore: bump lodash to 4.17.21 (#31549) * Elasticsearch: Fix impossibility to perform non-logs queries after importing queries from loki or prometheus in explore (#31518) * TestData: Fixes never ending annotations scenario (#31573) * CloudWatch: Added AWS Network Firewall metrics and dimensions (#31498) * propagate plugin unavailable message to UI (#31560) * ConfirmButton: updates story from knobs to controls (#31476) * Loki: Refactor line limit to use grafana/ui component (#31509) * LibraryPanels: Adds folder checks and permissions (#31473) * Add guide on custom option editors (#31254) * PieChart: Update text color and minor changes (#31546) * Grafana-data: bump markedjs to v2.x to resolve vulnerability (#31036) * Chore(deps): Bump google.golang.org/api from 0.39.0 to 0.40.0 (#31210) * PieChart: Improve piechart legend and options (#31446) * Chore(deps): Bump google.golang.org/grpc from 1.35.0 to 1.36.0 (#31541) * Chore(deps): Bump github.com/aws/aws-sdk-go from 1.37.7 to 1.37.20 (#31538) * Chore(deps): Bump github.com/prometheus/common from 0.17.0 to 0.18.0 (#31539) * Add multiselect options ui (#31501) * Profile: Fixes profile preferences being accessible when anonymous access was enabled (#31516) * Variables: Fixes error with: cannot read property length of undefined (#31458) * Explore: Show ANSI colored logs in logs context (#31510) * LogsPanel: Show all received logs (#31505) * AddPanel: Design polish (#31484) * TimeSeriesPanel: Remove unnecessary margin from legend (#31467) * influxdb: flux: handle is-hidden (#31324) * Graph: Fix tooltip not showing when close to the edge of viewport (#31493) * FolderPicker: Remove useNewForms from FolderPicker (#31485) * Add reportVariables feature toggle (#31469) * Grafana datasource: support multiple targets (#31495) * Update license-restrictions.md (#31488) * Docs: Derived fields links in logs detail view (#31482) * Docs: Add new data source links to Enterprise page (#31480) * Convert annotations to dataframes (#31400) * ReleaseNotes: Updated changelog and release notes for v7.4.2 (#31475) * GrafanaUI: Fixes typescript error for missing css prop (#31479) * Login: handle custom token creation error messages (#31283) * Library Panels: Don't list current panel in available panels list (#31472) * DashboardSettings: Migrate Link Settings to React (#31150) * Frontend changes for library panels feature (#30653) * Alerting notifier SensuGo: improvements in default message (#31428) * AppPlugins: Options to disable showing config page in nav (#31354) * add aws config (#31464) * Heatmap: Fix missing/wrong value in heatmap legend (#31430) * Chore: Fixes small typos (#31461) * Graphite/SSE: update graphite to work with server side expressions (#31455) * update the lastest version to 7.4.3 (#31457) * ReleaseNotes: Updated changelog and release notes for 7.4.3 (#31454) * AWS: Add aws plugin configuration (#31312) * Revert ""Release: Updated versions in package to 7.4.3" (#31444)" (#31452) * Remove UserSyncInfo.tsx (#31450) * Elasticsearch: Add word highlighting to search results (#30293) * Chore: Fix eslint react hook warnings in grafana-ui (#31092) * CloudWatch: Make it possible to specify custom api endpoint (#31402) * Chore: fixed incorrect naming for disable settings (#31448) * TraceViewer: Fix show log marker in spanbar (#30742) * LibraryPanels: Adds permissions to getAllHandler (#31416) * NamedColorsPalette: updates story from knobs to controls (#31443) * "Release: Updated versions in package to 7.4.3" (#31444) * ColorPicker: updates story from knobs to controls (#31429) * Streaming: Fixes an issue with time series panel and streaming data source when scrolling back from being out of view (#31431) * ClipboardButton: updates story from knobs to controls (#31422) * we should never log unhashed tokens (#31432) * CI: Upgrade Dockerfiles wrt. Go, Node, Debian (#31407) * Elasticsearch: Fix query initialization logic & query transformation from Promethous/Loki (#31322) * Postgres: allow providing TLS/SSL certificates as text in addition to file paths (#30353) * CloudWatch: Added AWS Ground Station metrics and dimensions (#31362) * TraceViewer: Fix trace to logs icon to show in right pane (#31414) * add hg team as migrations code owners (#31420) * Remove tidy-check script (#31423) * InfluxDB: handle columns named "table" (#30985) * Prometheus: Use configured HTTP method for /series and /labels endpoints (#31401) * Devenv: Add gdev-influxdb2 data source (#31250) * Update grabpl from 0.5.38 to 0.5.42 version (#31419) * Move NOOP_CONTROL to storybook utils and change to a standalone file (#31421) * remove squadcast details from docs (#31413) * Add new Cloudwatch AWS/DDoSProtection metrics and dimensions (#31297) * Logging: add frontend logging helpers to @grafana/runtime package (#30482) * CallToActionCard: updates story from knobs to controls (#31393) * Add eu-south-1 cloudwatch region, closes #31197 (#31198) * Chore: Upgrade eslint packages (#31408) * Cascader: updates story from knobs to controls (#31399) * addressed issues 28763 and 30314. (#31404) * Added section Query a time series database by id (#31337) * Prometheus: Change default httpMethod for new instances to POST (#31292) * Data source list: Use Card component (#31326) * Chore: Remove gotest.tools dependency (#31391) * Revert "StoryBook: Introduces Grafana Controls (#31351)" (#31388) * Chore(deps): Bump github.com/prometheus/common from 0.15.0 to 0.17.0 (#31387) * AdHocVariables: Fixes crash when values are stored as numbers (#31382) * Chore(deps): Bump github.com/golang/mock from 1.4.4 to 1.5.0 (#31379) * Chore: Fix strict errors, down to 416 (#31365) * Chore(deps): Bump github.com/getsentry/sentry-go from 0.9.0 to 0.10.0 (#31378) * StoryBook: Introduces Grafana Controls (#31351) * ReleaseNotes: Updated changelog and release notes for 7.4.2 (#31313) * Theming: Support for runtime theme switching and hooks for custom themes (#31301) * Devenv: Remove old-versioned loki blocks and update prometheus2 block (#31282) * Zipkin: Show success on test data source (#30829) * Update grot template (needs more info) (#31350) * DatasourceSrv: Fix instance retrieval when datasource variable value set to "default" (#31347) * TimeSeriesPanel: Fixes overlapping time axis ticks (#31332) * Grafana/UI: Add basic legend to the PieChart (#31278) * SAML: single logout only enabled in enterprise (#31325) * QueryEditor: handle query.hide changes in angular based query-editors (#31336) * DashboardLinks: Fixes another issue where dashboard links cause full page reload (#31334) * LibraryPanels: Syncs panel title with name (#31311) * Chore: Upgrade golangci-lint (#31330) * Add info to docs about concurrent session limits (#31333) * Table: Fixes issue with fixed min and auto max with bar gauge cell (#31316) * BarGuage: updates story from knobs to controls (#31223) * Docs: Clarifies how to add Key/Value pairs (#31303) * Usagestats: Exclude folders from total dashboard count (#31320) * ButtonCascader: updates story from knobs to controls (#31288) * test: allow check for Table as well as Graph for Explore e2e flow (#31290) * Grafana-UI: Update tooltip type (#31310) * fix 7.4.2 release note (#31299) * Add `--tries 3` arg when triggering e2e-tests upon releasing (#31285) * Chore: reduce strict errors for variables (#31241) * update latest release version (#31296) * ReleaseNotes: Updated changelog and release notes for 7.4.2 (#31291) * Correct name of Discord notifier tests (#31277) * Docs: Clarifies custom date formats for variables (#31271) * BigValue: updates story from knobs to controls (#31240) * Docs: Annotations update (#31194) * Introduce functions for interacting with library panels API (#30993) * Search: display sort metadata (#31167) * Folders: Editors should be able to edit name and delete folders (#31242) * Make Datetime local (No date if today) working (#31274) * UsageStats: Purpose named variables (#31264) * Snapshots: Disallow anonymous user to create snapshots (#31263) * only update usagestats every 30min (#31131) * Chore: grafana-toolkit uses grafana-ui and grafana-data workspaces (#30701) * Grafana-UI: Add id to Select to make it easier to test (#31230) * Prometheus: Fix enabling of disabled queries when editing in dashboard (#31055) * UI/Card: Fix handling of 'onClick' callback (#31225) * Loki: Add line limit for annotations (#31183) * Remove deprecated and breaking loki config field (#31227) * SqlDataSources: Fixes the Show Generated SQL button in query editors (#31236) * LibraryPanels: Disconnect before connect during dashboard save (#31235) * Disable Change Password for OAuth users (#27886) * TagsInput: Design update and component refactor (#31163) * Variables: Adds back default option for data source variable (#31208) * IPv6: Support host address configured with enclosing square brackets (#31226) * Postgres: Fix timeGroup macro converts long intervals to invalid numbers when TimescaleDB is enabled (#31179) * GraphNG: refactor core to class component (#30941) * Remove last synchronisation field from LDAP debug view (#30984) * Chore: Upgrade grafana-plugin-sdk-go to v0.88.0 (#30975) * Graph: Make axes unit option work even when field option unit is set (#31205) * AlertingNG: Test definition (#30886) * Docs: Update Influx config options (#31146) * WIP: Skip this call when we skip migrations (#31216) * use 0.1.0 (#31215) * DataSourceSrv: Filter out non queryable data sources by default (#31144) * QueryEditors: Fixes issue that happens after moving queries then editing would update other queries (#31193) * Chore: report eslint no-explicit-any errors to metrics (#31182) * Chore(deps): Bump cloud.google.com/go/storage from 1.12.0 to 1.13.0 (#31211) * Chore(deps): Bump xorm.io/xorm from 0.8.1 to 0.8.2 (#30773) * Alerting: Fix modal text for deleting obsolete notifier (#31171) * Chore(deps): Bump github.com/linkedin/goavro/v2 from 2.9.7 to 2.10.0 (#31204) * Variables: Fixes missing empty elements from regex filters (#31156) * StatPanels: Fixes to palette color scheme is not cleared when loading panel (#31126) * Fixed the typo. (#31189) * Docs: Rewrite preferences docs (#31154) * Explore/Refactor: Simplify URL handling (#29173) * DashboardLinks: Fixes links always cause full page reload (#31178) * Replace PR with Commit truncated hash when build fails (#31177) * Alert: update story to use controls (#31145) * Permissions: Fix team and role permissions on folders/dashboards not displayed for non Grafana Admin users (#31132) * CloudWatch: Ensure empty query row errors are not passed to the panel (#31172) * Update prometheus.md (#31173) * Variables: Extend option pickers to accept custom onChange callback (#30913) * Prometheus: Multiply exemplars timestamp to follow api change (#31143) * DashboardListPanel: Fixes issue with folder picker always showing All and using old form styles (#31160) * Add author name and pr number in drone pipeline notifications (#31124) * Prometheus: Add documentation for ad-hoc filters (#31122) * DataSourceSettings: Fixes add header button, it should not trigger a save & test action (#31135) * Alerting: Fix so that sending an alert with the Alertmanager notifier doesn't fail when one of multiple configured URL's are down (#31079) * Chore: Update latest.json (#31139) * Docs: add 7.4.1 relese notes link (#31137) * PieChart: Progress on new core pie chart (#28020) * ReleaseNotes: Updated changelog and release notes for 7.4.1 (#31133) * Eslint: no-duplicate-imports rule (bump grafana-eslint-config) (#30989) * Transforms: Fixes Outer join issue with duplicate field names not getting the same unique field names as before (#31121) * MuxWriter: Handle error for already closed file (#31119) * Logging: sourcemap transform asset urls from CDN in logged stacktraces (#31115) * Search: add sort information in dashboard results (#30609) * area/grafana/e2e: ginstall should pull version specified (#31056) * Exemplars: Change CTA style (#30880) * Influx: Make max series limit configurable and show the limiting message if applied (#31025) * Docs: request security (#30937) * update configurePanel for 7.4.0 changes (#31093) * Elasticsearch: fix log row context erroring out (#31088) * Prometheus: Fix issues with ad-hoc filters (#30931) * LogsPanel: Add deduplication option for logs (#31019) * Drone: Make sure CDN upload is ok before pushing docker images (#31075) * PluginManager: Remove some global state (#31081) * test: update addDashboard flow for v7.4.0 changes (#31059) * Transformations: Fixed typo in FilterByValue transformer description. (#31078) * Docs: Group id should be 0 instead of 1 in Docker upgrade notes (#31074) * Usage stats: Adds source/distributor setting (#31039) * CDN: Add CDN upload step to enterprise and release pipelines (#31058) * Chore: Replace native select with grafana ui select (#31030) * Docs: Update json-model.md (#31066) * Docs: Update whats-new-in-v7-4.md (#31069) * Added hyperlinks to Graphite documentation (#31064) * DashboardSettings: Update to new form styles (#31022) * CDN: Fixing drone CI config (#31052) * convert path to posix by default (#31045) * DashboardLinks: Fixes crash when link has no title (#31008) * Alerting: Fixes so notification channels are properly deleted (#31040) * Explore: Remove emotion error when displaying logs (#31026) * Elasticsearch: Fix alias field value not being shown in query editor (#30992) * CDN: Adds uppload to CDN step to drone CI (#30879) * Improved glossary (#31004) * BarGauge: Improvements to value sizing and table inner width calculations (#30990) * Drone: Fix deployment image (#31027) * ColorPicker: migrated styles from sass to emotion (#30909) * Dashboard: Migrate general settings to react (#30914) * Chore(deps): Bump github.com/jung-kurt/gofpdf from 1.10.1 to 1.16.2 (#30586) * Chore(deps): Bump github.com/aws/aws-sdk-go from 1.36.31 to 1.37.7 (#31018) * Prometheus: Min step defaults to seconds when no unit is set to prevent errors when running alerts. (#30966) * Chore(deps): Bump github.com/magefile/mage from 1.10.0 to 1.11.0 (#31017) * Chore(deps): Bump github.com/grpc-ecosystem/go-grpc-middleware (#31013) * Graph: Fixes so graph is shown for non numeric time values (#30972) * CloudMonitoring: Prevent resource type variable function from crashing (#30901) * Chore(deps): Bump google.golang.org/api from 0.33.0 to 0.39.0 (#30971) * Build: Releases e2e and e2e-selectors too (#31006) * TextPanel: Fixes so panel title is updated when variables change (#30884) * Docs: Update configuration.md (login_maximum_inactive_lifetime_duration, login_maximum_lifetime_duration) (#31000) * instrumentation: make the first database histogram bucket smaller (#30995) * Grafana/UI: Remove DismissableFeatureInfoBox and replace with LocalSt??? (#30988) * StatPanel: Fixes issue formatting date values using unit option (#30979) * Chore(deps): Bump actions/cache from v2 to v2.1.4 (#30973) * Units: Fixes formatting of duration units (#30982) * Elasticsearch: Show Size setting for raw_data metric (#30980) * Alerts: Dedupe alerts so that we do not fill the screen with the same alert messsage (#30935) * make sure service and slo display name is passed to segment comp (#30900) * assign changes in cloud datasources to the new cloud datasources team (#30645) * Table: Updates devenv test dashboard after change to TestData Randrom Table response (#30927) * Theme: Use higher order theme color variables rather then is light/dark logic (#30939) * Docs: Add alias for what's new in 7.4 (#30945) * e2e: extends selector factory to plugins (#30932) * Chore: Upgrade docker build image (#30820) * Docs: updated developer guide (#29978) * Alerts: Update Alert storybook to show more states (#30908) * Variables: Adds queryparam formatting option (#30858) * Chore: pad unknown values with undefined (#30808) * Transformers: add search to transform selection (#30854) * Exemplars: change api to reflect latest changes (#30910) * docs: use selinux relabelling on docker containers (#27685) * Docs: Fix bad image path for alert notification template (#30911) * Make value mappings correctly interpret numeric-like strings (#30893) * Chore: Update latest.json (#30905) * Docs: Update whats-new-in-v7-4.md (#30882) * Dashboard: Ignore changes to dashboard when the user session expires (#30897) * ReleaseNotes: Updated changelog and release notes for 7.4.0 (#30902) * test: add support for timeout to be passed in for addDatasource (#30736) * increase page size and make sure the cache supports query params (#30892) * DataSourceSettings: Adds info box and link to Grafana Cloud (#30891) * OAuth: custom username docs (#28400) * Panels: Remove value mapping of values that have been formatted #26763 (#30868) * Alerting: Fixes alert panel header icon not showing (#30840) * AlertingNG: Edit Alert Definition (#30676) * Logging: sourcemap support for frontend stacktraces (#30590) * Added "Restart Grafana" topic. (#30844) * Docs: Org, Team, and User Admin (#30756) * bump grabpl version to 0.5.36 (#30874) * Plugins: Requests validator (#30445) * Docs: Update whats-new-in-v7-4.md (#30876) * Docs: Add server view folder (#30849) * Fixed image name and path (#30871) * Grafana-ui: fixes closing modals with escape key (#30745) * InfluxDB: Add http configuration when selecting InfluxDB v2 flavor (#30827) * TestData: Fixes issue with for ever loading state when all queries are hidden (#30861) * Chart/Tooltip: refactored style declaration (#30824) * ReleaseNotes: Updated changelog and release notes for 7.4.0-beta1 (#30853) * Grafana-ui: fixes no data message in Table component (#30821) * grafana/ui: Update pagination component for large number of pages (#30151) * Alerting: Customise OK notification priorities for Pushover notifier (#30169) * DashboardLinks: Support variable expression in to tooltip - Issue #30409 (#30569) * Chore: Remove panelTime.html, closes #30097 (#30842) * Docs: Time series panel, bar alignment docs (#30780) * Chore: add more docs annotations (#30847) * Transforms: allow boolean in field calculations (#30802) * Prometheus: Add tooltip to explain possibility to use patterns in text and title fields in annotations (#30825) * Update prometheus.md with image link fix (#30833) * BarChart: inside-align strokes, upgrade uPlot to 1.6.4. (#30806) * Update license-expiration.md (#30839) * Explore rewrite (#30804) * Prometheus: Set type of labels to string (#30831) * GrafanaUI: Add a way to persistently close InfoBox (#30716) * Fix typo in transformer registry (#30712) * Elasticsearch: Display errors with text responses (#30122) * CDN: Fixes cdn path when Grafana is under sub path (#30822) * TraceViewer: Fix lazy loading (#30700) * FormField: migrated sass styling to emotion (#30392) * AlertingNG: change API permissions (#30781) * Variables: Clears drop down state when leaving dashboard (#30810) * Grafana-UI: Add story/docs for ErrorBoundary (#30304) * Add missing callback dependency (#30797) * PanelLibrary: Adds library panel meta information to dashboard json (#30770) * Chore(deps): Bump gonum.org/v1/gonum from 0.6.0 to 0.8.2 (#30343) * Chore(deps): Bump gopkg.in/yaml.v2 from 2.3.0 to 2.4.0 (#30771) * GraphNG: improve behavior when switching between solid/dash/dots (#30796) * Chore(deps): Bump github.com/hashicorp/go-hclog from 0.14.1 to 0.15.0 (#30778) * Add width for Variable Editors (#30791) * Chore: Remove warning when calling resource (#30752) * Auth: Use SigV4 lib from grafana-aws-sdk (#30713) * Panels: Fixes so panels are refreshed when scrolling past them fast (#30784) * GraphNG: add bar alignment option (#30499) * Expressions: Measure total transformation requests and elapsed time (#30514) * Menu: Mark menu components as internal (#30740) * TableInputCSV: migrated styles from sass to emotion (#30554) * CDN: Fix passing correct prefix to GetContentDeliveryURL (#30777) * Chore(deps): Bump gopkg.in/ini.v1 from 1.57.0 to 1.62.0 (#30772) * CDN: Adds support for serving assets over a CDN (#30691) * PanelEdit: Trigger refresh when changing data source (#30744) * Chore: remove __debug_bin (#30725) * BarChart: add alpha bar chart panel (#30323) * Docs: Time series panel (#30690) * Backend Plugins: Convert test data source to use SDK contracts (#29916) * Docs: Update whats-new-in-v7-4.md (#30747) * Add link to Elasticsearch docs. (#30748) * Mobile: Fixes issue scrolling on mobile in chrome (#30746) * TagsInput: Make placeholder configurable (#30718) * Docs: Add config settings for fonts in reporting (#30421) * Add menu.yaml to .gitignore (#30743) * bump cypress to 6.3.0 (#30644) * Datasource: Use json-iterator configuration compatible with standard library (#30732) * AlertingNG: Update UX to use new PageToolbar component (#30680) * Docs: Add usage insights export feature (#30376) * skip symlinks to directories when generating plugin manifest (#30721) * PluginCiE2E: Upgrade base images (#30696) * Variables: Fixes so text format will show All instead of custom all (#30730) * PanelLibrary: better handling of deleted panels (#30709) * Added section "Curated dashboards for Google Cloud Monitoring" for 7.4 What's New (#30724) * Added "curated dashboards" information and broke down, rearranged topics. (#30659) * Transform: improve the "outer join" performance/behavior (#30407) * Add alt text to plugin logos (#30710) * Deleted menu.yaml file (#30717) * Dashboard: Top Share URL icon should share panel URL when on viewPanel page (#30000) * Added entry for web server. (#30715) * DashboardPicker: switch to promise-based debounce, return dashboard UID (#30706) * Use connected GraphNG in Explore (#30707) * Fix documentation for streaming data sources (#30704) * PanelLibrary: changes casing of responses and adds meta property (#30668) * Influx: Show all datapoints for dynamically windowed flux query (#30688) * Trace: trace to logs design update (#30637) * DeployImage: Switch base images to Debian (#30684) * Chore: remove CSP debug logging line (#30689) * Docs: 7.4 documentation for expressions (#30524) * PanelEdit: Get rid of last remaining usage of navbar-button (#30682) * Grafana-UI: Fix setting default value for MultiSelect (#30671) * CustomScrollbar: migrated styles from sass to emotion (#30506) * DashboardSettings & PanelEdit: Use new PageToolbar (#30675) * Explore: Fix jumpy live tailing (#30650) * ci(npm-publish): add missing github package token to env vars (#30665) * PageToolbar: Extracting navbar styles & layout into a modern emotion based component (#30588) * AlertingNG: pause/unpause definitions via the API (#30627) * Docs: Refer to product docs in whats new for alerting templating feature (#30652) * ReleaseNotes: Updated changelog and release notes for 7.4.0-beta1 (#30666) * Variables: Fixes display value when using capture groups in regex (#30636) * Docs: Update _index.md (#30655) * Docs: Auditing updates (#30433) * Docs: add hidden_users configuration field (#30435) * Docs: Define TLS/SSL terminology (#30533) * Docs: Fix expressions enabled description (#30589) * Docs: Update ES screenshots (#30598) * Licensing Docs: Adding license restrictions docs (#30216) * Update documentation-style-guide.md (#30611) * Docs: Update queries.md (#30616) * chore(grafana-ui): bump storybook to 6.1.15 (#30642) * DashboardSettings: fixes vertical scrolling (#30640) * Usage Stats: Remove unused method for getting user stats (#30074) * Grafana/UI: Unit picker should not set a category as unit (#30638) * Graph: Fixes auto decimals issue in legend and tooltip (#30628) * AlertingNG: List saved Alert definitions in Alert Rule list (#30603) * chore: bump redux toolkit to 1.5.0 for immer 8.0.1 vulnerability fix (#30605) * Grafana/UI: Add disable prop to Segment (#30539) * Variables: Fixes so queries work for numbers values too (#30602) * Admin: Fixes so form values are filled in from backend (#30544) * Docs: Add new override info and add whats new 7.4 links (#30615) * TestData: Improve what's new in v7.4 (#30612) * Docs: Update 7.4 What's New to use more correct description of alerting notification template feature (#30502) * NodeGraph: Add docs (#30504) * Loki: Improve live tailing errors and fix Explore's logs container type errors (#30517) * TimeRangePicker: Updates components to use new ToolbarButton & ButtonGroup (#30570) * Update styling.md guide (#30594) * TestData: Adding what's new in v7.4 to the devenv dashboards (#30568) * Chore(deps): Bump github.com/aws/aws-sdk-go from 1.35.5 to 1.36.31 (#30583) * Chore(deps): Bump github.com/prometheus/client_golang (#30585) * Chore(deps): Bump gopkg.in/macaron.v1 from 1.3.9 to 1.4.0 (#30587) * Chore(deps): Bump github.com/google/uuid from 1.1.5 to 1.2.0 (#30584) * Explore: Fix logs hover state so that it is visible and in dark mode & simply hover code (#30572) * RefreshPicker: Fixes so valid intervals in url are visible in RefreshPicker (#30474) * Add documentation for Exemplars (#30317) * OldGraph: Fix height issue in Firefox (#30565) * XY Chart: fix editor error with empty frame (no fields) (#30573) * ButtonSelect & RefreshPicker: Rewrite of components to use new emotion based ToolbarButton & Menu (#30510) * XY Chart: share legend config with timeseries (#30559) * configuration.md: Document Content Security Policy options (#30413) * DataFrame: cache frame/field index in field state (#30529) * List + before -; rm old Git ref; reformat. (#30543) * Expressions: Add option to disable feature (#30541) * Explore: Fix loading visualisation on the top of the new time series panel (#30553) * Prometheus: Fix show query instead of Value if no __name__ and metric (#30511) * Decimals: Big Improvements to auto decimals and fixes to auto decimals bug found in 7.4-beta1 (#30519) * Postgres: Convert tests to stdlib (#30536) * Storybook: Migrate card story to use controls (#30535) * AlertingNG: Enable UI to Save Alert Definitions (#30394) * Postgres: Be consistent about TLS/SSL terminology (#30532) * Loki: Append refId to logs uid (#30418) * Postgres: Fix indentation (#30531) * GraphNG: uPlot 1.6.3 (fix bands not filling below 0). close #30523. (#30527) * updates for e2e docker image (#30465) * GraphNG: uPlot 1.6.2 (#30521) * Docs: Update whats-new-in-v7-4.md (#30520) * Prettier: ignore build and devenv dirs (#30501) * Chore: Upgrade grabpl version (#30486) * Explore: Update styling of buttons (#30493) * Cloud Monitoring: Fix legend naming with display name override (#30440) * GraphNG: Disable Plot logging by default (#30390) * Admin: Fixes so whole org drop down is visible when adding users to org (#30481) * Docs: include Makefile option for local assets (#30455) * Footer: Fixes layout issue in footer (#30443) * TimeSeriesPanel: Fixed default value for gradientMode (#30484) * Docs: fix typo in what's new doc (#30489) * Chore: adds wait to e2e test (#30488) * chore: update packages dependent on dot-prop to fix security vulnerability (#30432) * Dashboard: Remove Icon and change copy -> Copy to clipboard in the share embedded panel modal (#30480) * Chore: fix spelling mistake (#30473) * Chore: Restrict internal imports from other packages (#30453) * Docs: What's new fixes and improvements (#30469) * Timeseries: only migrage point size when configured (#30461) * Alerting: Hides threshold handle for percentual thresholds (#30431) * Graph: Fixes so only users with correct permissions can add annotations (#30419) * Chore: update latest version to 7.4.0-beta1 (#30452) * Docs: Add whats new 7.4 links (#30463) * Update whats-new-in-v7-4.md (#30460) * docs: 7.4 what's new (Add expressions note) (#30446) * Chore: Upgrade build pipeline tool (#30456) * PanelModel: Make sure the angular options are passed to react panel type changed handler (#30441) * Expressions: Fix button icon (#30444) * ReleaseNotes: Updated changelog and release notes for 7.4.0-beta1 (#30449) * Docs: Fix img link for alert notification template (#30436) * grafana/ui: Fix internal import from grafana/data (#30439) * prevent field config from being overwritten (#30437) * PanelOptions: Refactoring applying panel and field options out of PanelModel and add property clean up for properties not in field config registry (#30389) * Dashboard: Remove template variables option from ShareModal (#30395) * Added doc content for variables inspector code change by Hugo (#30408) * Docs: update license expiration behavior for reporting (#30420) * Chore: use old version format in package.json (#30430) * Chore: upgrade NPM security vulnerabilities (#30397) * "Release: Updated versions in package to 7.5.0-pre.0" (#30428) * contribute: Add backend and configuration guidelines for PRs (#30426) * Chore: Update what's new URL (#30424) - Update to version 7.4.5 * Security: Fix API permissions issues related to team-sync CVE-2021-28146, CVE-2021-28147. (Enterprise) * Security: Usage insights requires signed in users CVE-2021-28148. (Enterprise) * Security: Do not allow editors to incorrectly bypass permissions on the default data source. CVE-2021-27962. (Enterprise) koan: - Readding the requires for runtime dependencies on python3-netifaces and python3-distro (bsc#1191448) - Only recommend virt-install to unbreak scenarios where it is not available in the enabled modules of the system - Updated to Koan 3.0.1 https://github.com/cobbler/koan/releases/tag/v3.0.1 - The xend functionallity is not expected to work since this the underying tool was removed: https://github.com/cobbler/koan/issues/73 - Python 2 compability was fully removed - Add support for EFI reinstallation of a client (bsc#1170823) - Removed patches (all named are being part of upstream or redundant) mgr-cfg: - Version 4.3.2-1 * Remove unused legacy code - Version 4.3.1-1 - Bump version to 4.3.0 mgr-custom-info: - Version 4.3.2-1 * Remove unused legacy code - Version 4.3.1-1 - Bump version to 4.3.0 mgr-daemon: - Version 4.3.2-1 * Update translation strings - Version 4.3.1-1 - Bump version to 4.3.0 mgr-osad: - Version 4.3.2-1 * Removed spacewalk-selinux dependencies. * Updated source url. - Version 4.3.1-1 - Bump version to 4.3.0 mgr-push: - Version 4.3.1-1 - Bump version to 4.3.0 mgr-virtualization: - Version 4.3.1-1 - Bump version to 4.3.0 python-contextvars: - Provide version 2.4 python-immutables: - Provide version 0.11 rhnlib: - Version 4.3.1-1 - Bump version to 4.3.0 salt: - Simplify "transactional_update" module to not use SSH wrapper and allow more flexible execution - Add "--no-return-event" option to salt-call to prevent sending return event back to master. - Make "state.highstate" to acts on concurrent flag. - Fix print regression for yumnotify plugin - Use dnfnotify instead yumnotify for relevant distros - Dnfnotify pkgset plugin implementation - Add rpm_vercmp python library support for version comparison - Prevent pkg plugins errors on missing cookie path (bsc#1186738) - Fix ip6_interface grain to not leak secondary IPv4 aliases (bsc#1191412) - Make "salt-api" package to require python3-cherrypy on RHEL systems - Make "tar" as required for "salt-transactional-update" package - Fix issues with salt-ssh's extra-filerefs - Fix crash when calling manage.not_alive runners - Do not consider skipped targets as failed for ansible.playbooks state (bsc#1190446) - Do not break master_tops for minion with version lower to 3003 - Support querying for JSON data in external sql pillar - Update to Salt release version 3003.3 - See release notes: https://docs.saltstack.com/en/latest/topics/releases/3003.3.html - Exclude the full path of a download URL to prevent injection of malicious code (bsc#1190265) (CVE-2021-21996) - Fix wrong relative paths resolution with Jinja renderer when importing subdirectories - Don't pass shell="/sbin/nologin" to onlyif/unless checks (bsc#1188259) - Add missing aarch64 to rpm package architectures - Backport of upstream PR#59492 - Fix failing unit test for systemd - Fix error handling in openscap module (bsc#1188647) - Better handling of bad public keys from minions (bsc#1189040) - Define license macro as doc in spec file if not existing - Add standalone formulas configuration for salt minion and remove salt-master requirement (bsc#1168327) - Do noop for services states when running systemd in offline mode (bsc#1187787) - Transactional_updates: do not execute states in parallel but use a queue (bsc#1188170) - Handle "master tops" data when states are applied by "transactional_update" (bsc#1187787) - Enhance openscap module: add "xccdf_eval" call - Virt: pass emulator when getting domain capabilities from libvirt - Adding preliminary support for Rocky Linux - Implementation of held/unheld functions for state pkg (bsc#1187813) - Replace deprecated Thread.isAlive() with Thread.is_alive() - Fix exception in yumpkg.remove for not installed package - Fix save for iptables state module (bsc#1185131) - Virt: use /dev/kvm to detect KVM - Zypperpkg: improve logic for handling vendorchange flags - Add bundled provides for tornado to the spec file - Enhance logging when inotify beacon is missing pyinotify (bsc#1186310) - Add "python3-pyinotify" as a recommended package for Salt in SUSE/openSUSE distros - Fix tmpfiles.d configuration for salt to not use legacy paths (bsc#1173103) - Detect Python version to use inside container (bsc#1167586) (bsc#1164192) - Handle volumes on stopped pools in virt.vm_info (bsc#1186287) - Grains.extra: support old non-intel kernels (bsc#1180650) - Fix missing minion returns in batch mode (bsc#1184659) - Parsing Epoch out of version provided during pkg remove (bsc#1173692) - Check if dpkgnotify is executable (bsc#1186674) - Update to Salt release version 3002.2 (jsc#ECO-3212) (jsc#SLE-18033) - Add subpackage salt-transactional-update (jsc#SLE-18028) spacecmd: - Version 4.3.4-1 * Update translation strings - Version 4.3.3-1 * Improved event history listing and added new system_eventdetails command to retrieve the details of an event * configchannel_updatefile handles directory properly (bsc#1190512) - Version 4.3.2-1 * Add schedule_archivecompleted to mass archive actions (bsc#1181223) * Make schedule_deletearchived to get all actions without display limit * Allow passing a date limit for schedule_deletearchived on spacecmd (bsc#1181223) * Remove whoami from the list of unauthenticated commands (bsc#1188977) - Version 4.3.1-1 - Use correct API endpoint in list_proxies (bsc#1188042) - Add schedule_deletearchived to bulk delete archived actions (bsc#1181223) - Make spacecmd aware of retracted patches/packages - Version 4.2.10-1 - Enhance help for installation types when creating distributions (bsc#1186581) - Version 4.2.9-1 - Parse empty argument when nothing in between the separator spacewalk-client-tools: - Version 4.3.4-1 * Update translation strings - Version 4.3.3-1 * Remove unused legacy code - Version 4.3.2-1 - Version 4.3.1-1 - Bump version to 4.3.0 - Version 4.2.11-1 - Update translation strings spacewalk-koan: - Version 4.3.1-1 - Fix for spacewalk-koan tests after switching to the new Docker images spacewalk-oscap: - Version 4.3.1-1 - Bump version to 4.3.0 spacewalk-remote-utils: - Version 4.3.1-1 - Bump version to 4.3.0 supportutils-plugin-susemanager-client: - Version 4.3.1-1 - Bump version to 4.3.0 suseRegisterInfo: - Version 4.3.1-1 - Bump version to 4.3.0 uyuni-common-libs: - Version 4.3.1-1 - Handle broken RPM packages to prevent exceptions causing fails on repository synchronization (bsc#1186650) - Version 4.2.4-1 - Maintainer field in debian packages are only recommended (bsc#1186508) zypp-plugin-spacewalk: - 1.0.10 * Use proxy configured in up2date config when it is defined - Added RHEL8 build. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 15-BETA: zypper in -t patch SUSE-SLE-Manager-Tools-15-BETA-2021-3908=1 Package List: - SUSE Manager Tools 15-BETA (aarch64 ppc64le s390x x86_64): golang-github-prometheus-prometheus-2.27.1-6.21.2 grafana-7.5.7-4.15.3 prometheus-blackbox_exporter-0.19.0-3.3.2 prometheus-blackbox_exporter-debuginfo-0.19.0-3.3.2 python-immutables-debugsource-0.11-3.3.1 python3-immutables-0.11-3.3.1 python3-immutables-debuginfo-0.11-3.3.1 python3-salt-3003.3-8.44.1 python3-uyuni-common-libs-4.3.1-3.21.2 salt-3003.3-8.44.1 salt-cloud-3003.3-8.44.1 salt-doc-3003.3-8.44.1 salt-master-3003.3-8.44.1 salt-minion-3003.3-8.44.1 salt-proxy-3003.3-8.44.1 salt-ssh-3003.3-8.44.1 salt-standalone-formulas-configuration-3003.3-8.44.1 - SUSE Manager Tools 15-BETA (noarch): dracut-saltboot-0.1.1628156312.dbd0dec-3.27.1 hwdata-0.334-6.5.1 koan-3.0.1-7.12.1 mgr-cfg-4.3.2-4.15.1 mgr-cfg-actions-4.3.2-4.15.1 mgr-cfg-client-4.3.2-4.15.1 mgr-cfg-management-4.3.2-4.15.1 mgr-custom-info-4.3.2-4.9.1 mgr-daemon-4.3.2-4.15.2 mgr-osad-4.3.2-4.18.2 mgr-push-4.3.1-4.9.3 mgr-virtualization-host-4.3.1-4.9.3 python3-contextvars-2.4-3.3.1 python3-hwdata-2.3.5-5.7.1 python3-jabberpy-0.5-5.5.1 python3-mgr-cfg-4.3.2-4.15.1 python3-mgr-cfg-actions-4.3.2-4.15.1 python3-mgr-cfg-client-4.3.2-4.15.1 python3-mgr-cfg-management-4.3.2-4.15.1 python3-mgr-osa-common-4.3.2-4.18.2 python3-mgr-osad-4.3.2-4.18.2 python3-mgr-push-4.3.1-4.9.3 python3-mgr-virtualization-common-4.3.1-4.9.3 python3-mgr-virtualization-host-4.3.1-4.9.3 python3-rhnlib-4.3.1-6.18.2 python3-spacewalk-check-4.3.4-6.33.3 python3-spacewalk-client-setup-4.3.4-6.33.3 python3-spacewalk-client-tools-4.3.4-6.33.3 python3-spacewalk-koan-4.3.1-6.9.2 python3-spacewalk-oscap-4.3.1-6.9.2 python3-suseRegisterInfo-4.3.1-6.15.2 python3-zypp-plugin-spacewalk-1.0.10-6.15.1 salt-bash-completion-3003.3-8.44.1 salt-fish-completion-3003.3-8.44.1 salt-zsh-completion-3003.3-8.44.1 spacecmd-4.3.4-6.27.1 spacewalk-check-4.3.4-6.33.3 spacewalk-client-setup-4.3.4-6.33.3 spacewalk-client-tools-4.3.4-6.33.3 spacewalk-koan-4.3.1-6.9.2 spacewalk-oscap-4.3.1-6.9.2 spacewalk-remote-utils-4.3.1-6.9.2 supportutils-plugin-susemanager-client-4.3.1-6.12.2 suseRegisterInfo-4.3.1-6.15.2 system-user-grafana-1.0.0-3.5.1 system-user-prometheus-1.0.0-3.5.1 zypp-plugin-spacewalk-1.0.10-6.15.1 References: https://www.suse.com/security/cve/CVE-2021-21996.html https://www.suse.com/security/cve/CVE-2021-27962.html https://www.suse.com/security/cve/CVE-2021-28146.html https://www.suse.com/security/cve/CVE-2021-28147.html https://www.suse.com/security/cve/CVE-2021-28148.html https://www.suse.com/security/cve/CVE-2021-29622.html https://bugzilla.suse.com/1164192 https://bugzilla.suse.com/1167586 https://bugzilla.suse.com/1168327 https://bugzilla.suse.com/1170823 https://bugzilla.suse.com/1173103 https://bugzilla.suse.com/1173692 https://bugzilla.suse.com/1175478 https://bugzilla.suse.com/1180650 https://bugzilla.suse.com/1181223 https://bugzilla.suse.com/1184659 https://bugzilla.suse.com/1185131 https://bugzilla.suse.com/1186242 https://bugzilla.suse.com/1186287 https://bugzilla.suse.com/1186310 https://bugzilla.suse.com/1186508 https://bugzilla.suse.com/1186581 https://bugzilla.suse.com/1186650 https://bugzilla.suse.com/1186674 https://bugzilla.suse.com/1186738 https://bugzilla.suse.com/1187787 https://bugzilla.suse.com/1187813 https://bugzilla.suse.com/1188042 https://bugzilla.suse.com/1188170 https://bugzilla.suse.com/1188259 https://bugzilla.suse.com/1188647 https://bugzilla.suse.com/1188846 https://bugzilla.suse.com/1188977 https://bugzilla.suse.com/1189040 https://bugzilla.suse.com/1190265 https://bugzilla.suse.com/1190446 https://bugzilla.suse.com/1190512 https://bugzilla.suse.com/1191412 https://bugzilla.suse.com/1191448 From sle-updates at lists.suse.com Fri Dec 3 15:05:57 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Dec 2021 16:05:57 +0100 (CET) Subject: SUSE-SU-2021:3904-1: moderate: Security Beta update for SUSE Manager Client Tools Message-ID: <20211203150557.4DC16FD0A@maintenance.suse.de> SUSE Security Update: Security Beta update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3904-1 Rating: moderate References: #1164192 #1167586 #1168327 #1173692 #1180650 #1181223 #1184659 #1185131 #1186287 #1186310 #1186581 #1186674 #1187787 #1187813 #1188042 #1188170 #1188641 #1188647 #1188977 #1189040 #1189043 #1190114 #1190265 #1190446 #1190512 #1191412 #1191431 ECO-3319 Cross-References: CVE-2021-21996 CVSS scores: CVE-2021-21996 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Affected Products: SUSE Manager Debian 9.0-CLIENT-TOOLS-BETA ______________________________________________________________________________ An update that solves one vulnerability, contains one feature and has 26 fixes is now available. Description: This update fixes the following issues: salt: - Remove wrong _parse_cpe_name from grains.core - Prevent tracebacks if directory for cookie is missing - Fix file.find tracebacks with non utf8 file names (bsc#1190114) - Fix ip6_interface grain to not leak secondary IPv4 aliases (bsc#1191412) - Do not consider skipped targets as failed for ansible.playbooks state (bsc#1190446) - Fix traceback.*_exc() calls - Fix the regression of docker_container state module - Support querying for JSON data in external sql pillar - Exclude the full path of a download URL to prevent injection of malicious code (bsc#1190265) (CVE-2021-21996) - Fix wrong relative paths resolution with Jinja renderer when importing subdirectories - Fix python-MarkupSafe dependency (bsc#1189043) - Add missing aarch64 to rpm package architectures - Consolidate some state requisites (bsc#1188641) - Fix failing unit test for systemd - Fix error handling in openscap module (bsc#1188647) - Better handling of bad public keys from minions (bsc#1189040) - Define license macro as doc in spec file if not existing - Add standalone formulas configuration for salt minion and remove salt-master requirement (bsc#1168327) - Do noop for services states when running systemd in offline mode (bsc#1187787) - Transactional_updates: do not execute states in parallel but use a queue (bsc#1188170) - Handle "master tops" data when states are applied by "transactional_update" (bsc#1187787) - Enhance openscap module: add "xccdf_eval" call - Virt: pass emulator when getting domain capabilities from libvirt - Implementation of held/unheld functions for state pkg (bsc#1187813) - Fix exception in yumpkg.remove for not installed package - Fix save for iptables state module (bsc#1185131) - Virt: use /dev/kvm to detect KVM - Zypperpkg: improve logic for handling vendorchange flags - Add bundled provides for tornado to the spec file - Enhance logging when inotify beacon is missing pyinotify (bsc#1186310) - Add "python3-pyinotify" as a recommended package for Salt in SUSE/openSUSE distros - Check if dpkgnotify is executable (bsc#1186674) - Detect Python version to use inside container (bsc#1167586) (bsc#1164192) - Handle volumes on stopped pools in virt.vm_info (bsc#1186287) - Grains.extra: support old non-intel kernels (bsc#1180650) - Fix missing minion returns in batch mode (bsc#1184659) - Parsing Epoch out of version provided during pkg remove (bsc#1173692) scap-security-guide: - Fix SLE-12 build issue caused by '\xb0' character (bsc#1191431). - Updated to 0.1.58 release (jsc#ECO-3319) - Support for Script Checking Engine (SCE) - Split RHEL 8 CIS profile using new controls file format - CIS Profiles for SLE12 - Initial Ubuntu 20.04 STIG Profiles - Addition of an automated CCE adder - Updated to 0.1.57 release (jsc#ECO-3319) - CIS profile for RHEL 7 is updated - initial CIS profiles for Ubuntu 20.04 - Major improvement of RHEL 9 content - new release process implemented using Github actions - Specify the maintainer, for deb packages. - Updated to 0.1.56 release (jsc#ECO-3319) - Align ism_o profile with latest ISM SSP (#6878) - Align RHEL 7 STIG profile with DISA STIG V3R3 - Creating new RHEL 7 STIG GUI profile (#6863) - Creating new RHEL 8 STIG GUI profile (#6862) - Add the RHEL9 product (#6801) - Initial support for SUSE SLE-15 (#6666) - add support for osbuild blueprint remediations (#6970) - Updated to a intermediate GIT snapshot of 20210323 (jsc#ECO-3319) - initial SLES15 STIG added - more SLES 12 STIG work - correct tables and cross references for SLES 12 and 15 STIG - Updated to 0.1.55 release (jsc#ECO-3319) - big update of rules used in SLES-12 STIG profile - Render policy to HTML (#6532) - Add variable support to yamlfile_value template (#6563) - Introduce new template for dconf configuration files (#6118) - Avoid some non sles12 sp2 available macros. spacecmd: - Version 4.3.4-1 * Update translation strings - Version 4.3.3-1 * Improved event history listing and added new system_eventdetails command to retrieve the details of an event * configchannel_updatefile handles directory properly (bsc#1190512) - Version 4.3.2-1 * Add schedule_archivecompleted to mass archive actions (bsc#1181223) * Make schedule_deletearchived to get all actions without display limit * Allow passing a date limit for schedule_deletearchived on spacecmd (bsc#1181223) * Remove whoami from the list of unauthenticated commands (bsc#1188977) - Version 4.3.1-1 - Use correct API endpoint in list_proxies (bsc#1188042) - Add schedule_deletearchived to bulk delete archived actions (bsc#1181223) - Make spacecmd aware of retracted patches/packages - Version 4.2.10-1 - Enhance help for installation types when creating distributions (bsc#1186581) - Version 4.2.9-1 - Parse empty argument when nothing in between the separator Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Debian 9.0-CLIENT-TOOLS-BETA: zypper in -t patch SUSE-Debian-9.0-CLIENT-TOOLS-BETA-2021-3904=1 Package List: - SUSE Manager Debian 9.0-CLIENT-TOOLS-BETA (all): salt-common-3000+ds-1+2.18.1 salt-minion-3000+ds-1+2.18.1 scap-security-guide-debian-0.1.58-2.6.1 spacecmd-4.3.4-2.18.1 References: https://www.suse.com/security/cve/CVE-2021-21996.html https://bugzilla.suse.com/1164192 https://bugzilla.suse.com/1167586 https://bugzilla.suse.com/1168327 https://bugzilla.suse.com/1173692 https://bugzilla.suse.com/1180650 https://bugzilla.suse.com/1181223 https://bugzilla.suse.com/1184659 https://bugzilla.suse.com/1185131 https://bugzilla.suse.com/1186287 https://bugzilla.suse.com/1186310 https://bugzilla.suse.com/1186581 https://bugzilla.suse.com/1186674 https://bugzilla.suse.com/1187787 https://bugzilla.suse.com/1187813 https://bugzilla.suse.com/1188042 https://bugzilla.suse.com/1188170 https://bugzilla.suse.com/1188641 https://bugzilla.suse.com/1188647 https://bugzilla.suse.com/1188977 https://bugzilla.suse.com/1189040 https://bugzilla.suse.com/1189043 https://bugzilla.suse.com/1190114 https://bugzilla.suse.com/1190265 https://bugzilla.suse.com/1190446 https://bugzilla.suse.com/1190512 https://bugzilla.suse.com/1191412 https://bugzilla.suse.com/1191431 From sle-updates at lists.suse.com Fri Dec 3 15:10:39 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Dec 2021 16:10:39 +0100 (CET) Subject: SUSE-RU-2021:3891-1: moderate: Recommended update for keyutils Message-ID: <20211203151039.85983FC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for keyutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3891-1 Rating: moderate References: #1029961 #1113013 #1187654 SLE-20016 Affected Products: SUSE MicroOS 5.1 SUSE MicroOS 5.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has three recommended fixes and contains one feature can now be installed. Description: This update for keyutils fixes the following issues: - Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654) keyutils was updated to 1.6.3 (jsc#SLE-20016): * Revert the change notifications that were using /dev/watch_queue. * Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE). * Allow "keyctl supports" to retrieve raw capability data. * Allow "keyctl id" to turn a symbolic key ID into a numeric ID. * Allow "keyctl new_session" to name the keyring. * Allow "keyctl add/padd/etc." to take hex-encoded data. * Add "keyctl watch*" to expose kernel change notifications on keys. * Add caps for namespacing and notifications. * Set a default TTL on keys that upcall for name resolution. * Explicitly clear memory after it's held sensitive information. * Various manual page fixes. * Fix C++-related errors. * Add support for keyctl_move(). * Add support for keyctl_capabilities(). * Make key=val list optional for various public-key ops. * Fix system call signature for KEYCTL_PKEY_QUERY. * Fix 'keyctl pkey_query' argument passing. * Use keyctl_read_alloc() in dump_key_tree_aux(). * Various manual page fixes. Updated to 1.6: * Apply various specfile cleanups from Fedora. * request-key: Provide a command line option to suppress helper execution. * request-key: Find least-wildcard match rather than first match. * Remove the dependency on MIT Kerberos. * Fix some error messages * keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes. * Fix doc and comment typos. * Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20). * Add pkg-config support for finding libkeyutils. * upstream isn't offering PGP signatures for the source tarballs anymore Updated to 1.5.11 (bsc#1113013) * Add keyring restriction support. * Add KDF support to the Diffie-Helman function. * DNS: Add support for AFS config files and SRV records Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-3891=1 - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-3891=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-3891=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-3891=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-3891=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-3891=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-3891=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3891=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3891=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-3891=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-3891=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3891=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3891=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-3891=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE MicroOS 5.1 (aarch64 s390x x86_64): keyutils-1.6.3-5.6.1 keyutils-debuginfo-1.6.3-5.6.1 keyutils-debugsource-1.6.3-5.6.1 libkeyutils1-1.6.3-5.6.1 libkeyutils1-debuginfo-1.6.3-5.6.1 - SUSE MicroOS 5.0 (aarch64 x86_64): keyutils-1.6.3-5.6.1 keyutils-debuginfo-1.6.3-5.6.1 keyutils-debugsource-1.6.3-5.6.1 libkeyutils1-1.6.3-5.6.1 libkeyutils1-debuginfo-1.6.3-5.6.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): keyutils-1.6.3-5.6.1 keyutils-debuginfo-1.6.3-5.6.1 keyutils-debugsource-1.6.3-5.6.1 keyutils-devel-1.6.3-5.6.1 libkeyutils1-1.6.3-5.6.1 libkeyutils1-debuginfo-1.6.3-5.6.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libkeyutils1-32bit-1.6.3-5.6.1 libkeyutils1-32bit-debuginfo-1.6.3-5.6.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): keyutils-1.6.3-5.6.1 keyutils-debuginfo-1.6.3-5.6.1 keyutils-debugsource-1.6.3-5.6.1 keyutils-devel-1.6.3-5.6.1 libkeyutils1-1.6.3-5.6.1 libkeyutils1-debuginfo-1.6.3-5.6.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libkeyutils1-32bit-1.6.3-5.6.1 libkeyutils1-32bit-debuginfo-1.6.3-5.6.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): keyutils-1.6.3-5.6.1 keyutils-debuginfo-1.6.3-5.6.1 keyutils-debugsource-1.6.3-5.6.1 keyutils-devel-1.6.3-5.6.1 libkeyutils1-1.6.3-5.6.1 libkeyutils1-debuginfo-1.6.3-5.6.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libkeyutils1-32bit-1.6.3-5.6.1 libkeyutils1-32bit-debuginfo-1.6.3-5.6.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): keyutils-1.6.3-5.6.1 keyutils-debuginfo-1.6.3-5.6.1 keyutils-debugsource-1.6.3-5.6.1 keyutils-devel-1.6.3-5.6.1 libkeyutils1-1.6.3-5.6.1 libkeyutils1-32bit-1.6.3-5.6.1 libkeyutils1-32bit-debuginfo-1.6.3-5.6.1 libkeyutils1-debuginfo-1.6.3-5.6.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): keyutils-1.6.3-5.6.1 keyutils-debuginfo-1.6.3-5.6.1 keyutils-debugsource-1.6.3-5.6.1 keyutils-devel-1.6.3-5.6.1 libkeyutils1-1.6.3-5.6.1 libkeyutils1-debuginfo-1.6.3-5.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): keyutils-1.6.3-5.6.1 keyutils-debuginfo-1.6.3-5.6.1 keyutils-debugsource-1.6.3-5.6.1 keyutils-devel-1.6.3-5.6.1 libkeyutils1-1.6.3-5.6.1 libkeyutils1-debuginfo-1.6.3-5.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libkeyutils1-32bit-1.6.3-5.6.1 libkeyutils1-32bit-debuginfo-1.6.3-5.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): keyutils-1.6.3-5.6.1 keyutils-debuginfo-1.6.3-5.6.1 keyutils-debugsource-1.6.3-5.6.1 keyutils-devel-1.6.3-5.6.1 libkeyutils1-1.6.3-5.6.1 libkeyutils1-debuginfo-1.6.3-5.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libkeyutils1-32bit-1.6.3-5.6.1 libkeyutils1-32bit-debuginfo-1.6.3-5.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): keyutils-1.6.3-5.6.1 keyutils-debuginfo-1.6.3-5.6.1 keyutils-debugsource-1.6.3-5.6.1 keyutils-devel-1.6.3-5.6.1 libkeyutils1-1.6.3-5.6.1 libkeyutils1-debuginfo-1.6.3-5.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libkeyutils1-32bit-1.6.3-5.6.1 libkeyutils1-32bit-debuginfo-1.6.3-5.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): keyutils-1.6.3-5.6.1 keyutils-debuginfo-1.6.3-5.6.1 keyutils-debugsource-1.6.3-5.6.1 keyutils-devel-1.6.3-5.6.1 libkeyutils1-1.6.3-5.6.1 libkeyutils1-debuginfo-1.6.3-5.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libkeyutils1-32bit-1.6.3-5.6.1 libkeyutils1-32bit-debuginfo-1.6.3-5.6.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): keyutils-1.6.3-5.6.1 keyutils-debuginfo-1.6.3-5.6.1 keyutils-debugsource-1.6.3-5.6.1 keyutils-devel-1.6.3-5.6.1 libkeyutils1-1.6.3-5.6.1 libkeyutils1-debuginfo-1.6.3-5.6.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libkeyutils1-32bit-1.6.3-5.6.1 libkeyutils1-32bit-debuginfo-1.6.3-5.6.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): keyutils-1.6.3-5.6.1 keyutils-debuginfo-1.6.3-5.6.1 keyutils-debugsource-1.6.3-5.6.1 keyutils-devel-1.6.3-5.6.1 libkeyutils1-1.6.3-5.6.1 libkeyutils1-debuginfo-1.6.3-5.6.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libkeyutils1-32bit-1.6.3-5.6.1 libkeyutils1-32bit-debuginfo-1.6.3-5.6.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): keyutils-1.6.3-5.6.1 keyutils-debuginfo-1.6.3-5.6.1 keyutils-debugsource-1.6.3-5.6.1 keyutils-devel-1.6.3-5.6.1 libkeyutils1-1.6.3-5.6.1 libkeyutils1-debuginfo-1.6.3-5.6.1 - SUSE Enterprise Storage 6 (x86_64): libkeyutils1-32bit-1.6.3-5.6.1 libkeyutils1-32bit-debuginfo-1.6.3-5.6.1 - SUSE CaaS Platform 4.0 (x86_64): keyutils-1.6.3-5.6.1 keyutils-debuginfo-1.6.3-5.6.1 keyutils-debugsource-1.6.3-5.6.1 keyutils-devel-1.6.3-5.6.1 libkeyutils1-1.6.3-5.6.1 libkeyutils1-32bit-1.6.3-5.6.1 libkeyutils1-32bit-debuginfo-1.6.3-5.6.1 libkeyutils1-debuginfo-1.6.3-5.6.1 References: https://bugzilla.suse.com/1029961 https://bugzilla.suse.com/1113013 https://bugzilla.suse.com/1187654 From sle-updates at lists.suse.com Fri Dec 3 15:13:57 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Dec 2021 16:13:57 +0100 (CET) Subject: SUSE-RU-2021:3889-1: moderate: Recommended update for permissions Message-ID: <20211203151357.ECB8CFC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for permissions ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3889-1 Rating: moderate References: #1191194 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for permissions fixes the following issues: Update to version 20170707: * add capability for prometheus-blackbox_exporter (bsc#1191194) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3889=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): permissions-20170707-6.7.1 permissions-debuginfo-20170707-6.7.1 permissions-debugsource-20170707-6.7.1 References: https://bugzilla.suse.com/1191194 From sle-updates at lists.suse.com Fri Dec 3 15:15:21 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Dec 2021 16:15:21 +0100 (CET) Subject: SUSE-SU-2021:3899-1: moderate: Security update for aaa_base Message-ID: <20211203151521.D9A75FC9F@maintenance.suse.de> SUSE Security Update: Security update for aaa_base ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3899-1 Rating: moderate References: #1162581 #1174504 #1191563 #1192248 Affected Products: SUSE MicroOS 5.1 SUSE MicroOS 5.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for aaa_base fixes the following issues: - Allowed ping and ICMP commands without CAP_NET_RAW (bsc#1174504). - Add $HOME/.local/bin to PATH, if it exists (bsc#1192248). - Fixed get_kernel_version.c to work also for recent kernels on the s390/X platform (bsc#1191563). - Support xz compressed kernel (bsc#1162581) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-3899=1 - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-3899=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-3899=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-3899=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-3899=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-3899=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-3899=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-3899=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-3899=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3899=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3899=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-3899=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-3899=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3899=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3899=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-3899=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE MicroOS 5.1 (aarch64 s390x x86_64): aaa_base-84.87+git20180409.04c9dae-3.52.1 aaa_base-debuginfo-84.87+git20180409.04c9dae-3.52.1 aaa_base-debugsource-84.87+git20180409.04c9dae-3.52.1 - SUSE MicroOS 5.0 (aarch64 x86_64): aaa_base-84.87+git20180409.04c9dae-3.52.1 aaa_base-debuginfo-84.87+git20180409.04c9dae-3.52.1 aaa_base-debugsource-84.87+git20180409.04c9dae-3.52.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): aaa_base-84.87+git20180409.04c9dae-3.52.1 aaa_base-debuginfo-84.87+git20180409.04c9dae-3.52.1 aaa_base-debugsource-84.87+git20180409.04c9dae-3.52.1 aaa_base-extras-84.87+git20180409.04c9dae-3.52.1 aaa_base-malloccheck-84.87+git20180409.04c9dae-3.52.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): aaa_base-84.87+git20180409.04c9dae-3.52.1 aaa_base-debuginfo-84.87+git20180409.04c9dae-3.52.1 aaa_base-debugsource-84.87+git20180409.04c9dae-3.52.1 aaa_base-extras-84.87+git20180409.04c9dae-3.52.1 aaa_base-malloccheck-84.87+git20180409.04c9dae-3.52.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): aaa_base-84.87+git20180409.04c9dae-3.52.1 aaa_base-debuginfo-84.87+git20180409.04c9dae-3.52.1 aaa_base-debugsource-84.87+git20180409.04c9dae-3.52.1 aaa_base-extras-84.87+git20180409.04c9dae-3.52.1 aaa_base-malloccheck-84.87+git20180409.04c9dae-3.52.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): aaa_base-84.87+git20180409.04c9dae-3.52.1 aaa_base-debuginfo-84.87+git20180409.04c9dae-3.52.1 aaa_base-debugsource-84.87+git20180409.04c9dae-3.52.1 aaa_base-extras-84.87+git20180409.04c9dae-3.52.1 aaa_base-malloccheck-84.87+git20180409.04c9dae-3.52.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): aaa_base-84.87+git20180409.04c9dae-3.52.1 aaa_base-debuginfo-84.87+git20180409.04c9dae-3.52.1 aaa_base-debugsource-84.87+git20180409.04c9dae-3.52.1 aaa_base-extras-84.87+git20180409.04c9dae-3.52.1 aaa_base-malloccheck-84.87+git20180409.04c9dae-3.52.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): aaa_base-debuginfo-84.87+git20180409.04c9dae-3.52.1 aaa_base-debugsource-84.87+git20180409.04c9dae-3.52.1 aaa_base-malloccheck-84.87+git20180409.04c9dae-3.52.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): aaa_base-debuginfo-84.87+git20180409.04c9dae-3.52.1 aaa_base-debugsource-84.87+git20180409.04c9dae-3.52.1 aaa_base-malloccheck-84.87+git20180409.04c9dae-3.52.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): aaa_base-84.87+git20180409.04c9dae-3.52.1 aaa_base-debuginfo-84.87+git20180409.04c9dae-3.52.1 aaa_base-debugsource-84.87+git20180409.04c9dae-3.52.1 aaa_base-extras-84.87+git20180409.04c9dae-3.52.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): aaa_base-84.87+git20180409.04c9dae-3.52.1 aaa_base-debuginfo-84.87+git20180409.04c9dae-3.52.1 aaa_base-debugsource-84.87+git20180409.04c9dae-3.52.1 aaa_base-extras-84.87+git20180409.04c9dae-3.52.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): aaa_base-84.87+git20180409.04c9dae-3.52.1 aaa_base-debuginfo-84.87+git20180409.04c9dae-3.52.1 aaa_base-debugsource-84.87+git20180409.04c9dae-3.52.1 aaa_base-extras-84.87+git20180409.04c9dae-3.52.1 aaa_base-malloccheck-84.87+git20180409.04c9dae-3.52.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): aaa_base-84.87+git20180409.04c9dae-3.52.1 aaa_base-debuginfo-84.87+git20180409.04c9dae-3.52.1 aaa_base-debugsource-84.87+git20180409.04c9dae-3.52.1 aaa_base-extras-84.87+git20180409.04c9dae-3.52.1 aaa_base-malloccheck-84.87+git20180409.04c9dae-3.52.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): aaa_base-84.87+git20180409.04c9dae-3.52.1 aaa_base-debuginfo-84.87+git20180409.04c9dae-3.52.1 aaa_base-debugsource-84.87+git20180409.04c9dae-3.52.1 aaa_base-extras-84.87+git20180409.04c9dae-3.52.1 aaa_base-malloccheck-84.87+git20180409.04c9dae-3.52.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): aaa_base-84.87+git20180409.04c9dae-3.52.1 aaa_base-debuginfo-84.87+git20180409.04c9dae-3.52.1 aaa_base-debugsource-84.87+git20180409.04c9dae-3.52.1 aaa_base-extras-84.87+git20180409.04c9dae-3.52.1 aaa_base-malloccheck-84.87+git20180409.04c9dae-3.52.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): aaa_base-84.87+git20180409.04c9dae-3.52.1 aaa_base-debuginfo-84.87+git20180409.04c9dae-3.52.1 aaa_base-debugsource-84.87+git20180409.04c9dae-3.52.1 aaa_base-extras-84.87+git20180409.04c9dae-3.52.1 aaa_base-malloccheck-84.87+git20180409.04c9dae-3.52.1 - SUSE CaaS Platform 4.0 (x86_64): aaa_base-84.87+git20180409.04c9dae-3.52.1 aaa_base-debuginfo-84.87+git20180409.04c9dae-3.52.1 aaa_base-debugsource-84.87+git20180409.04c9dae-3.52.1 aaa_base-extras-84.87+git20180409.04c9dae-3.52.1 aaa_base-malloccheck-84.87+git20180409.04c9dae-3.52.1 References: https://bugzilla.suse.com/1162581 https://bugzilla.suse.com/1174504 https://bugzilla.suse.com/1191563 https://bugzilla.suse.com/1192248 From sle-updates at lists.suse.com Fri Dec 3 17:16:39 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Dec 2021 18:16:39 +0100 (CET) Subject: SUSE-FU-2021:3925-1: moderate: Feature update for SUSE Manager Client Tools Message-ID: <20211203171639.21D51FC9F@maintenance.suse.de> SUSE Feature Update: Feature update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-FU-2021:3925-1 Rating: moderate References: #1191194 SLE-22351 Affected Products: SUSE Manager Tools 15 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 ______________________________________________________________________________ An update that has one feature fix and contains one feature can now be installed. Description: This update fixes the following issues: prometheus-blackbox_exporter: - Provide 'prometheus-blackbox_exporter' version 0.19.0 (jsc#SLE-22351) - Use '%set_permissions' and '%verify_permissions' for SUSE Linux Enterprise 12 (bsc#1191194) - Set 'CAP_NET_RAW' capability to allow ICMP requests grafana: - Add URL to package source code in the login page footer spacecmd: - Update translation strings spacewalk-client-tools: - Update translation strings zypp-plugin-spacewalk: - Use proxy configured in 'up2date' config when it is defined - Added RHEL8 build. Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 15: zypper in -t patch SUSE-SLE-Manager-Tools-15-2021-3925=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2021-3925=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.1-2021-3925=1 Package List: - SUSE Manager Tools 15 (aarch64 ppc64le s390x x86_64): grafana-7.5.7-1.24.1 prometheus-blackbox_exporter-0.19.0-1.3.1 prometheus-blackbox_exporter-debuginfo-0.19.0-1.3.1 - SUSE Manager Tools 15 (noarch): python3-spacewalk-check-4.2.15-3.53.1 python3-spacewalk-client-setup-4.2.15-3.53.1 python3-spacewalk-client-tools-4.2.15-3.53.1 python3-zypp-plugin-spacewalk-1.0.10-3.21.1 spacecmd-4.2.14-3.71.1 spacewalk-check-4.2.15-3.53.1 spacewalk-client-setup-4.2.15-3.53.1 spacewalk-client-tools-4.2.15-3.53.1 zypp-plugin-spacewalk-1.0.10-3.21.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (aarch64 ppc64le s390x x86_64): prometheus-blackbox_exporter-0.19.0-1.3.1 prometheus-blackbox_exporter-debuginfo-0.19.0-1.3.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (noarch): python3-zypp-plugin-spacewalk-1.0.10-3.21.1 zypp-plugin-spacewalk-1.0.10-3.21.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (noarch): python3-zypp-plugin-spacewalk-1.0.10-3.21.1 zypp-plugin-spacewalk-1.0.10-3.21.1 References: https://bugzilla.suse.com/1191194 From sle-updates at lists.suse.com Fri Dec 3 17:17:49 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Dec 2021 18:17:49 +0100 (CET) Subject: SUSE-RU-2021:3910-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20211203171749.6714EFC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3910-1 Rating: moderate References: #1173103 #1190114 #1190446 #1191285 #1191412 #1191431 ECO-3319 Affected Products: SUSE Manager Debian 9.0-CLIENT-TOOLS ______________________________________________________________________________ An update that has 6 recommended fixes and contains one feature can now be installed. Description: This update fixes the following issues: salt: - Fix 'tmpfiles.d' configuration for salt to not use legacy paths (bsc#1173103) - Remove wrong '_parse_cpe_name' from 'grains.core' - Prevent tracebacks if directory for cookie is missing - Fix 'file.find' tracebacks with non utf8 file names (bsc#1190114) - Fix 'ip6_interface' grain to not leak secondary IPv4 aliases (bsc#1191412) - Do not consider skipped targets as failed for 'ansible.playbooks' state (bsc#1190446) - Fix 'traceback.*_exc()' calls scap-security-guide: - Fix SUSE Linux Enterprise 12 build issue caused by '\xb0' character (bsc#1191431). - Updated to 0.1.58 release (jsc#ECO-3319) - Support for Script Checking Engine (SCE) - Split RHEL 8 CIS profile using new controls file format - CIS Profiles for SLE12 - Initial Ubuntu 20.04 STIG Profiles - Addition of an automated CCE adder spacecmd: - Update translation strings Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Debian 9.0-CLIENT-TOOLS: zypper in -t patch SUSE-Debian-9.0-CLIENT-TOOLS-x86_64-2021-3910=1 Package List: - SUSE Manager Debian 9.0-CLIENT-TOOLS (all): salt-common-3000+ds-1+2.37.1 salt-minion-3000+ds-1+2.37.1 scap-security-guide-debian-0.1.58-2.12.1 spacecmd-4.2.14-2.22.1 References: https://bugzilla.suse.com/1173103 https://bugzilla.suse.com/1190114 https://bugzilla.suse.com/1190446 https://bugzilla.suse.com/1191285 https://bugzilla.suse.com/1191412 https://bugzilla.suse.com/1191431 From sle-updates at lists.suse.com Fri Dec 3 17:19:39 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Dec 2021 18:19:39 +0100 (CET) Subject: SUSE-RU-2021:3916-1: Recommended update for SUSE Manager 4.2.4 Release Notes Message-ID: <20211203171939.31565FC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager 4.2.4 Release Notes ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3916-1 Rating: low References: #1173143 #1184617 #1185465 #1185951 #1187673 #1187708 #1189643 #1190114 #1190446 #1190665 #1190866 #1190867 #1190964 #1191123 #1191139 #1191144 #1191222 #1191267 #1191274 #1191313 #1191340 #1191377 #1191412 #1191442 #1191444 #1191460 #1191495 #1191538 #1191643 #1191656 #1191702 #1191899 #1192321 #1192736 Affected Products: SUSE Manager Server 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Proxy 4.2 ______________________________________________________________________________ An update that has 34 recommended fixes can now be installed. Description: This update for SUSE Manager 4.2.4 Release Notes provides the following additions: Release notes for SUSE Manager: - Update to 4.2.4 * The Blackbox exporter support has been added * System re-activation is now possible from the UI & XMLPRC-API * Low disk space notification has been added on the login page * Bugs mentioned: bsc#1173143, bsc#1184617, bsc#1185465, bsc#1185951, bsc#1187708 bsc#1189643, bsc#1190114, bsc#1190446, bsc#1190665, bsc#1190866 bsc#1190867, bsc#1190964, bsc#1191123, bsc#1191139, bsc#1191144 bsc#1191222, bsc#1191267, bsc#1191274, bsc#1191313, bsc#1191340 bsc#1191377, bsc#1191412, bsc#1191442, bsc#1191444, bsc#1191460 bsc#1191495, bsc#1191538, bsc#1191643, bsc#1191656, bsc#1191702 bsc#1191899, bsc#1192321, bsc#1192736 Release notes for SUSE Manager proxy: - Update to 4.2.4 * The package 'prometheus-blackbox_exporter' has been added as recommended for the Proxy. * Bugs mentioned: bsc#1187673, bsc#1189643, bsc#1190867, bsc#1190964, bsc#1191538, bsc#1191656 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2021-3916=1 - SUSE Manager Retail Branch Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2021-3916=1 - SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2021-3916=1 Package List: - SUSE Manager Server 4.2 (ppc64le s390x x86_64): release-notes-susemanager-4.2.4-3.22.1 - SUSE Manager Retail Branch Server 4.2 (x86_64): release-notes-susemanager-proxy-4.2.4-3.18.1 - SUSE Manager Proxy 4.2 (x86_64): release-notes-susemanager-proxy-4.2.4-3.18.1 References: https://bugzilla.suse.com/1173143 https://bugzilla.suse.com/1184617 https://bugzilla.suse.com/1185465 https://bugzilla.suse.com/1185951 https://bugzilla.suse.com/1187673 https://bugzilla.suse.com/1187708 https://bugzilla.suse.com/1189643 https://bugzilla.suse.com/1190114 https://bugzilla.suse.com/1190446 https://bugzilla.suse.com/1190665 https://bugzilla.suse.com/1190866 https://bugzilla.suse.com/1190867 https://bugzilla.suse.com/1190964 https://bugzilla.suse.com/1191123 https://bugzilla.suse.com/1191139 https://bugzilla.suse.com/1191144 https://bugzilla.suse.com/1191222 https://bugzilla.suse.com/1191267 https://bugzilla.suse.com/1191274 https://bugzilla.suse.com/1191313 https://bugzilla.suse.com/1191340 https://bugzilla.suse.com/1191377 https://bugzilla.suse.com/1191412 https://bugzilla.suse.com/1191442 https://bugzilla.suse.com/1191444 https://bugzilla.suse.com/1191460 https://bugzilla.suse.com/1191495 https://bugzilla.suse.com/1191538 https://bugzilla.suse.com/1191643 https://bugzilla.suse.com/1191656 https://bugzilla.suse.com/1191702 https://bugzilla.suse.com/1191899 https://bugzilla.suse.com/1192321 https://bugzilla.suse.com/1192736 From sle-updates at lists.suse.com Fri Dec 3 17:25:13 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Dec 2021 18:25:13 +0100 (CET) Subject: SUSE-RU-2021:3926-1: moderate: Recommended update for SUSE Manager Server 4.2 Message-ID: <20211203172513.3137CFC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Server 4.2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3926-1 Rating: moderate References: #1173143 #1184617 #1185465 #1185951 #1187708 #1189643 #1190114 #1190446 #1190665 #1190866 #1190867 #1190964 #1191123 #1191139 #1191144 #1191222 #1191267 #1191274 #1191313 #1191340 #1191377 #1191412 #1191442 #1191444 #1191460 #1191495 #1191538 #1191643 #1191656 #1191702 #1191899 #1192321 #1192736 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has 33 recommended fixes can now be installed. Description: This update fixes the following issues: grafana-formula: - Add SSH blackbox status check panel to clients dashboard - Migrate deprecated panels in clients dashboard patterns-suse-manager: - Add 'prometheus-blackbox_exporter' as recommended for the Proxy prometheus-formula: - Fix opening Prometheus ports on proxy - Add Prometheus targets configuration for minions SSH probing - Add blackbox exporter - Open Prometheus ports (bsc#1191144) py27-compat-salt: - Remove wrong _parse_cpe_name from grains.core - Fix file.find tracebacks with non utf8 file names (bsc#1190114) - Fix ip6_interface grain to not leak secondary IPv4 aliases (bsc#1191412) - Added Python2 build possibility for RHEL8 - Do not consider skipped targets as failed for ansible.playbooks state (bsc#1190446) - Fix traceback.*_exc() calls spacecmd: - Update translation strings spacewalk-backend: - Reposync: replace architecture variables in mirror lists - Minor spec update. - Added RHN config parameter httpd_config_dir. - Avoid GPG errors messages in reposync caused by rpm not understanding signatures (bsc#1191538) - Improved the diskcheck script to return an exit value and to allow performing the check without sending notification spacewalk-certs-tools: - Make bootstrap script to use bash when called with a different interpreter (bsc#1191656) - set key format to PEM when generating key for traditional clients push ssh (bsc#1189643) spacewalk-client-tools: - Update translation strings spacewalk-java: - Fix calling wrong XMLRPC bootstrap method (bsc#1192736) - Fix package update action with shared channels (bsc#1191313) - fix openscap scan with tailoring-file option (bsc#1192321) - switch to best repo auth item for contentsources (bsc#1191442) - Implement using re-activation keys when bootstrapping with the Web UI or XMLRPC API - update last boot time of SSH Minions after bootstrapping (bsc#1191899) - Add compressed flag to image pillars when kiwi image is compressed (bsc#1191702) - Use an 'allow' filter for the kernel packages with live patching filter templates (bsc#1191460) - Move pickedup actions to history as soon as they are pickedup (bsc#1191444) - fix issue with empty action chains getting deleted too early (bsc#1191377) - Set product name and version in the User-Agent header when connecting to SCC - On salt-ssh minions, enforce package list refresh after state apply - Run Prometheus JMX exporter as Java agent (bsc#1184617) - Fix internal server error on DuplicateSystemsCompare (bsc#1191643) - Hide link to CLM live patching template in system details for products that don't support live patching (bsc#1190866) - Execute the diskcheck script at login to validate the available space - Trigger reboot needed message also when installhint is available on package level - Add Content Lifecycle Management filter for package provides and use it in live patching filter template - Allow usage of jinja template in Salt config channels - Remove NullPointerException in rhn_web_ui.log when building an image (bsc#1185951) - mgr-sync refresh logs when a vendor channel is expired and shows how to remove it (bsc#1191222) - Readable error when "mgr-sync add channel" is called with a non-existing label (bsc#1173143) spacewalk-reports: - Improve performance of inventory report (bsc#1191495) spacewalk-setup: - Increase "max_event_size" value for the Salt master (bsc#1191340) - Leave Cobbler bootloader directory at the default (bsc#1187708) - Don't delete cobbler.conf contents. - Fixed FileNotFoundError on cobbler setup. - cobbler20-setup was removed - spacewalk-setup-cobbler was reimplemented in Python - Config files for Cobbler don't get edited in place anymore, thus the original ones are saved with a ".backup" suffix spacewalk-web: - Implement using re-activation keys when bootstrapping with the Web UI - Disable the SPA engine for download links (bsc#1190964) - Fix CLM filter edit modal opening (bsc#1190867) - Display a warning in the login page if the available disk space on the server is running out - add Content Lifecycle Management filter for package provides susemanager: - Reorganize bootstrap SSL state - Add missing packages on SSL bootstrap of Debian-10 and SLES-15 - Update translation strings susemanager-doc-indexes: - Support for reboot flags added to SLS State for Ubuntu, Debian and Red Hat Enterprise Linux 7 in Keeping Clients updated section of the Cookbook - Fixed base channel label for Red Hat 8 products in the Client Configuration Guide - In the Client Configuration Guide, move the information about requiring Python to the section covering WebUI registration procedures. - Warn about building ARM images on aarch64 architecture in the Administration Guide - Added DNS resolution for minions to the Troubleshooting section of the Client Configuration Guide - Documented low on disc space warnings in the Managing Disk Space chapter in Administration Guide - In the Installation Guide, fix slow downloads via proxy when huge files are requested (bsc#1185465) - Reactivation key in the Web UI added to the Client Configuration Guide - Updated the 'max_connections' section of the Salt Guide (bsc#1191267) - In the ports section of the Installation Guide, mention "tftpsync" explicitly for port 443 (bsc#1190665) - In server upgrade procedure in the Upgrade Guide add 'zypper ref' step to refresh repositories reliably. - Update 'effective_cache_size' section of the Salt Guide (bsc#1191274) - Documented new filter in the Content Lifecycle Management chapter of the Administration Guide susemanager-docs_en: - Support for reboot flags added to SLS State for Ubuntu, Debian and Red Hat Enterprise Linux 7 in Keeping Clients updated section of the Cookbook - Fixed base channel label for Red Hat 8 products in the Client Configuration Guide - In the Client Configuration Guide, move the information about requiring Python to the section covering WebUI registration procedures. - Warn about building ARM images on aarch64 architecture in the Administration Guide - Added DNS resolution for minions to the Troubleshooting section of the Client Configuration Guide - Documented low on disc space warnings in the Managing Disk Space chapter in Administration Guide - In the Installation Guide, fix slow downloads via proxy when huge files are requested (bsc#1185465) - Reactivation key in the Web UI added to the Client Configuration Guide - Updated the 'max_connections' section of the Salt Guide (bsc#1191267) - In the ports section of the Installation Guide, mention "tftpsync" explicitly for port 443 (bsc#1190665) - In server upgrade procedure in the Upgrade Guide add 'zypper ref' step to refresh repositories reliably. - Update 'effective_cache_size' section of the Salt Guide (bsc#1191274) - Documented new filter in the Content Lifecycle Management chapter of the Administration Guide susemanager-schema: - Add schema directory for susemanager-schema-4.2.18 susemanager-sls: - fix openscap scan with tailoring options (bsc#1192321) - Fix virt_utils module python 2.6 compatibility (bsc#1191123) - Implement using re-activation keys when bootstrapping - Add missing compressed_hash value from Kiwi inspect (bsc#1191702) - Don't create skeleton /srv/salt/top.sls - Run Prometheus JMX exporter as Java agent (bsc#1184617) - Replace FileNotFoundError by python2-compatible OSError (bsc#1191139) susemanager-sync-data: - add SUSE Linux Enterprise Server 15 SP2 LTSS - use mirrorlist URLs for Alma Linux 8 How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-service start` Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2021-3926=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (ppc64le s390x x86_64): patterns-suma_retail-4.2-4.6.2 patterns-suma_server-4.2-4.6.2 susemanager-4.2.26-3.16.5 susemanager-tools-4.2.26-3.16.5 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (noarch): grafana-formula-0.6.0-3.3.2 prometheus-formula-0.5.1-3.6.2 py27-compat-salt-3000.3-7.7.14.2 python3-spacewalk-certs-tools-4.2.14-3.12.3 python3-spacewalk-client-tools-4.2.15-4.12.4 spacecmd-4.2.14-4.12.3 spacewalk-backend-4.2.18-4.12.4 spacewalk-backend-app-4.2.18-4.12.4 spacewalk-backend-applet-4.2.18-4.12.4 spacewalk-backend-config-files-4.2.18-4.12.4 spacewalk-backend-config-files-common-4.2.18-4.12.4 spacewalk-backend-config-files-tool-4.2.18-4.12.4 spacewalk-backend-iss-4.2.18-4.12.4 spacewalk-backend-iss-export-4.2.18-4.12.4 spacewalk-backend-package-push-server-4.2.18-4.12.4 spacewalk-backend-server-4.2.18-4.12.4 spacewalk-backend-sql-4.2.18-4.12.4 spacewalk-backend-sql-postgresql-4.2.18-4.12.4 spacewalk-backend-tools-4.2.18-4.12.4 spacewalk-backend-xml-export-libs-4.2.18-4.12.4 spacewalk-backend-xmlrpc-4.2.18-4.12.4 spacewalk-base-4.2.24-3.12.6 spacewalk-base-minimal-4.2.24-3.12.6 spacewalk-base-minimal-config-4.2.24-3.12.6 spacewalk-certs-tools-4.2.14-3.12.3 spacewalk-client-tools-4.2.15-4.12.4 spacewalk-html-4.2.24-3.12.6 spacewalk-java-4.2.31-3.17.5 spacewalk-java-config-4.2.31-3.17.5 spacewalk-java-lib-4.2.31-3.17.5 spacewalk-java-postgresql-4.2.31-3.17.5 spacewalk-reports-4.2.6-3.6.3 spacewalk-setup-4.2.9-3.9.3 spacewalk-taskomatic-4.2.31-3.17.5 susemanager-doc-indexes-4.2-12.16.2 susemanager-docs_en-4.2-12.16.2 susemanager-docs_en-pdf-4.2-12.16.2 susemanager-schema-4.2.19-3.12.4 susemanager-sls-4.2.19-3.14.4 susemanager-sync-data-4.2.10-3.12.3 susemanager-web-libs-4.2.24-3.12.6 uyuni-config-modules-4.2.19-3.14.4 References: https://bugzilla.suse.com/1173143 https://bugzilla.suse.com/1184617 https://bugzilla.suse.com/1185465 https://bugzilla.suse.com/1185951 https://bugzilla.suse.com/1187708 https://bugzilla.suse.com/1189643 https://bugzilla.suse.com/1190114 https://bugzilla.suse.com/1190446 https://bugzilla.suse.com/1190665 https://bugzilla.suse.com/1190866 https://bugzilla.suse.com/1190867 https://bugzilla.suse.com/1190964 https://bugzilla.suse.com/1191123 https://bugzilla.suse.com/1191139 https://bugzilla.suse.com/1191144 https://bugzilla.suse.com/1191222 https://bugzilla.suse.com/1191267 https://bugzilla.suse.com/1191274 https://bugzilla.suse.com/1191313 https://bugzilla.suse.com/1191340 https://bugzilla.suse.com/1191377 https://bugzilla.suse.com/1191412 https://bugzilla.suse.com/1191442 https://bugzilla.suse.com/1191444 https://bugzilla.suse.com/1191460 https://bugzilla.suse.com/1191495 https://bugzilla.suse.com/1191538 https://bugzilla.suse.com/1191643 https://bugzilla.suse.com/1191656 https://bugzilla.suse.com/1191702 https://bugzilla.suse.com/1191899 https://bugzilla.suse.com/1192321 https://bugzilla.suse.com/1192736 From sle-updates at lists.suse.com Fri Dec 3 17:30:26 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Dec 2021 18:30:26 +0100 (CET) Subject: SUSE-RU-2021:3926-1: moderate: Recommended update for SUSE Manager Server 4.2 Message-ID: <20211203173026.D2D48FC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Server 4.2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3926-1 Rating: moderate References: #1173143 #1184617 #1185465 #1185951 #1187673 #1187708 #1189643 #1190114 #1190446 #1190665 #1190866 #1190867 #1190964 #1191123 #1191139 #1191144 #1191222 #1191267 #1191274 #1191313 #1191340 #1191377 #1191412 #1191442 #1191444 #1191460 #1191495 #1191538 #1191643 #1191656 #1191702 #1191899 #1192321 #1192736 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 ______________________________________________________________________________ An update that has 34 recommended fixes can now be installed. Description: This update fixes the following issues: grafana-formula: - Add SSH blackbox status check panel to clients dashboard - Migrate deprecated panels in clients dashboard patterns-suse-manager: - Add 'prometheus-blackbox_exporter' as recommended for the Proxy prometheus-formula: - Fix opening Prometheus ports on proxy - Add Prometheus targets configuration for minions SSH probing - Add blackbox exporter - Open Prometheus ports (bsc#1191144) py27-compat-salt: - Remove wrong _parse_cpe_name from grains.core - Fix file.find tracebacks with non utf8 file names (bsc#1190114) - Fix ip6_interface grain to not leak secondary IPv4 aliases (bsc#1191412) - Added Python2 build possibility for RHEL8 - Do not consider skipped targets as failed for ansible.playbooks state (bsc#1190446) - Fix traceback.*_exc() calls spacecmd: - Update translation strings spacewalk-backend: - Reposync: replace architecture variables in mirror lists - Minor spec update. - Added RHN config parameter httpd_config_dir. - Avoid GPG errors messages in reposync caused by rpm not understanding signatures (bsc#1191538) - Improved the diskcheck script to return an exit value and to allow performing the check without sending notification spacewalk-certs-tools: - Make bootstrap script to use bash when called with a different interpreter (bsc#1191656) - set key format to PEM when generating key for traditional clients push ssh (bsc#1189643) spacewalk-client-tools: - Update translation strings spacewalk-java: - Fix calling wrong XMLRPC bootstrap method (bsc#1192736) - Fix package update action with shared channels (bsc#1191313) - fix openscap scan with tailoring-file option (bsc#1192321) - switch to best repo auth item for contentsources (bsc#1191442) - Implement using re-activation keys when bootstrapping with the Web UI or XMLRPC API - update last boot time of SSH Minions after bootstrapping (bsc#1191899) - Add compressed flag to image pillars when kiwi image is compressed (bsc#1191702) - Use an 'allow' filter for the kernel packages with live patching filter templates (bsc#1191460) - Move pickedup actions to history as soon as they are pickedup (bsc#1191444) - fix issue with empty action chains getting deleted too early (bsc#1191377) - Set product name and version in the User-Agent header when connecting to SCC - On salt-ssh minions, enforce package list refresh after state apply - Run Prometheus JMX exporter as Java agent (bsc#1184617) - Fix internal server error on DuplicateSystemsCompare (bsc#1191643) - Hide link to CLM live patching template in system details for products that don't support live patching (bsc#1190866) - Execute the diskcheck script at login to validate the available space - Trigger reboot needed message also when installhint is available on package level - Add Content Lifecycle Management filter for package provides and use it in live patching filter template - Allow usage of jinja template in Salt config channels - Remove NullPointerException in rhn_web_ui.log when building an image (bsc#1185951) - mgr-sync refresh logs when a vendor channel is expired and shows how to remove it (bsc#1191222) - Readable error when "mgr-sync add channel" is called with a non-existing label (bsc#1173143) spacewalk-reports: - Improve performance of inventory report (bsc#1191495) spacewalk-setup: - Increase "max_event_size" value for the Salt master (bsc#1191340) - Leave Cobbler bootloader directory at the default (bsc#1187708) - Don't delete cobbler.conf contents. - Fixed FileNotFoundError on cobbler setup. - cobbler20-setup was removed - spacewalk-setup-cobbler was reimplemented in Python - Config files for Cobbler don't get edited in place anymore, thus the original ones are saved with a ".backup" suffix spacewalk-web: - Implement using re-activation keys when bootstrapping with the Web UI - Disable the SPA engine for download links (bsc#1190964) - Fix CLM filter edit modal opening (bsc#1190867) - Display a warning in the login page if the available disk space on the server is running out - add Content Lifecycle Management filter for package provides susemanager: - Reorganize bootstrap SSL state - Add missing packages on SSL bootstrap of Debian-10 and SLES-15 - Update translation strings susemanager-doc-indexes: - Support for reboot flags added to SLS State for Ubuntu, Debian and Red Hat Enterprise Linux 7 in Keeping Clients updated section of the Cookbook - Fixed base channel label for Red Hat 8 products in the Client Configuration Guide - In the Client Configuration Guide, move the information about requiring Python to the section covering WebUI registration procedures. - Warn about building ARM images on aarch64 architecture in the Administration Guide - Added DNS resolution for minions to the Troubleshooting section of the Client Configuration Guide - Documented low on disc space warnings in the Managing Disk Space chapter in Administration Guide - In the Installation Guide, fix slow downloads via proxy when huge files are requested (bsc#1185465) - Reactivation key in the Web UI added to the Client Configuration Guide - Updated the 'max_connections' section of the Salt Guide (bsc#1191267) - In the ports section of the Installation Guide, mention "tftpsync" explicitly for port 443 (bsc#1190665) - In server upgrade procedure in the Upgrade Guide add 'zypper ref' step to refresh repositories reliably. - Update 'effective_cache_size' section of the Salt Guide (bsc#1191274) - Documented new filter in the Content Lifecycle Management chapter of the Administration Guide susemanager-docs_en: - Support for reboot flags added to SLS State for Ubuntu, Debian and Red Hat Enterprise Linux 7 in Keeping Clients updated section of the Cookbook - Fixed base channel label for Red Hat 8 products in the Client Configuration Guide - In the Client Configuration Guide, move the information about requiring Python to the section covering WebUI registration procedures. - Warn about building ARM images on aarch64 architecture in the Administration Guide - Added DNS resolution for minions to the Troubleshooting section of the Client Configuration Guide - Documented low on disc space warnings in the Managing Disk Space chapter in Administration Guide - In the Installation Guide, fix slow downloads via proxy when huge files are requested (bsc#1185465) - Reactivation key in the Web UI added to the Client Configuration Guide - Updated the 'max_connections' section of the Salt Guide (bsc#1191267) - In the ports section of the Installation Guide, mention "tftpsync" explicitly for port 443 (bsc#1190665) - In server upgrade procedure in the Upgrade Guide add 'zypper ref' step to refresh repositories reliably. - Update 'effective_cache_size' section of the Salt Guide (bsc#1191274) - Documented new filter in the Content Lifecycle Management chapter of the Administration Guide susemanager-schema: - Add schema directory for susemanager-schema-4.2.18 susemanager-sls: - fix openscap scan with tailoring options (bsc#1192321) - Fix virt_utils module python 2.6 compatibility (bsc#1191123) - Implement using re-activation keys when bootstrapping - Add missing compressed_hash value from Kiwi inspect (bsc#1191702) - Don't create skeleton /srv/salt/top.sls - Run Prometheus JMX exporter as Java agent (bsc#1184617) - Replace FileNotFoundError by python2-compatible OSError (bsc#1191139) susemanager-sync-data: - add SUSE Linux Enterprise Server 15 SP2 LTSS - use mirrorlist URLs for Alma Linux 8 How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-service start` Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2021-3926=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2021-3926=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (ppc64le s390x x86_64): patterns-suma_retail-4.2-4.6.2 patterns-suma_server-4.2-4.6.2 susemanager-4.2.26-3.16.5 susemanager-tools-4.2.26-3.16.5 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (noarch): grafana-formula-0.6.0-3.3.2 prometheus-formula-0.5.1-3.6.2 py27-compat-salt-3000.3-7.7.14.2 python3-spacewalk-certs-tools-4.2.14-3.12.3 python3-spacewalk-client-tools-4.2.15-4.12.4 spacecmd-4.2.14-4.12.3 spacewalk-backend-4.2.18-4.12.4 spacewalk-backend-app-4.2.18-4.12.4 spacewalk-backend-applet-4.2.18-4.12.4 spacewalk-backend-config-files-4.2.18-4.12.4 spacewalk-backend-config-files-common-4.2.18-4.12.4 spacewalk-backend-config-files-tool-4.2.18-4.12.4 spacewalk-backend-iss-4.2.18-4.12.4 spacewalk-backend-iss-export-4.2.18-4.12.4 spacewalk-backend-package-push-server-4.2.18-4.12.4 spacewalk-backend-server-4.2.18-4.12.4 spacewalk-backend-sql-4.2.18-4.12.4 spacewalk-backend-sql-postgresql-4.2.18-4.12.4 spacewalk-backend-tools-4.2.18-4.12.4 spacewalk-backend-xml-export-libs-4.2.18-4.12.4 spacewalk-backend-xmlrpc-4.2.18-4.12.4 spacewalk-base-4.2.24-3.12.6 spacewalk-base-minimal-4.2.24-3.12.6 spacewalk-base-minimal-config-4.2.24-3.12.6 spacewalk-certs-tools-4.2.14-3.12.3 spacewalk-client-tools-4.2.15-4.12.4 spacewalk-html-4.2.24-3.12.6 spacewalk-java-4.2.31-3.17.5 spacewalk-java-config-4.2.31-3.17.5 spacewalk-java-lib-4.2.31-3.17.5 spacewalk-java-postgresql-4.2.31-3.17.5 spacewalk-reports-4.2.6-3.6.3 spacewalk-setup-4.2.9-3.9.3 spacewalk-taskomatic-4.2.31-3.17.5 susemanager-doc-indexes-4.2-12.16.2 susemanager-docs_en-4.2-12.16.2 susemanager-docs_en-pdf-4.2-12.16.2 susemanager-schema-4.2.19-3.12.4 susemanager-sls-4.2.19-3.14.4 susemanager-sync-data-4.2.10-3.12.3 susemanager-web-libs-4.2.24-3.12.6 uyuni-config-modules-4.2.19-3.14.4 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (x86_64): patterns-suma_proxy-4.2-4.6.2 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (noarch): python3-spacewalk-certs-tools-4.2.14-3.12.3 python3-spacewalk-check-4.2.15-4.12.4 python3-spacewalk-client-setup-4.2.15-4.12.4 python3-spacewalk-client-tools-4.2.15-4.12.4 spacecmd-4.2.14-4.12.3 spacewalk-backend-4.2.18-4.12.4 spacewalk-base-minimal-4.2.24-3.12.6 spacewalk-base-minimal-config-4.2.24-3.12.6 spacewalk-certs-tools-4.2.14-3.12.3 spacewalk-check-4.2.15-4.12.4 spacewalk-client-setup-4.2.15-4.12.4 spacewalk-client-tools-4.2.15-4.12.4 spacewalk-proxy-broker-4.2.8-3.9.3 spacewalk-proxy-common-4.2.8-3.9.3 spacewalk-proxy-management-4.2.8-3.9.3 spacewalk-proxy-package-manager-4.2.8-3.9.3 spacewalk-proxy-redirect-4.2.8-3.9.3 spacewalk-proxy-salt-4.2.8-3.9.3 References: https://bugzilla.suse.com/1173143 https://bugzilla.suse.com/1184617 https://bugzilla.suse.com/1185465 https://bugzilla.suse.com/1185951 https://bugzilla.suse.com/1187673 https://bugzilla.suse.com/1187708 https://bugzilla.suse.com/1189643 https://bugzilla.suse.com/1190114 https://bugzilla.suse.com/1190446 https://bugzilla.suse.com/1190665 https://bugzilla.suse.com/1190866 https://bugzilla.suse.com/1190867 https://bugzilla.suse.com/1190964 https://bugzilla.suse.com/1191123 https://bugzilla.suse.com/1191139 https://bugzilla.suse.com/1191144 https://bugzilla.suse.com/1191222 https://bugzilla.suse.com/1191267 https://bugzilla.suse.com/1191274 https://bugzilla.suse.com/1191313 https://bugzilla.suse.com/1191340 https://bugzilla.suse.com/1191377 https://bugzilla.suse.com/1191412 https://bugzilla.suse.com/1191442 https://bugzilla.suse.com/1191444 https://bugzilla.suse.com/1191460 https://bugzilla.suse.com/1191495 https://bugzilla.suse.com/1191538 https://bugzilla.suse.com/1191643 https://bugzilla.suse.com/1191656 https://bugzilla.suse.com/1191702 https://bugzilla.suse.com/1191899 https://bugzilla.suse.com/1192321 https://bugzilla.suse.com/1192736 From sle-updates at lists.suse.com Fri Dec 3 17:35:52 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Dec 2021 18:35:52 +0100 (CET) Subject: SUSE-RU-2021:14856-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20211203173552.BDAA8FC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:14856-1 Rating: moderate References: Affected Products: SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update fixes the following issues: spacecmd: - Update translation strings spacewalk-client-tools: - Update translation strings zypp-plugin-spacewalk: - Use proxy configured in 'up2date config' when it is defined - Added RHEL8 build. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS: zypper in -t patch slesctsp4-client-tools-202111-14856=1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS: zypper in -t patch slesctsp3-client-tools-202111-14856=1 Package List: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): python2-spacewalk-check-4.2.15-27.62.1 python2-spacewalk-client-setup-4.2.15-27.62.1 python2-spacewalk-client-tools-4.2.15-27.62.1 python2-zypp-plugin-spacewalk-1.0.10-27.24.1 spacecmd-4.2.14-18.96.1 spacewalk-check-4.2.15-27.62.1 spacewalk-client-setup-4.2.15-27.62.1 spacewalk-client-tools-4.2.15-27.62.1 zypp-plugin-spacewalk-1.0.10-27.24.1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): python2-spacewalk-check-4.2.15-27.62.1 python2-spacewalk-client-setup-4.2.15-27.62.1 python2-spacewalk-client-tools-4.2.15-27.62.1 python2-zypp-plugin-spacewalk-1.0.10-27.24.1 spacecmd-4.2.14-18.96.1 spacewalk-check-4.2.15-27.62.1 spacewalk-client-setup-4.2.15-27.62.1 spacewalk-client-tools-4.2.15-27.62.1 zypp-plugin-spacewalk-1.0.10-27.24.1 References: From sle-updates at lists.suse.com Fri Dec 3 17:36:58 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Dec 2021 18:36:58 +0100 (CET) Subject: SUSE-RU-2021:3919-1: moderate: Recommended update for Salt Message-ID: <20211203173658.90D66FC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for Salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3919-1 Rating: moderate References: #1186738 #1190446 #1191412 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update fixes the following issues: salt: - Use dnfnotify instead yumnotify for relevant distros - Remove wrong '_parse_cpe_name' from 'grains.core' - Dnfnotify pkgset plugin implementation - Add 'rpm_vercmp' python library support for version comparison - Prevent pkg plugins errors on missing cookie path (bsc#1186738) - Fix 'ip6_interface' grain to not leak secondary IPv4 aliases (bsc#1191412) - Make "salt-api" package to require python3-cherrypy on RHEL systems - Make "tar" as required for "salt-transactional-update" package - Do not consider skipped targets as failed for ansible.playbooks state (bsc#1190446) - Fix 'traceback.*_exc()' calls Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-3919=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-3919=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3919=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3919=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): python3-salt-3002.2-8.41.20.1 salt-3002.2-8.41.20.1 salt-api-3002.2-8.41.20.1 salt-cloud-3002.2-8.41.20.1 salt-doc-3002.2-8.41.20.1 salt-master-3002.2-8.41.20.1 salt-minion-3002.2-8.41.20.1 salt-proxy-3002.2-8.41.20.1 salt-ssh-3002.2-8.41.20.1 salt-standalone-formulas-configuration-3002.2-8.41.20.1 salt-syndic-3002.2-8.41.20.1 salt-transactional-update-3002.2-8.41.20.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): salt-bash-completion-3002.2-8.41.20.1 salt-fish-completion-3002.2-8.41.20.1 salt-zsh-completion-3002.2-8.41.20.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): python3-salt-3002.2-8.41.20.1 salt-3002.2-8.41.20.1 salt-api-3002.2-8.41.20.1 salt-cloud-3002.2-8.41.20.1 salt-doc-3002.2-8.41.20.1 salt-master-3002.2-8.41.20.1 salt-minion-3002.2-8.41.20.1 salt-proxy-3002.2-8.41.20.1 salt-ssh-3002.2-8.41.20.1 salt-standalone-formulas-configuration-3002.2-8.41.20.1 salt-syndic-3002.2-8.41.20.1 salt-transactional-update-3002.2-8.41.20.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): salt-bash-completion-3002.2-8.41.20.1 salt-fish-completion-3002.2-8.41.20.1 salt-zsh-completion-3002.2-8.41.20.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): python3-salt-3002.2-8.41.20.1 salt-3002.2-8.41.20.1 salt-api-3002.2-8.41.20.1 salt-cloud-3002.2-8.41.20.1 salt-doc-3002.2-8.41.20.1 salt-master-3002.2-8.41.20.1 salt-minion-3002.2-8.41.20.1 salt-proxy-3002.2-8.41.20.1 salt-ssh-3002.2-8.41.20.1 salt-standalone-formulas-configuration-3002.2-8.41.20.1 salt-syndic-3002.2-8.41.20.1 salt-transactional-update-3002.2-8.41.20.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): salt-bash-completion-3002.2-8.41.20.1 salt-fish-completion-3002.2-8.41.20.1 salt-zsh-completion-3002.2-8.41.20.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): python3-salt-3002.2-8.41.20.1 salt-3002.2-8.41.20.1 salt-api-3002.2-8.41.20.1 salt-cloud-3002.2-8.41.20.1 salt-doc-3002.2-8.41.20.1 salt-master-3002.2-8.41.20.1 salt-minion-3002.2-8.41.20.1 salt-proxy-3002.2-8.41.20.1 salt-ssh-3002.2-8.41.20.1 salt-standalone-formulas-configuration-3002.2-8.41.20.1 salt-syndic-3002.2-8.41.20.1 salt-transactional-update-3002.2-8.41.20.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): salt-bash-completion-3002.2-8.41.20.1 salt-fish-completion-3002.2-8.41.20.1 salt-zsh-completion-3002.2-8.41.20.1 References: https://bugzilla.suse.com/1186738 https://bugzilla.suse.com/1190446 https://bugzilla.suse.com/1191412 From sle-updates at lists.suse.com Fri Dec 3 17:38:29 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Dec 2021 18:38:29 +0100 (CET) Subject: SUSE-RU-2021:3920-1: moderate: Recommended update for salt Message-ID: <20211203173829.72001FC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3920-1 Rating: moderate References: #1186738 #1190446 #1191412 Affected Products: SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for salt fixes the following issues: - Use 'dnfnotify' instead 'yumnotify' for relevant distributions - Remove 'wrong _parse_cpe_name' from 'grains.core' - dnfnotify pkgset plugin implementation - Add 'rpm_vercmp' python library support for version comparison - Prevent pkg plugins errors on missing cookie path (bsc#1186738) - Fix 'ip6_interface' grain to not leak secondary IPv4 aliases (bsc#1191412) - Make "salt-api" package to require 'python3-cherrypy' on RHEL systems - 'tar' is required by minion on 'transactional-update' system - Do not consider skipped targets as failed for 'ansible.playbooks' state (bsc#1190446) - Fix 'traceback.*_exc()' calls Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-3920=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-3920=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-3920=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-3920=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-3920=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-3920=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): python3-salt-3002.2-51.1 salt-3002.2-51.1 salt-api-3002.2-51.1 salt-cloud-3002.2-51.1 salt-doc-3002.2-51.1 salt-master-3002.2-51.1 salt-minion-3002.2-51.1 salt-proxy-3002.2-51.1 salt-ssh-3002.2-51.1 salt-standalone-formulas-configuration-3002.2-51.1 salt-syndic-3002.2-51.1 salt-transactional-update-3002.2-51.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): salt-bash-completion-3002.2-51.1 salt-fish-completion-3002.2-51.1 salt-zsh-completion-3002.2-51.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): python3-salt-3002.2-51.1 salt-3002.2-51.1 salt-api-3002.2-51.1 salt-cloud-3002.2-51.1 salt-doc-3002.2-51.1 salt-master-3002.2-51.1 salt-minion-3002.2-51.1 salt-proxy-3002.2-51.1 salt-ssh-3002.2-51.1 salt-standalone-formulas-configuration-3002.2-51.1 salt-syndic-3002.2-51.1 salt-transactional-update-3002.2-51.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): salt-bash-completion-3002.2-51.1 salt-fish-completion-3002.2-51.1 salt-zsh-completion-3002.2-51.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): python3-salt-3002.2-51.1 salt-3002.2-51.1 salt-api-3002.2-51.1 salt-cloud-3002.2-51.1 salt-doc-3002.2-51.1 salt-master-3002.2-51.1 salt-minion-3002.2-51.1 salt-proxy-3002.2-51.1 salt-ssh-3002.2-51.1 salt-standalone-formulas-configuration-3002.2-51.1 salt-syndic-3002.2-51.1 salt-transactional-update-3002.2-51.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): salt-bash-completion-3002.2-51.1 salt-fish-completion-3002.2-51.1 salt-zsh-completion-3002.2-51.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): python3-salt-3002.2-51.1 salt-3002.2-51.1 salt-api-3002.2-51.1 salt-cloud-3002.2-51.1 salt-doc-3002.2-51.1 salt-master-3002.2-51.1 salt-minion-3002.2-51.1 salt-proxy-3002.2-51.1 salt-ssh-3002.2-51.1 salt-standalone-formulas-configuration-3002.2-51.1 salt-syndic-3002.2-51.1 salt-transactional-update-3002.2-51.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): salt-bash-completion-3002.2-51.1 salt-fish-completion-3002.2-51.1 salt-zsh-completion-3002.2-51.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): python3-salt-3002.2-51.1 salt-3002.2-51.1 salt-api-3002.2-51.1 salt-cloud-3002.2-51.1 salt-doc-3002.2-51.1 salt-master-3002.2-51.1 salt-minion-3002.2-51.1 salt-proxy-3002.2-51.1 salt-ssh-3002.2-51.1 salt-standalone-formulas-configuration-3002.2-51.1 salt-syndic-3002.2-51.1 salt-transactional-update-3002.2-51.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): salt-bash-completion-3002.2-51.1 salt-fish-completion-3002.2-51.1 salt-zsh-completion-3002.2-51.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): python3-salt-3002.2-51.1 salt-3002.2-51.1 salt-api-3002.2-51.1 salt-cloud-3002.2-51.1 salt-doc-3002.2-51.1 salt-master-3002.2-51.1 salt-minion-3002.2-51.1 salt-proxy-3002.2-51.1 salt-ssh-3002.2-51.1 salt-standalone-formulas-configuration-3002.2-51.1 salt-syndic-3002.2-51.1 salt-transactional-update-3002.2-51.1 - SUSE Enterprise Storage 6 (noarch): salt-bash-completion-3002.2-51.1 salt-fish-completion-3002.2-51.1 salt-zsh-completion-3002.2-51.1 - SUSE CaaS Platform 4.0 (x86_64): python3-salt-3002.2-51.1 salt-3002.2-51.1 salt-api-3002.2-51.1 salt-cloud-3002.2-51.1 salt-doc-3002.2-51.1 salt-master-3002.2-51.1 salt-minion-3002.2-51.1 salt-proxy-3002.2-51.1 salt-ssh-3002.2-51.1 salt-standalone-formulas-configuration-3002.2-51.1 salt-syndic-3002.2-51.1 salt-transactional-update-3002.2-51.1 - SUSE CaaS Platform 4.0 (noarch): salt-bash-completion-3002.2-51.1 salt-fish-completion-3002.2-51.1 salt-zsh-completion-3002.2-51.1 References: https://bugzilla.suse.com/1186738 https://bugzilla.suse.com/1190446 https://bugzilla.suse.com/1191412 From sle-updates at lists.suse.com Fri Dec 3 17:40:02 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Dec 2021 18:40:02 +0100 (CET) Subject: SUSE-RU-2021:3921-1: moderate: Recommended update for salt Message-ID: <20211203174002.2A939FC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3921-1 Rating: moderate References: #1186738 #1190446 #1191412 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Transactional Server 15-SP2 SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for salt fixes the following issues: - Use 'dnfnotify' instead 'yumnotify' for relevant distributions - Remove 'wrong _parse_cpe_name' from 'grains.core' - dnfnotify pkgset plugin implementation - Add 'rpm_vercmp' python library support for version comparison - Prevent pkg plugins errors on missing cookie path (bsc#1186738) - Fix 'ip6_interface' grain to not leak secondary IPv4 aliases (bsc#1191412) - Make "salt-api" package to require 'python3-cherrypy' on RHEL systems - 'tar' is required by minion on 'transactional-update' system - Do not consider skipped targets as failed for 'ansible.playbooks' state (bsc#1190446) - Fix 'traceback.*_exc()' calls Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-3921=1 - SUSE Linux Enterprise Module for Transactional Server 15-SP2: zypper in -t patch SUSE-SLE-Module-Transactional-Server-15-SP2-2021-3921=1 - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-3921=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3921=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): python3-salt-3002.2-52.1 salt-3002.2-52.1 salt-minion-3002.2-52.1 salt-transactional-update-3002.2-52.1 - SUSE Linux Enterprise Module for Transactional Server 15-SP2 (aarch64 ppc64le s390x x86_64): salt-transactional-update-3002.2-52.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): salt-api-3002.2-52.1 salt-cloud-3002.2-52.1 salt-master-3002.2-52.1 salt-proxy-3002.2-52.1 salt-ssh-3002.2-52.1 salt-standalone-formulas-configuration-3002.2-52.1 salt-syndic-3002.2-52.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): salt-fish-completion-3002.2-52.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): python3-salt-3002.2-52.1 salt-3002.2-52.1 salt-doc-3002.2-52.1 salt-minion-3002.2-52.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): salt-bash-completion-3002.2-52.1 salt-zsh-completion-3002.2-52.1 References: https://bugzilla.suse.com/1186738 https://bugzilla.suse.com/1190446 https://bugzilla.suse.com/1191412 From sle-updates at lists.suse.com Fri Dec 3 17:41:37 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Dec 2021 18:41:37 +0100 (CET) Subject: SUSE-FU-2021:3924-1: moderate: Feature update for golang-github-prometheus-alertmanager Message-ID: <20211203174137.E1C47FD0A@maintenance.suse.de> SUSE Feature Update: Feature update for golang-github-prometheus-alertmanager ______________________________________________________________________________ Announcement ID: SUSE-FU-2021:3924-1 Rating: moderate References: #1143913 #1176943 SLE-21859 Affected Products: SUSE Manager Tools 15 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 SUSE Enterprise Storage 6 ______________________________________________________________________________ An update that has two feature fixes and contains one feature can now be installed. Description: This feature update for golang-github-prometheus-alertmanager fixes the following issue: Provide version 0.21.0 of golang-github-prometheus-alertmanager (jsc#SLE-21859) - Exclude s390 architecture - Remove systemd and shadow hard requirements - Use the system user provided by the 'system-user-prometheus' subpackge - Add 'prometheus-alertmanager' package alias - Fix building amtool (bsc#1176943) - Fix permissions for '/var/lib/prometheus' to match 'golang-github-prometheus-prometheus' package and avoid installation checks failures - Remove HipChat integration as it is end-of-life. - Remove default assignment of environment variables. - Enforce 512KB event size limit. - Add cluster command to show cluster and peer statuses. - Add redirection from '/' to the routes prefix when it isn't empty. - Add 'max_alerts' option to limit the number of alerts included in the payload. - Improve logs for API v2, notifications and clustering. - Fix child routes not inheriting their parent route's grouping when 'group_by: [...]'. - Fix the receiver selector in the Alerts page when the receiver name contains regular expression metacharacters such as '+'. - Fix error message about start and end time validation. - Fix a potential race condition in dispatcher. - Return an empty array of peers when the clustering is disabled. - Fix the registration of 'alertmanager_dispatcher_aggregation_groups' and 'alertmanager_dispatcher_alert_processing_duration_seconds' metrics. - Always retry notifications with back-off. - Update to build with go1.14 - Refresh example config from upstream - Add 'network-online' (Wants and After) dependency to systemd unit (bsc#1143913) Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 15: zypper in -t patch SUSE-SLE-Manager-Tools-15-2021-3924=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2021-3924=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.1-2021-3924=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-3924=1 Package List: - SUSE Manager Tools 15 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-alertmanager-0.21.0-4.4.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-alertmanager-0.21.0-4.4.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-alertmanager-0.21.0-4.4.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): golang-github-prometheus-alertmanager-0.21.0-4.4.1 References: https://bugzilla.suse.com/1143913 https://bugzilla.suse.com/1176943 From sle-updates at lists.suse.com Fri Dec 3 17:43:01 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Dec 2021 18:43:01 +0100 (CET) Subject: SUSE-FU-2021:3923-1: moderate: Feature update for SUSE Manager Client Tools Message-ID: <20211203174301.0F1E5FD0A@maintenance.suse.de> SUSE Feature Update: Feature update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-FU-2021:3923-1 Rating: moderate References: #1191194 SLE-22351 Affected Products: SUSE Manager Tools 12 ______________________________________________________________________________ An update that has one feature fix and contains one feature can now be installed. Description: This update fixes the following issues: prometheus-blackbox_exporter: - Provide 'prometheus-blackbox_exporter' version 0.19.0 (jsc#SLE-22351) - Use '%set_permissions' and '%verify_permissions' for SUSE Linux Enterprise 12 (bsc#1191194) - Set 'CAP_NET_RAW' capability to allow ICMP requests grafana: - Add URL to package source code in the login page footer spacecmd: - Update translation strings spacewalk-client-tools: - Update translation strings zypp-plugin-spacewalk: - Use proxy configured in 'up2date' config when it is defined - Added RHEL8 build. Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2021-3923=1 Package List: - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): grafana-7.5.7-1.24.1 prometheus-blackbox_exporter-0.19.0-1.3.1 prometheus-blackbox_exporter-debuginfo-0.19.0-1.3.1 - SUSE Manager Tools 12 (noarch): python2-spacewalk-check-4.2.15-52.62.1 python2-spacewalk-client-setup-4.2.15-52.62.1 python2-spacewalk-client-tools-4.2.15-52.62.1 python2-zypp-plugin-spacewalk-1.0.10-30.30.1 spacecmd-4.2.14-38.94.1 spacewalk-check-4.2.15-52.62.1 spacewalk-client-setup-4.2.15-52.62.1 spacewalk-client-tools-4.2.15-52.62.1 zypp-plugin-spacewalk-1.0.10-30.30.1 References: https://bugzilla.suse.com/1191194 From sle-updates at lists.suse.com Fri Dec 3 17:46:46 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Dec 2021 18:46:46 +0100 (CET) Subject: SUSE-RU-2021:3913-1: moderate: Recommended update for Salt Message-ID: <20211203174646.26117FC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for Salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3913-1 Rating: moderate References: #1173103 #1190114 #1190446 #1191285 #1191412 Affected Products: SUSE Manager Tools 12 SUSE Linux Enterprise Module for Advanced Systems Management 12 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update fixes the following issues: salt: - Fix 'tmpfiles.d' configuration for salt to not use legacy paths (bsc#1173103) - Remove wrong '_parse_cpe_name' from 'grains.core' - Prevent tracebacks if directory for cookie is missing - Fix 'file.find' tracebacks with non utf8 file names (bsc#1190114) - Fix 'ip6_interface' grain to not leak secondary IPv4 aliases (bsc#1191412) - Do not consider skipped targets as failed for 'ansible.playbooks' state (bsc#1190446) - Fix 'traceback.*_exc()' calls Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2021-3913=1 - SUSE Linux Enterprise Module for Advanced Systems Management 12: zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2021-3913=1 Package List: - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): python2-salt-3000-46.156.1 python3-salt-3000-46.156.1 salt-3000-46.156.1 salt-doc-3000-46.156.1 salt-minion-3000-46.156.1 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (ppc64le s390x x86_64): python2-salt-3000-46.156.1 salt-3000-46.156.1 salt-api-3000-46.156.1 salt-cloud-3000-46.156.1 salt-doc-3000-46.156.1 salt-master-3000-46.156.1 salt-minion-3000-46.156.1 salt-proxy-3000-46.156.1 salt-ssh-3000-46.156.1 salt-standalone-formulas-configuration-3000-46.156.1 salt-syndic-3000-46.156.1 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (noarch): salt-bash-completion-3000-46.156.1 salt-zsh-completion-3000-46.156.1 References: https://bugzilla.suse.com/1173103 https://bugzilla.suse.com/1190114 https://bugzilla.suse.com/1190446 https://bugzilla.suse.com/1191285 https://bugzilla.suse.com/1191412 From sle-updates at lists.suse.com Fri Dec 3 17:48:31 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Dec 2021 18:48:31 +0100 (CET) Subject: SUSE-RU-2021:14853-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20211203174831.149A6FC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:14853-1 Rating: moderate References: #1186738 #1190446 #1191412 #1191431 ECO-3319 Affected Products: SUSE Manager Ubuntu 18.04-CLIENT-TOOLS ______________________________________________________________________________ An update that has four recommended fixes and contains one feature can now be installed. Description: This update fixes the following issues: salt: - Use dnfnotify instead yumnotify for relevant distros - Remove wrong _parse_cpe_name from grains.core - Dnfnotify pkgset plugin implementation - Add rpm_vercmp python library support for version comparison - Prevent pkg plugins errors on missing cookie path (bsc#1186738) - Fix ip6_interface grain to not leak secondary IPv4 aliases (bsc#1191412) - Make "salt-api" package to require python3-cherrypy on RHEL systems - Make "tar" as required for "salt-transactional-update" package - Do not consider skipped targets as failed for ansible.playbooks state (bsc#1190446) - Fix traceback.*_exc() calls scap-security-guide: - Fix SLE-12 build issue caused by '\xb0' character (bsc#1191431). - Updated to 0.1.58 release (jsc#ECO-3319) - Support for Script Checking Engine (SCE) - Split RHEL 8 CIS profile using new controls file format - CIS Profiles for SLE12 - Initial Ubuntu 20.04 STIG Profiles - Addition of an automated CCE adder spacecmd: - Update translation strings Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS: zypper in -t patch suse-ubu184ct-client-tools-202111-14853=1 Package List: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS (all): salt-common-3002.2+ds-1+101.1 salt-minion-3002.2+ds-1+101.1 scap-security-guide-ubuntu-0.1.58-11.1 spacecmd-4.2.14-38.1 References: https://bugzilla.suse.com/1186738 https://bugzilla.suse.com/1190446 https://bugzilla.suse.com/1191412 https://bugzilla.suse.com/1191431 From sle-updates at lists.suse.com Fri Dec 3 17:51:02 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Dec 2021 18:51:02 +0100 (CET) Subject: SUSE-RU-2021:3915-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20211203175103.0038CFC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3915-1 Rating: moderate References: #1186738 #1190446 #1191412 #1191431 ECO-3319 Affected Products: SUSE Manager Debian 10-CLIENT-TOOLS ______________________________________________________________________________ An update that has four recommended fixes and contains one feature can now be installed. Description: This update fixes the following issues: salt: - Use 'dnfnotify' instead 'yumnotify' for relevant distros - Remove wrong '_parse_cpe_name' from 'grains.core' - Dnfnotify pkgset plugin implementation - Add 'rpm_vercmp' python library support for version comparison - Prevent pkg plugins errors on missing cookie path (bsc#1186738) - Fix 'ip6_interface' grain to not leak secondary IPv4 aliases (bsc#1191412) - Make "salt-api" package to require python3-cherrypy on RHEL systems - Make "tar" as required for "salt-transactional-update" package - Do not consider skipped targets as failed for ansible.playbooks state (bsc#1190446) - Fix 'traceback.*_exc()' calls scap-security-guide: - Fix SUSE Linux Enterprise 12 build issue caused by '\xb0' character (bsc#1191431) - Updated to 0.1.58 release (jsc#ECO-3319) - Support for Script Checking Engine (SCE) - Split RHEL 8 CIS profile using new controls file format - CIS Profiles for SLE12 - Initial Ubuntu 20.04 STIG Profiles - Addition of an automated CCE adder spacecmd: - Update translation strings Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Debian 10-CLIENT-TOOLS: zypper in -t patch SUSE-Debian-10-CLIENT-TOOLS-x86_64-2021-3915=1 Package List: - SUSE Manager Debian 10-CLIENT-TOOLS (all): salt-common-3002.2+ds-1+2.39.1 salt-minion-3002.2+ds-1+2.39.1 scap-security-guide-debian-0.1.58-2.12.1 spacecmd-4.2.14-2.21.1 References: https://bugzilla.suse.com/1186738 https://bugzilla.suse.com/1190446 https://bugzilla.suse.com/1191412 https://bugzilla.suse.com/1191431 From sle-updates at lists.suse.com Fri Dec 3 17:54:51 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Dec 2021 18:54:51 +0100 (CET) Subject: SUSE-RU-2021:3922-1: moderate: Recommended update for salt Message-ID: <20211203175451.AE362FC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3922-1 Rating: moderate References: #1186738 #1190446 #1191412 Affected Products: SUSE MicroOS 5.1 SUSE Linux Enterprise Module for Transactional Server 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for salt fixes the following issues: - Use 'dnfnotify' instead 'yumnotify' for relevant distributions - Remove 'wrong _parse_cpe_name' from 'grains.core' - dnfnotify pkgset plugin implementation - Add 'rpm_vercmp' python library support for version comparison - Prevent pkg plugins errors on missing cookie path (bsc#1186738) - Fix 'ip6_interface' grain to not leak secondary IPv4 aliases (bsc#1191412) - Make "salt-api" package to require 'python3-cherrypy' on RHEL systems - 'tar' is required by minion on 'transactional-update' system - Do not consider skipped targets as failed for 'ansible.playbooks' state (bsc#1190446) - Fix 'traceback.*_exc()' calls Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-3922=1 - SUSE Linux Enterprise Module for Transactional Server 15-SP3: zypper in -t patch SUSE-SLE-Module-Transactional-Server-15-SP3-2021-3922=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-3922=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3922=1 Package List: - SUSE MicroOS 5.1 (aarch64 s390x x86_64): python3-salt-3002.2-53.4.1 salt-3002.2-53.4.1 salt-minion-3002.2-53.4.1 salt-transactional-update-3002.2-53.4.1 - SUSE Linux Enterprise Module for Transactional Server 15-SP3 (aarch64 ppc64le s390x x86_64): salt-transactional-update-3002.2-53.4.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): salt-api-3002.2-53.4.1 salt-cloud-3002.2-53.4.1 salt-master-3002.2-53.4.1 salt-proxy-3002.2-53.4.1 salt-ssh-3002.2-53.4.1 salt-standalone-formulas-configuration-3002.2-53.4.1 salt-syndic-3002.2-53.4.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): salt-fish-completion-3002.2-53.4.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): python3-salt-3002.2-53.4.1 salt-3002.2-53.4.1 salt-doc-3002.2-53.4.1 salt-minion-3002.2-53.4.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): salt-bash-completion-3002.2-53.4.1 salt-zsh-completion-3002.2-53.4.1 References: https://bugzilla.suse.com/1186738 https://bugzilla.suse.com/1190446 https://bugzilla.suse.com/1191412 From sle-updates at lists.suse.com Fri Dec 3 17:56:19 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 3 Dec 2021 18:56:19 +0100 (CET) Subject: SUSE-RU-2021:14855-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20211203175619.A3285FC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:14855-1 Rating: moderate References: #1186738 #1190446 #1191412 #1191431 ECO-3319 Affected Products: SUSE Manager Ubuntu 20.04-CLIENT-TOOLS ______________________________________________________________________________ An update that has four recommended fixes and contains one feature can now be installed. Description: This update fixes the following issues: salt: - Use dnfnotify instead yumnotify for relevant distros - Remove wrong _parse_cpe_name from grains.core - Dnfnotify pkgset plugin implementation - Add rpm_vercmp python library support for version comparison - Prevent pkg plugins errors on missing cookie path (bsc#1186738) - Fix ip6_interface grain to not leak secondary IPv4 aliases (bsc#1191412) - Make "salt-api" package to require python3-cherrypy on RHEL systems - Make "tar" as required for "salt-transactional-update" package - Do not consider skipped targets as failed for ansible.playbooks state (bsc#1190446) - Fix traceback.*_exc() calls scap-security-guide: - Fix SLE-12 build issue caused by '\xb0' character (bsc#1191431). - Updated to 0.1.58 release (jsc#ECO-3319) - Support for Script Checking Engine (SCE) - Split RHEL 8 CIS profile using new controls file format - CIS Profiles for SLE12 - Initial Ubuntu 20.04 STIG Profiles - Addition of an automated CCE adder spacecmd: - Update translation strings Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS: zypper in -t patch suse-ubu204ct-client-tools-202111-14855=1 Package List: - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS (all): salt-common-3002.2+ds-1+2.60.1 salt-minion-3002.2+ds-1+2.60.1 scap-security-guide-ubuntu-0.1.58-2.12.1 spacecmd-4.2.14-2.36.1 References: https://bugzilla.suse.com/1186738 https://bugzilla.suse.com/1190446 https://bugzilla.suse.com/1191412 https://bugzilla.suse.com/1191431 From sle-updates at lists.suse.com Sat Dec 4 07:25:05 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 4 Dec 2021 08:25:05 +0100 (CET) Subject: SUSE-IU-2021:770-1: Security update of suse-sles-15-sp3-chost-byos-v20211202-gen2 Message-ID: <20211204072505.53F98FC9F@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp3-chost-byos-v20211202-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2021:770-1 Image Tags : suse-sles-15-sp3-chost-byos-v20211202-gen2:20211202 Image Release : Severity : important Type : security References : 1014440 1065729 1065729 1085030 1085030 1089118 1094840 1133021 1152472 1152472 1152489 1152489 1154353 1156395 1156395 1157177 1167773 1172073 1172073 1173604 1173604 1176447 1176447 1176774 1176774 1176914 1176914 1176940 1178134 1178134 1180100 1180100 1180749 1181147 1181147 1184673 1184673 1185762 1185762 1186063 1186063 1186071 1186109 1186109 1187153 1187167 1187167 1187190 1187190 1187273 1187958 1188160 1188161 1188563 1188563 1188601 1188623 1188713 1188727 1188869 1189017 1189841 1189841 1189983 1189984 1190006 1190006 1190067 1190067 1190326 1190349 1190349 1190351 1190351 1190356 1190375 1190440 1190479 1190479 1190620 1190620 1190642 1190642 1190795 1190795 1190801 1190801 1190941 1190941 1190984 1191054 1191229 1191229 1191240 1191240 1191241 1191241 1191286 1191315 1191315 1191317 1191317 1191324 1191349 1191349 1191370 1191384 1191384 1191449 1191449 1191450 1191450 1191451 1191451 1191452 1191452 1191455 1191455 1191456 1191456 1191500 1191566 1191609 1191628 1191628 1191645 1191645 1191663 1191663 1191675 1191731 1191731 1191736 1191800 1191800 1191804 1191851 1191867 1191867 1191934 1191934 1191958 1191958 1191980 1192013 1192040 1192040 1192041 1192041 1192074 1192074 1192104 1192107 1192107 1192145 1192145 1192160 1192161 1192214 1192215 1192229 1192246 1192247 1192267 1192283 1192284 1192288 1192337 1192436 1192505 1192549 1192568 1192601 14571 CVE-2016-2124 CVE-2020-25717 CVE-2020-25717 CVE-2020-25718 CVE-2020-25719 CVE-2020-25721 CVE-2020-25722 CVE-2021-23192 CVE-2021-31799 CVE-2021-31810 CVE-2021-32066 CVE-2021-33033 CVE-2021-33033 CVE-2021-34866 CVE-2021-34866 CVE-2021-3542 CVE-2021-3542 CVE-2021-3655 CVE-2021-3655 CVE-2021-3715 CVE-2021-3715 CVE-2021-37159 CVE-2021-3738 CVE-2021-3760 CVE-2021-3760 CVE-2021-3772 CVE-2021-3772 CVE-2021-3896 CVE-2021-3896 CVE-2021-41864 CVE-2021-41864 CVE-2021-42008 CVE-2021-42008 CVE-2021-42252 CVE-2021-42252 CVE-2021-42739 CVE-2021-42739 CVE-2021-43056 CVE-2021-43056 CVE-2021-43389 ----------------------------------------------------------------- The container suse-sles-15-sp3-chost-byos-v20211202-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3638-1 Released: Tue Nov 9 15:15:38 2021 Summary: Recommended update for samba Type: recommended Severity: important References: 1188727,1189017,14571 This update for samba fixes the following issues: Features added: - Add Certificate Auto Enrollment Policy. (jsc#SLE-18456) Bugs fixed: - Fix wrong kvno exported to keytab after net ads changetrustpw due to replication delay. (bsc#1188727) - Fix 'net rpc' authentication when using the machine account. (bsc#1189017) Samba was updated to 4.13.10 * s3: smbd: Ensure POSIX default ACL is mapped into returned Windows ACL for directory handles; (bso#14708); * Take a copy to make sure we don't reference free'd memory; (bso#14721); * s3: lib: Fix talloc heirarcy error in parent_smb_fname(); (bso#14722); * s3: smbd: Remove erroneous TALLOC_FREE(smb_fname_parent) in change_file_owner_to_parent() error path; (bso#14736); * samba-tool: Give better error information when the 'domain backup restore' fails with a duplicate SID; (bso#14575); * smbd: Correctly initialize close timestamp fields; (bso#14714); * Spotlight RPC service doesn't work with vfs_glusterfs; (bso#14740); * ctdb: Fix a crash in run_proc_signal_handler(); (bso#14475); * gensec_krb5: Restore ipv6 support for kpasswd; (bso#14750); * smbXsrv_{open,session,tcon}: Protect smbXsrv_{open,session,tcon}_global_traverse_fn against invalid records; (bso#14752); * samba-tool domain backup offline doesn't work against bind DLZ backend; (bso#14027); * netcmd: Use next_free_rid() function to calculate a SID for restoring a backup; (bso#14669); Samba was updated to 4.13.9: * s3: smbd: SMB1 SMBsplwr doesn't send a reply packet on success; (bso#14696); * Add documentation for dsdb_group_audit and dsdb_group_json_audit to 'log level', synchronise 'log level' in smb.conf with the code; (bso#14689); * Fix smbd panic when two clients open same file; (bso#14672); * Fix memory leak in the RPC server; (bso#14675); * s3: smbd: Fix deferred renames; (bso#14679); * s3-iremotewinspool: Set the per-request memory context; (bso#14675); * rpc_server3: Fix a memleak for internal pipes; (bso#14675); * third_party: Update socket_wrapper to version 1.3.2; (bso#11899); * third_party: Update socket_wrapper to version 1.3.3; (bso#14639); * idmap_rfc2307 and idmap_nss return wrong mapping for uid/gid conflict; (bso#14663); * Fix the build on OmniOS; (bso#14288); Update to 4.13.7 * Release with dependency on ldb version 2.2.1. - Fix wrong kvno exported to keytab after net ads changetrustpw due to replication delay (bsc#1188727) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3647-1 Released: Wed Nov 10 17:34:14 2021 Summary: Security update for samba and ldb Type: security Severity: important References: 1014440,1192214,1192215,1192246,1192247,1192283,1192284,1192505,CVE-2016-2124,CVE-2020-25717,CVE-2020-25718,CVE-2020-25719,CVE-2020-25721,CVE-2020-25722,CVE-2021-23192,CVE-2021-3738 This update for samba and ldb fixes the following issues: - CVE-2020-25718: Fixed that an RODC can issue (forge) administrator tickets to other servers (bsc#1192246). - CVE-2021-3738: Fixed crash in dsdb stack (bsc#1192215). - CVE-2016-2124: Fixed not to fallback to non spnego authentication if we require kerberos (bsc#1014440). - CVE-2020-25717: Fixed privilege escalation inside an AD Domain where a user could become root on domain members (bsc#1192284). - CVE-2020-25719: Fixed AD DC Username based races when no PAC is given (bsc#1192247). - CVE-2020-25722: Fixed AD DC UPN vs samAccountName not checked (top-level bug for AD DC validation issues) (bsc#1192283). - CVE-2021-23192: Fixed dcerpc requests to don't check all fragments against the first auth_state (bsc#1192214). - CVE-2020-25721: Fixed fill in the new HAS_SAM_NAME_AND_SID values (bsc#1192505). Samba was updated to 4.13.13 * rodc_rwdc test flaps;(bso#14868). * Backport bronze bit fixes, tests, and selftest improvements; (bso#14881). * Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze bit' S4U2Proxy Constrained Delegation bypass in Samba with embedded Heimdal;(bso#14642). * Python ldb.msg_diff() memory handling failure;(bso#14836). * 'in' operator on ldb.Message is case sensitive;(bso#14845). * Fix Samba support for UF_NO_AUTH_DATA_REQUIRED;(bso#14871). * Allow special chars like '@' in samAccountName when generating the salt;(bso#14874). * Fix transit path validation;(bso#12998). * Prepare to operate with MIT krb5 >= 1.20;(bso#14870). * rpcclient NetFileEnum and net rpc file both cause lock order violation: brlock.tdb, share_entries.tdb;(bso#14645). * Python ldb.msg_diff() memory handling failure;(bso#14836). * Release LDB 2.3.1 for Samba 4.14.9;(bso#14848). Samba was updated to 4.13.12: * Address a signifcant performance regression in database access in the AD DC since Samba 4.12;(bso#14806). * Fix performance regression in lsa_LookupSids3/LookupNames4 since Samba 4.9 by using an explicit database handle cache; (bso#14807). * An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ;(bso#14817). * Address flapping samba_tool_drs_showrepl test;(bso#14818). * Address flapping dsdb_schema_attributes test;(bso#14819). * An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ;(bso#14817). * Fix CTDB flag/status update race conditions(bso#14784). Samba was updated to 4.13.11: * smbd: panic on force-close share during offload write; (bso#14769). * Fix returned attributes on fake quota file handle and avoid hitting the VFS;(bso#14731). * smbd: 'deadtime' parameter doesn't work anymore;(bso#14783). * net conf list crashes when run as normal user;(bso#14787). * Work around special SMB2 READ response behavior of NetApp Ontap 7.3.7;(bso#14607). * Start the SMB encryption as soon as possible;(bso#14793). * Winbind should not start if the socket path for the privileged pipe is too long;(bso#14792). ldb was updated to 2.2.2: + CVE-2020-25718: samba: An RODC can issue (forge) administrator tickets to other servers; (bsc#1192246); (bso#14558) + CVE-2021-3738: samba: crash in dsdb stack; (bsc#1192215);(bso#14848) Release ldb 2.2.2 + Corrected python behaviour for 'in' for LDAP attributes contained as part of ldb.Message;(bso#14845). + Fix memory handling in ldb.msg_diff Corrected python docstrings;(bso#14836) + Backport bronze bit fixes, tests, and selftest improvements; (bso#14881). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3655-1 Released: Thu Nov 11 11:59:22 2021 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1085030,1152472,1152489,1156395,1172073,1173604,1176447,1176774,1176914,1178134,1180100,1181147,1184673,1185762,1186063,1186109,1187167,1188563,1189841,1190006,1190067,1190349,1190351,1190479,1190620,1190642,1190795,1190801,1190941,1191229,1191240,1191241,1191315,1191317,1191349,1191384,1191449,1191450,1191451,1191452,1191455,1191456,1191628,1191645,1191663,1191731,1191800,1191867,1191934,1191958,1192040,1192041,1192074,1192107,1192145,CVE-2021-33033,CVE-2021-34866,CVE-2021-3542,CVE-2021-3655,CVE-2021-3715,CVE-2021-3760,CVE-2021-3772,CVE-2021-3896,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252,CVE-2021-42739,CVE-2021-43056 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. NOTE: This update was retracted due to a NFS regression. The following security bugs were fixed: - CVE-2021-3772: Fixed sctp vtag check in sctp_sf_ootb (bsc#1190351). - CVE-2021-3655: Fixed a missing size validations on inbound SCTP packets, which may have allowed the kernel to read uninitialized memory (bsc#1188563). - CVE-2021-43056: Fixed possible KVM host crash via malicious KVM guest on Power8 (bnc#1192107). - CVE-2021-3896: Fixed a array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c (bsc#1191958). - CVE-2021-3760: Fixed a use-after-free vulnerability with the ndev->rf_conn_info object (bsc#1190067). - CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673). - CVE-2021-3542: Fixed heap buffer overflow in firedtv driver (bsc#1186063). - CVE-2021-33033: Fixed a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled (bsc#1186109). - CVE-2021-3715: Fixed a use-after-free in route4_change() in net/sched/cls_route.c (bsc#1190349). - CVE-2021-34866: Fixed eBPF Type Confusion Privilege Escalation Vulnerability (bsc#1191645). - CVE-2021-42252: Fixed an issue inside aspeed_lpc_ctrl_mmap that could have allowed local attackers to access the Aspeed LPC control interface to overwrite memory in the kernel and potentially execute privileges (bnc#1190479). - CVE-2021-41864: Fixed prealloc_elems_and_freelist that allowed unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write (bnc#1191317). - CVE-2021-42008: Fixed a slab out-of-bounds write in the decode_data function in drivers/net/hamradio/6pack.c. Input from a process that had the CAP_NET_ADMIN capability could have lead to root access (bsc#1191315). The following non-security bugs were fixed: - ACPI: NFIT: Use fallback node id when numa info in NFIT table is incorrect (git-fixes). - ACPI: bgrt: Fix CFI violation (git-fixes). - ACPI: fix NULL pointer dereference (git-fixes). - ACPI: fix NULL pointer dereference (git-fixes). - ALSA: hda - Enable headphone mic on Dell Latitude laptops with ALC3254 (git-fixes). - ALSA: hda/realtek - ALC236 headset MIC recording issue (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PC50HS (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo X170KM-G (git-fixes). - ALSA: hda/realtek: Add quirk for TongFang PHxTxX1 (git-fixes). - ALSA: hda/realtek: Complete partial device name to avoid ambiguity (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output for Dell Precision 5560 laptop (git-fixes). - ALSA: hda/realtek: Fix for quirk to enable speaker output on the Lenovo 13s Gen2 (git-fixes). - ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW (git-fixes). - ALSA: hda/realtek: Quirks to enable speaker output for Lenovo Legion 7i 15IMHG05, Yoga 7i 14ITL5/15ITL5, and 13s Gen2 laptops (git-fixes). - ALSA: hda: avoid write to STATESTS if controller is in reset (git-fixes). - ALSA: hda: intel: Allow repeatedly probing on codec configuration errors (bsc#1190801). - ALSA: pcm: Workaround for a wrong offset in SYNC_PTR compat ioctl (git-fixes). - ALSA: seq: Fix a potential UAF by wrong private_free call order (git-fixes). - ALSA: usb-audio: Add quirk for VF0770 (git-fixes). - ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset (git-fixes). - ASoC: DAPM: Fix missing kctl change notifications (git-fixes). - ASoC: Intel: Skylake: Fix module configuration for KPB and MIXER (git-fixes). - ASoC: Intel: Skylake: Fix passing loadable flag for module (git-fixes). - ASoC: Intel: bytcr_rt5640: Move 'Platform Clock' routes to the maps for the matching in-/output (git-fixes). - ASoC: Intel: sof_sdw: tag SoundWire BEs as non-atomic (git-fixes). - ASoC: SOF: imx: imx8: Bar index is only valid for IRAM and SRAM types (git-fixes). - ASoC: SOF: imx: imx8m: Bar index is only valid for IRAM and SRAM types (git-fixes). - ASoC: SOF: loader: release_firmware() on load failure to avoid batching (git-fixes). - ASoC: atmel: ATMEL drivers do not need HAS_DMA (git-fixes). - ASoC: dapm: use component prefix when checking widget names (git-fixes). - ASoC: fsl_spdif: register platform component before registering cpu dai (git-fixes). - ASoC: wm8960: Fix clock configuration on slave mode (git-fixes). - Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731). - Configure mpi3mr as currently unsupported (jsc#SLE-18120) - HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS (git-fixes). - HID: betop: fix slab-out-of-bounds Write in betop_probe (git-fixes). - HID: u2fzero: ignore incomplete packets without data (git-fixes). - HID: usbhid: free raw_report buffers in usbhid_stop (git-fixes). - HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs (git-fixes). - ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241). - ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241). - IPv6: reply ICMP error if the first fragment do not include all headers (bsc#1191241). - IPv6: reply ICMP error if the first fragment do not include all headers (bsc#1191241). - Input: snvs_pwrkey - add clk handling (git-fixes). - Input: xpad - add support for another USB ID of Nacon GC-100 (git-fixes). - KVM: PPC: Book3S HV Nested: Reflect guest PMU in-use to L0 when guest SPRs are live (bsc#1156395). - KVM: PPC: Book3S HV Nested: Sanitise H_ENTER_NESTED TM state (bsc#1156395). - KVM: PPC: Book3S HV: Fix copy_tofrom_guest routines (jsc#SLE-12936 git-fixes). - KVM: PPC: Book3S HV: Save host FSCR in the P7/8 path (bsc#1065729). - KVM: PPC: Book3S HV: Tolerate treclaim. in fake-suspend mode changing registers (bsc#1156395). - KVM: PPC: Fix clearing never mapped TCEs in realmode (bsc#1156395). - KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak (bsc#1156395). - NFC: digital: fix possible memory leak in digital_in_send_sdd_req() (git-fixes). - NFC: digital: fix possible memory leak in digital_tg_listen_mdaa() (git-fixes). - NFS: Do uncached readdir when we're seeking a cookie in an empty page cache (bsc#1191628). - PCI: Fix pci_host_bridge struct device release/free handling (git-fixes). - PM / devfreq: rk3399_dmc: Add missing of_node_put() (git-fixes). - PM / devfreq: rk3399_dmc: Disable devfreq-event device when fails (git-fixes). - PM / devfreq: rk3399_dmc: Fix kernel oops when rockchip,pmu is absent (git-fixes). - PM / devfreq: rk3399_dmc: Fix spelling typo (git-fixes). - PM / devfreq: rk3399_dmc: Remove unneeded semicolon (git-fixes). - RDMA/cma: Do not change route.addr.src_addr.ss_family (bsc#1181147). - RDMA/cma: Fix listener leak in rdma_cma_listen_on_all() failure (bsc#1181147). - USB: cdc-acm: clean up probe error labels (git-fixes). - USB: cdc-acm: fix minor-number release (git-fixes). - USB: serial: option: add Quectel EC200S-CN module support (git-fixes). - USB: serial: option: add Telit LE910Cx composition 0x1204 (git-fixes). - USB: serial: option: add prod. id for Quectel EG91 (git-fixes). - USB: serial: qcserial: add EM9191 QDL support (git-fixes). - USB: xhci: dbc: fix tty registration race (git-fixes). - acpi/arm64: fix next_platform_timer() section mismatch error (git-fixes). - acpi/arm64: fix next_platform_timer() section mismatch error (git-fixes). - ata: ahci_platform: fix null-ptr-deref in ahci_platform_enable_regulators() (git-fixes). - ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init() (git-fixes). - audit: fix possible null-pointer dereference in audit_filter_rules (git-fixes). - bfq: Remove merged request already in bfq_requests_merged() (bsc#1191456). - blk: Fix lock inversion between ioc lock and bfqd lock (bsc#1191456). - blktrace: Fix uaf in blk_trace access after removing by sysfs (bsc#1191452). - block: bfq: fix bfq_set_next_ioprio_data() (bsc#1191451). - bnxt_en: make bnxt_free_skbs() safe to call after bnxt_free_mem() (jsc#SLE-16649). - bpf: Add bpf_patch_call_args prototype to include/linux/bpf.h (git-fixes). - bpf: Fix OOB read when printing XDP link fdinfo (git-fixes). - bpf: Fix a typo of reuseport map in bpf.h (git-fixes). - bpf: Fix up bpf_skb_adjust_room helper's skb csum setting (git-fixes). - can: dev: can_restart: fix use after free bug (git-fixes). - can: peak_pci: peak_pci_remove(): fix UAF (git-fixes). - can: peak_usb: fix use after free bugs (git-fixes). - can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification (git-fixes). - can: rcar_can: fix suspend/resume (git-fixes). - can: ti_hecc: ti_hecc_probe(): add missed clk_disable_unprepare() in error path (git-fixes). - can: xilinx_can: handle failure cases of pm_runtime_get_sync (git-fixes). - cb710: avoid NULL pointer subtraction (git-fixes). - ceph: fix handling of 'meta' errors (bsc#1192041). - ceph: skip existing superblocks that are blocklisted or shut down when mounting (bsc#1192040). - cfg80211: correct bridge/4addr mode check (git-fixes). - cfg80211: fix management registrations locking (git-fixes). - cfg80211: scan: fix RCU in cfg80211_add_nontrans_list() (git-fixes). - cpuidle: pseries: Mark pseries_idle_proble() as __init (jsc#SLE-13614 bsc#1176914 ltc#186394 git-fixes). - drm/amd/display: Pass PCI deviceid into DC (git-fixes). - drm/amdgpu: correct initial cp_hqd_quantum for gfx9 (git-fixes). - drm/amdgpu: fix gart.bo pin_count leak (git-fixes). - drm/edid: In connector_bad_edid() cap num_of_ext by num_blocks read (git-fixes). - drm/i915: Fix syncmap memory leak (bsc#1152489) Backporting notes: * context changes in intel_timeline_fini() - drm/msm/dsi: Fix an error code in msm_dsi_modeset_init() (git-fixes). - drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling (git-fixes). - drm/msm: Avoid potential overflow in timeout_to_jiffies() (git-fixes). - drm/msm: Fix null pointer dereference on pointer edp (git-fixes). - drm/nouveau/debugfs: fix file release memory leak (git-fixes). - drm/nouveau/kms/nv50-: fix file release memory leak (git-fixes). - drm/nouveau/kms/tu102-: delay enabling cursor until after assign_windows (git-fixes). - drm/nouveau: avoid a use-after-free when BO init fails (bsc#1152472) - drm/panel: olimex-lcd-olinuxino: select CRC32 (git-fixes). - drm/panfrost: Make sure MMU context lifetime is not bound to (bsc#1152472) - drm/sun4i: dw-hdmi: Fix HDMI PHY clock setup (git-fixes). - e1000e: Drop patch to avoid regressions until real fix is available (bsc#1191663). - e1000e: Fix packet loss on Tiger Lake and later (git-fixes). - e100: fix buffer overrun in e100_get_regs (git-fixes). - e100: fix length calculation in e100_get_regs_len (git-fixes). - e100: handle eeprom as little endian (git-fixes). - ext4: fix reserved space counter leakage (bsc#1191450). - ext4: report correct st_size for encrypted symlinks (bsc#1191449). - fs, mm: fix race in unlinking swapfile (bsc#1191455). - fscrypt: add fscrypt_symlink_getattr() for computing st_size (bsc#1191449). - gpio: pca953x: Improve bias setting (git-fixes). - hso: fix bailout in error case of probe (git-fixes). - i2c: acpi: fix resource leak in reconfiguration device addition (git-fixes). - ice: fix getting UDP tunnel entry (jsc#SLE-12878). - iio: adc128s052: Fix the error handling path of 'adc128_probe()' (git-fixes). - iio: adc: aspeed: set driver data when adc probe (git-fixes). - iio: dac: ti-dac5571: fix an error code in probe() (git-fixes). - iio: light: opt3001: Fixed timeout error when 0 lux (git-fixes). - iio: mtk-auxadc: fix case IIO_CHAN_INFO_PROCESSED (git-fixes). - iio: ssp_sensors: add more range checking in ssp_parse_dataframe() (git-fixes). - iio: ssp_sensors: fix error code in ssp_print_mcu_debug() (git-fixes). - ipv6/netfilter: Discard first fragment not including all headers (bsc#1191241). - ipv6/netfilter: Discard first fragment not including all headers (bsc#1191241). - isdn: cpai: check ctr->cnr to avoid array index out of bound (git-fixes). - isdn: mISDN: Fix sleeping function called from invalid context (git-fixes). - iwlwifi: pcie: add configuration of a Wi-Fi adapter on Dell XPS 15 (git-fixes). - ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup (git-fixes). - kABI workaround for HD-audio probe retry changes (bsc#1190801). - kABI workaround for cfg80211 mgmt_registration_lock changes (git-fixes). - kabi: block: Fix kabi of blk_mq_sched_try_insert_merge() (bsc#1191456). - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167 bsc#1191240 ltc#194716). - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167). - kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as well. Fixes: e98096d5cf85 ('rpm: Abolish scritplet templating (bsc#1189841).') - kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229). - lan78xx: select CRC32 (git-fixes). - libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD (git-fixes). - mac80211: Drop frames from invalid MAC address in ad-hoc mode (git-fixes). - mac80211: check return value of rhashtable_init (git-fixes). - mei: me: add Ice Lake-N device id (git-fixes). - mmc: dw_mmc: exynos: fix the finding clock sample value (git-fixes). - mmc: meson-gx: do not use memcpy_to/fromio for dram-access-quirk (git-fixes). - mmc: vub300: fix control-message timeouts (git-fixes). - net/mlx5: E-Switch, Fix double allocation of acl flow counter (jsc#SLE-15172). - net/mlx5e: IPSEC RX, enable checksum complete (jsc#SLE-15172). - net/mlx5e: RX, Avoid possible data corruption when relaxed ordering and LRO combined (jsc#SLE-15172). - net/sched: ets: fix crash when flipping from 'strict' to 'quantum' (bsc#1176774). - net: batman-adv: fix error handling (git-fixes). - net: can: ems_usb: fix use-after-free in ems_usb_disconnect() (git-fixes). - net: cdc_eem: fix tx fixup skb leak (git-fixes). - net: cdc_ncm: correct overhead in delayed_ndp_size (git-fixes). - net: hns3: check queue id range before using (jsc#SLE-14777). - net: hso: add failure handler for add_net_device (git-fixes). - net: hso: fix NULL-deref on disconnect regression (git-fixes). - net: hso: fix null-ptr-deref during tty device unregistration (git-fixes). - net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241). - net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241). - net: lan78xx: fix division by zero in send path (git-fixes). - net: mana: Fix error handling in mana_create_rxq() (git-fixes, bsc#1191800). - net: usb: Fix uninit-was-stored issue in asix_read_phy_addr() (git-fixes). - netfilter: Drop fragmented ndisc packets assembled in netfilter (git-fixes). - netfilter: conntrack: collect all entries in one cycle (bsc#1173604). - netfilter: xt_IDLETIMER: fix panic that occurs when timer_type has garbage value (bsc#1176447). - nfc: fix error handling of nfc_proto_register() (git-fixes). - nfc: port100: fix using -ERRNO as command type mask (git-fixes). - nvme-fc: avoid race between time out and tear down (bsc#1185762). - nvme-fc: remove freeze/unfreeze around update_nr_hw_queues (bsc#1185762). - nvme-fc: update hardware queues before using them (bsc#1185762). - nvme-pci: Fix abort command id (git-fixes). - nvme-pci: fix error unwind in nvme_map_data (bsc#1191934). - nvme-pci: fix error unwind in nvme_map_data (bsc#1191934). - nvme-pci: refactor nvme_unmap_data (bsc#1191934). - nvme-pci: refactor nvme_unmap_data (bsc#1191934). - nvme: add command id quirk for apple controllers (git-fixes). - ocfs2: fix data corruption after conversion from inline format (bsc#1190795). - pata_legacy: fix a couple uninitialized variable bugs (git-fixes). - phy: mdio: fix memory leak (git-fixes). - platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call (git-fixes). - platform/mellanox: mlxreg-io: Fix read access of n-bytes size attributes (git-fixes). - platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from run_smbios_call (git-fixes). - platform/x86: intel_scu_ipc: Fix busy loop expiry time (git-fixes). - powerpc/64s: Fix entry flush patching w/strict RWX & hash (jsc#SLE-13847 git-fixes). - powerpc/64s: Fix stf mitigation patching w/strict RWX & hash (jsc#SLE-13847 git-fixes). - powerpc/64s: Remove irq mask workaround in accumulate_stolen_time() (jsc#SLE-9246 git-fixes). - powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729). - powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729). - powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729). - powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729). - powerpc/bpf: Use bctrl for making function calls (bsc#1065729). - powerpc/bpf: Use bctrl for making function calls (bsc#1065729). - powerpc/lib/code-patching: Do not use struct 'ppc_inst' for runnable code in tests (jsc#SLE-13847 git-fixes). - powerpc/lib/code-patching: Make instr_is_branch_to_addr() static (jsc#SLE-13847 git-fixes). - powerpc/lib: Fix emulate_step() std test (bsc#1065729). - powerpc/numa: Update cpu_cpu_map on CPU online/offline (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/pseries: Fix build error when NUMA=n (bsc#1190620 ltc#194498 git-fixes). - powerpc/smp: Cache CPU to chip lookup (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Enable CACHE domain for shared processor (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Fix a crash while booting kvm guest with nr_cpus=2 (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Fold cpu_die() into its only caller (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Set numa node before updating mask (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Update cpu_core_map on all PowerPc systems (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/uprobes: Validation for prefixed instruction (jsc#SLE-13847 git-fixes). - powerpc/xive: Discard disabled interrupts in get_irqchip_state() (bsc#1085030 git-fixes). - powerpc: Do not dereference code as 'struct ppc_inst' (uprobe, code-patching, feature-fixups) (jsc#SLE-13847 git-fixes). - powerpc: Do not use 'struct ppc_inst' to reference instruction location (jsc#SLE-13847 git-fixes). - powerpc: Move arch_cpu_idle_dead() into smp.c (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init (git-fixes). - ptp_pch: Load module automatically if ID matches (git-fixes). - ptp_pch: Restore dependency on PCI (git-fixes). - regmap: Fix possible double-free in regcache_rbtree_exit() (git-fixes). - rpm: fix kmp install path - rpm: use _rpmmacrodir (boo#1191384) - scsi: ibmvfc: Fix up duplicate response detection (bsc#1191867 ltc#194757). - scsi: iscsi: Fix deadlock on recovery path during GFP_IO reclaim (git-fixes). - scsi: lpfc: Allow PLOGI retry if previous PLOGI was aborted (bsc#1192145). - scsi: lpfc: Allow fabric node recovery if recovery is in progress before devloss (bsc#1192145). - scsi: lpfc: Correct sysfs reporting of loop support after SFP status change (bsc#1192145). - scsi: lpfc: Fix link down processing to address NULL pointer dereference (bsc#1192145). - scsi: lpfc: Fix memory overwrite during FC-GS I/O abort handling (bsc#1191349). - scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine (bsc#1192145). - scsi: lpfc: Revert LOG_TRACE_EVENT back to LOG_INIT prior to driver_resource_setup() (bsc#1192145). - scsi: lpfc: Update lpfc version to 14.0.0.3 (bsc#1192145). - scsi: lpfc: Wait for successful restart of SLI3 adapter during host sg_reset (bsc#1192145). - scsi: mpi3mr: Add EEDP DIF DIX support (jsc#SLE-18120). - scsi: mpi3mr: Add bios_param SCSI host template hook (jsc#SLE-18120). - scsi: mpi3mr: Add change queue depth support (jsc#SLE-18120). - scsi: mpi3mr: Add event handling debug prints (jsc#SLE-18120). - scsi: mpi3mr: Add mpi30 Rev-R headers and Kconfig (jsc#SLE-18120). - scsi: mpi3mr: Add support for DSN secure firmware check (jsc#SLE-18120). - scsi: mpi3mr: Add support for PCIe device event handling (jsc#SLE-18120). - scsi: mpi3mr: Add support for PM suspend and resume (jsc#SLE-18120). - scsi: mpi3mr: Add support for device add/remove event handling (jsc#SLE-18120). - scsi: mpi3mr: Add support for internal watchdog thread (jsc#SLE-18120). - scsi: mpi3mr: Add support for queue command processing (jsc#SLE-18120). - scsi: mpi3mr: Add support for recovering controller (jsc#SLE-18120). - scsi: mpi3mr: Add support for threaded ISR (jsc#SLE-18120). - scsi: mpi3mr: Add support for timestamp sync with firmware (jsc#SLE-18120). - scsi: mpi3mr: Additional event handling (jsc#SLE-18120). - scsi: mpi3mr: Allow certain commands during pci-remove hook (jsc#SLE-18120). - scsi: mpi3mr: Base driver code (jsc#SLE-18120). - scsi: mpi3mr: Complete support for soft reset (jsc#SLE-18120). - scsi: mpi3mr: Create operational request and reply queue pair (jsc#SLE-18120). - scsi: mpi3mr: Fix error handling in mpi3mr_setup_isr() (git-fixes). - scsi: mpi3mr: Fix missing unlock on error (git-fixes). - scsi: mpi3mr: Hardware workaround for UNMAP commands to NVMe drives (jsc#SLE-18120). - scsi: mpi3mr: Implement SCSI error handler hooks (jsc#SLE-18120). - scsi: mpi3mr: Print IOC info for debugging (jsc#SLE-18120). - scsi: mpi3mr: Print pending host I/Os for debugging (jsc#SLE-18120). - scsi: mpi3mr: Set up IRQs in resume path (jsc#SLE-18120). - scsi: mpi3mr: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (jsc#SLE-18120). - scsi: mpi3mr: Use the proper SCSI midlayer interfaces for PI (jsc#SLE-18120). - scsi: mpi3mr: Wait for pending I/O completions upon detection of VD I/O timeout (jsc#SLE-18120). - scsi: qla2xxx: Add debug print of 64G link speed (bsc#1190941). - scsi: qla2xxx: Add host attribute to trigger MPI hang (bsc#1190941). - scsi: qla2xxx: Add support for mailbox passthru (bsc#1190941). - scsi: qla2xxx: Adjust request/response queue size for 28xx (bsc#1190941). - scsi: qla2xxx: Call process_response_queue() in Tx path (bsc#1190941). - scsi: qla2xxx: Changes to support FCP2 Target (bsc#1190941). - scsi: qla2xxx: Changes to support kdump kernel (bsc#1190941). - scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS (bsc#1190941). - scsi: qla2xxx: Check for firmware capability before creating QPair (bsc#1190941). - scsi: qla2xxx: Display 16G only as supported speeds for 3830c card (bsc#1190941). - scsi: qla2xxx: Do not call fc_block_scsi_eh() during bus reset (bsc#1190941). - scsi: qla2xxx: Fix NPIV create erroneous error (bsc#1190941). - scsi: qla2xxx: Fix NVMe retry (bsc#1190941). - scsi: qla2xxx: Fix NVMe session down detection (bsc#1190941). - scsi: qla2xxx: Fix NVMe | FCP personality change (bsc#1190941). - scsi: qla2xxx: Fix crash in NVMe abort path (bsc#1190941). - scsi: qla2xxx: Fix excessive messages during device logout (bsc#1190941). - scsi: qla2xxx: Fix hang during NVMe session tear down (bsc#1190941). - scsi: qla2xxx: Fix hang on NVMe command timeouts (bsc#1190941). - scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file (bsc#1190941). - scsi: qla2xxx: Fix port type info (bsc#1190941). - scsi: qla2xxx: Fix unsafe removal from linked list (bsc#1190941). - scsi: qla2xxx: Fix use after free in eh_abort path (bsc#1190941). - scsi: qla2xxx: Move heartbeat handling from DPC thread to workqueue (bsc#1190941). - scsi: qla2xxx: Open-code qla2xxx_eh_device_reset() (bsc#1190941). - scsi: qla2xxx: Open-code qla2xxx_eh_target_reset() (bsc#1190941). - scsi: qla2xxx: Remove redundant initialization of pointer req (bsc#1190941). - scsi: qla2xxx: Restore initiator in dual mode (bsc#1190941). - scsi: qla2xxx: Show OS name and version in FDMI-1 (bsc#1190941). - scsi: qla2xxx: Suppress unnecessary log messages during login (bsc#1190941). - scsi: qla2xxx: Sync queue idx with queue_pair_map idx (bsc#1190941). - scsi: qla2xxx: Update version to 10.02.06.100-k (bsc#1190941). - scsi: qla2xxx: Update version to 10.02.06.200-k (bsc#1190941). - scsi: qla2xxx: Update version to 10.02.07.100-k (bsc#1190941). - scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190941). - scsi: qla2xxx: edif: Add N2N support for EDIF (bsc#1190941). - scsi: qla2xxx: edif: Do secure PLOGI when auth app is present (bsc#1190941). - scsi: qla2xxx: edif: Fix EDIF enable flag (bsc#1190941). - scsi: qla2xxx: edif: Fix returnvar.cocci warnings (bsc#1190941). - scsi: qla2xxx: edif: Fix stale session (bsc#1190941). - scsi: qla2xxx: edif: Reject AUTH ELS on session down (bsc#1190941). - scsi: qla2xxx: edif: Use link event to wake up app (bsc#1190941). - scsi: target: Fix the pgr/alua_support_store functions (git-fixes). - sctp: check asoc peer.asconf_capable before processing asconf (bsc#1190351). - soc: qcom: mdt_loader: Drop PT_LOAD check on hash segment (git-fixes). - spi: spi-nxp-fspi: do not depend on a specific node name erratum workaround (git-fixes). - tpm: ibmvtpm: Avoid error message when process gets signal while waiting (bsc#1065729). - usb: chipidea: ci_hdrc_imx: Also search for 'phys' phandle (git-fixes). - usb: hso: fix error handling code of hso_create_net_device (git-fixes). - usb: hso: remove the bailout parameter (git-fixes). - usb: musb: dsps: Fix the probe error path (git-fixes). - video: fbdev: gbefb: Only instantiate device when built for IP32 (git-fixes). - virtio: write back F_VERSION_1 before validate (git-fixes). - watchdog: orion: use 0 for unset heartbeat (git-fixes). - x86/pat: Pass valid address to sanitize_phys() (bsc#1152489). - x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state() fails (bsc#1152489). - x86/sev: Return an error on a returned non-zero SW_EXITINFO1[31:0] (bsc#1178134). - xen: fix setting of max_pfn in shared_info (git-fixes). - xen: reset legacy rtc flag for PV domU (git-fixes). - xfs: Fixed non-directory creation in SGID directories introduced by CVE-2018-13405 patch (bsc#1190006). - xfs: ensure that the inode uid/gid match values match the icdinode ones (bsc#1190006). - xfs: fix I_DONTCACHE (bsc#1192074). - xfs: fix log intent recovery ENOSPC shutdowns when inactivating inodes (bsc#1190642). - xfs: merge the projid fields in struct xfs_icdinode (bsc#1190006). - xfs: remove the icdinode di_uid/di_gid members (bsc#1190006). - xhci: Enable trust tx length quirk for Fresco FL11 USB controller (git-fixes). - xhci: Fix command ring pointer corruption while aborting a command (git-fixes). - xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes). - xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3662-1 Released: Mon Nov 15 19:13:54 2021 Summary: Security update for samba Type: security Severity: important References: 1192601,CVE-2020-25717 This update for samba fixes the following issues: - Fix regression introduced by CVE-2020-25717 patches, winbindd does not start when 'allow trusted domains' is off; (bso#14899); ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3663-1 Released: Mon Nov 15 19:14:32 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1191804 This update for suse-module-tools fixes the following issues: - Update to version 15.3.14: * more fixes for updates under secure boot * cert-script: Deal with existing $cert.delete file (bsc#1191804). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3675-1 Released: Tue Nov 16 17:47:44 2021 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1085030,1089118,1094840,1133021,1152472,1152489,1154353,1156395,1157177,1167773,1172073,1173604,1176447,1176774,1176914,1176940,1178134,1180100,1180749,1181147,1184673,1185762,1186063,1186109,1187167,1188563,1188601,1189841,1190006,1190067,1190349,1190351,1190479,1190620,1190642,1190795,1190801,1190941,1191229,1191240,1191241,1191315,1191317,1191349,1191384,1191449,1191450,1191451,1191452,1191455,1191456,1191628,1191645,1191663,1191731,1191800,1191851,1191867,1191934,1191958,1191980,1192040,1192041,1192074,1192107,1192145,1192229,1192267,1192288,1192549,CVE-2021-33033,CVE-2021-34866,CVE-2021-3542,CVE-2021-3655,CVE-2021-3715,CVE-2021-37159,CVE-2021-3760,CVE-2021-3772,CVE-2021-3896,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252,CVE-2021-42739,CVE-2021-43056,CVE-2021-43389 The following security bugs were fixed: - CVE-2021-3542: Fixed heap buffer overflow in firedtv driver (bsc#1186063). - CVE-2021-3655: Fixed a missing size validations on inbound SCTP packets, which may have allowed the kernel to read uninitialized memory (bsc#1188563). - CVE-2021-3715: Fixed a use-after-free in route4_change() in net/sched/cls_route.c (bsc#1190349). - CVE-2021-3760: Fixed a use-after-free vulnerability with the ndev->rf_conn_info object (bsc#1190067). - CVE-2021-3772: Fixed sctp vtag check in sctp_sf_ootb (bsc#1190351). - CVE-2021-3896: Fixed a array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c (bsc#1191958). - CVE-2021-33033: Fixed a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled (bsc#1186109). - CVE-2021-34866: Fixed eBPF Type Confusion Privilege Escalation Vulnerability (bsc#1191645). - CVE-2021-37159: hso_free_net_device in drivers/net/usb/hso.c called without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free (bnc#1188601). - CVE-2021-41864: Fixed prealloc_elems_and_freelist that allowed unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write (bnc#1191317). - CVE-2021-42008: Fixed a slab out-of-bounds write in the decode_data function in drivers/net/hamradio/6pack.c. Input from a process that had the CAP_NET_ADMIN capability could have lead to root access (bsc#1191315). - CVE-2021-42252: Fixed an issue inside aspeed_lpc_ctrl_mmap that could have allowed local attackers to access the Aspeed LPC control interface to overwrite memory in the kernel and potentially execute privileges (bnc#1190479). - CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673). - CVE-2021-43056: Fixed possible KVM host crash via malicious KVM guest on Power8 (bnc#1192107). - CVE-2021-43389: There was an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958). The following non-security bugs were fixed: - acpi/arm64: fix next_platform_timer() section mismatch error (git-fixes). - ACPI: bgrt: Fix CFI violation (git-fixes). - ACPI: fix NULL pointer dereference (git-fixes). - ACPI: NFIT: Use fallback node id when numa info in NFIT table is incorrect (git-fixes). - Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731). - ALSA: hda: avoid write to STATESTS if controller is in reset (git-fixes). - ALSA: hda - Enable headphone mic on Dell Latitude laptops with ALC3254 (git-fixes). - ALSA: hda: intel: Allow repeatedly probing on codec configuration errors (bsc#1190801). - ALSA: hda/realtek: Add quirk for Clevo PC50HS (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo X170KM-G (git-fixes). - ALSA: hda/realtek: Add quirk for TongFang PHxTxX1 (git-fixes). - ALSA: hda/realtek - ALC236 headset MIC recording issue (git-fixes). - ALSA: hda/realtek: Complete partial device name to avoid ambiguity (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output for Dell Precision 5560 laptop (git-fixes). - ALSA: hda/realtek: Fix for quirk to enable speaker output on the Lenovo 13s Gen2 (git-fixes). - ALSA: hda/realtek: Fix mic mute LED for the HP Spectre x360 14 (git-fixes). - ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW (git-fixes). - ALSA: hda/realtek: Quirks to enable speaker output for Lenovo Legion 7i 15IMHG05, Yoga 7i 14ITL5/15ITL5, and 13s Gen2 laptops (git-fixes). - ALSA: hda: Reduce udelay() at SKL+ position reporting (git-fixes). - ALSA: hda: Use position buffer for SKL+ again (git-fixes). - ALSA: pcm: Workaround for a wrong offset in SYNC_PTR compat ioctl (git-fixes). - ALSA: seq: Fix a potential UAF by wrong private_free call order (git-fixes). - ALSA: ua101: fix division by zero at probe (git-fixes). - ALSA: uapi: Fix a C++ style comment in asound.h (git-fixes). - ALSA: usb-audio: Add quirk for VF0770 (git-fixes). - ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset (git-fixes). - ASoC: atmel: ATMEL drivers do not need HAS_DMA (git-fixes). - ASoC: cs42l42: Correct some register default values (git-fixes). - ASoC: cs42l42: Defer probe if request_threaded_irq() returns EPROBE_DEFER (git-fixes). - ASoC: cs42l42: Do not set defaults for volatile registers (git-fixes). - ASoC: DAPM: Fix missing kctl change notifications (git-fixes). - ASoC: dapm: use component prefix when checking widget names (git-fixes). - ASoC: dt-bindings: cs42l42: Correct description of ts-inv (git-fixes). - ASoC: fsl_spdif: register platform component before registering cpu dai (git-fixes). - ASoC: Intel: bytcr_rt5640: Move 'Platform Clock' routes to the maps for the matching in-/output (git-fixes). - ASoC: Intel: Skylake: Fix module configuration for KPB and MIXER (git-fixes). - ASoC: Intel: Skylake: Fix passing loadable flag for module (git-fixes). - ASoC: Intel: sof_sdw: tag SoundWire BEs as non-atomic (git-fixes). - ASoC: mediatek: mt8195: Remove unsued irqs_lock (git-fixes). - ASoC: rockchip: Use generic dmaengine code (git-fixes). - ASoC: SOF: imx: imx8: Bar index is only valid for IRAM and SRAM types (git-fixes). - ASoC: SOF: imx: imx8m: Bar index is only valid for IRAM and SRAM types (git-fixes). - ASoC: SOF: loader: release_firmware() on load failure to avoid batching (git-fixes). - ASoC: SOF: topology: do not power down primary core during topology removal (git-fixes). - ASoC: topology: Fix stub for snd_soc_tplg_component_remove() (git-fixes). - ASoC: wm8960: Fix clock configuration on slave mode (git-fixes). - ata: ahci_platform: fix null-ptr-deref in ahci_platform_enable_regulators() (git-fixes). - ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init() (git-fixes). - ata: sata_mv: Fix the error handling of mv_chip_id() (git-fixes). - ath10k: fix control-message timeout (git-fixes). - ath10k: fix division by zero in send path (git-fixes). - ath10k: fix max antenna gain unit (git-fixes). - ath10k: Fix missing frame timestamp for beacon/probe-resp (git-fixes). - ath10k: sdio: Add missing BH locking around napi_schdule() (git-fixes). - ath6kl: fix control-message timeout (git-fixes). - ath6kl: fix division by zero in send path (git-fixes). - ath9k: Fix potential interrupt storm on queue reset (git-fixes). - audit: fix possible null-pointer dereference in audit_filter_rules (git-fixes). - b43: fix a lower bounds test (git-fixes). - b43legacy: fix a lower bounds test (git-fixes). - bfq: Remove merged request already in bfq_requests_merged() (bsc#1191456). - blk: Fix lock inversion between ioc lock and bfqd lock (bsc#1191456). - blktrace: Fix uaf in blk_trace access after removing by sysfs (bsc#1191452). - block: bfq: fix bfq_set_next_ioprio_data() (bsc#1191451). - Bluetooth: btmtkuart: fix a memleak in mtk_hci_wmt_sync (git-fixes). - Bluetooth: fix init and cleanup of sco_conn.timeout_work (git-fixes). - bnxt_en: Fix TX timeout when TX ring size is set to the smallest (git-fixes). - bnxt_en: make bnxt_free_skbs() safe to call after bnxt_free_mem() (jsc#SLE-16649). - bpf: Add bpf_patch_call_args prototype to include/linux/bpf.h (git-fixes). - bpf: Fix a typo of reuseport map in bpf.h (git-fixes). - bpf: Fix OOB read when printing XDP link fdinfo (git-fixes). - bpf: Fix up bpf_skb_adjust_room helper's skb csum setting (git-fixes). - can: dev: can_restart: fix use after free bug (git-fixes). - can: peak_pci: peak_pci_remove(): fix UAF (git-fixes). - can: peak_usb: fix use after free bugs (git-fixes). - can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification (git-fixes). - can: rcar_can: fix suspend/resume (git-fixes). - can: ti_hecc: ti_hecc_probe(): add missed clk_disable_unprepare() in error path (git-fixes). - can: xilinx_can: handle failure cases of pm_runtime_get_sync (git-fixes). - cb710: avoid NULL pointer subtraction (git-fixes). - ceph: fix handling of 'meta' errors (bsc#1192041). - ceph: skip existing superblocks that are blocklisted or shut down when mounting (bsc#1192040). - cfg80211: correct bridge/4addr mode check (git-fixes). - cfg80211: fix management registrations locking (git-fixes). - cfg80211: scan: fix RCU in cfg80211_add_nontrans_list() (git-fixes). - Configure mpi3mr as currently unsupported (jsc#SLE-18120) - cpuidle: pseries: Mark pseries_idle_proble() as __init (jsc#SLE-13614 bsc#1176914 ltc#186394 git-fixes). - driver core: add a min_align_mask field to struct device_dma_parameters (bsc#1191851). - drm/amd/display: Pass PCI deviceid into DC (git-fixes). - drm/amdgpu: correct initial cp_hqd_quantum for gfx9 (git-fixes). - drm/amdgpu/display: add quirk handling for stutter mode (git-fixes). - drm/amdgpu: fix gart.bo pin_count leak (git-fixes). - drm/amdgpu: fix warning for overflow check (git-fixes). - drm/amdgpu/gmc6: fix DMA mask from 44 to 40 bits (git-fixes). - drm/edid: In connector_bad_edid() cap num_of_ext by num_blocks read (git-fixes). - drm/i915: Fix syncmap memory leak (bsc#1152489) Backporting notes: * context changes in intel_timeline_fini() - drm/msm: Avoid potential overflow in timeout_to_jiffies() (git-fixes). - drm/msm/dsi: Fix an error code in msm_dsi_modeset_init() (git-fixes). - drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling (git-fixes). - drm/msm: Fix null pointer dereference on pointer edp (git-fixes). - drm/msm: Fix potential NULL dereference in DPU SSPP (git-fixes). - drm/msm: potential error pointer dereference in init() (git-fixes). - drm/msm: uninitialized variable in msm_gem_import() (git-fixes). - drm/nouveau: avoid a use-after-free when BO init fails (bsc#1152472) - drm/nouveau/debugfs: fix file release memory leak (git-fixes). - drm/nouveau/kms/nv50-: fix file release memory leak (git-fixes). - drm/nouveau/kms/tu102-: delay enabling cursor until after assign_windows (git-fixes). - drm/panel: olimex-lcd-olinuxino: select CRC32 (git-fixes). - drm/panfrost: Make sure MMU context lifetime is not bound to (bsc#1152472) - drm/sun4i: dw-hdmi: Fix HDMI PHY clock setup (git-fixes). - drm/sun4i: Fix macros in sun8i_csc.h (git-fixes). - drm/ttm: stop calling tt_swapin in vm_access (git-fixes). - drm/v3d: fix wait for TMU write combiner flush (git-fixes). - e1000e: Drop patch to avoid regressions until real fix is available (bsc#1191663). - e1000e: Fix packet loss on Tiger Lake and later (git-fixes). - e100: fix buffer overrun in e100_get_regs (git-fixes). - e100: fix length calculation in e100_get_regs_len (git-fixes). - e100: handle eeprom as little endian (git-fixes). - EDAC/amd64: Set proper family type for Family 19h Models 20h-2Fh (bsc#1192288). - ext4: fix reserved space counter leakage (bsc#1191450). - ext4: report correct st_size for encrypted symlinks (bsc#1191449). - firmware/psci: fix application of sizeof to pointer (git-fixes). - fscrypt: add fscrypt_symlink_getattr() for computing st_size (bsc#1191449). - fs, mm: fix race in unlinking swapfile (bsc#1191455). - ftrace: Fix scripts/recordmcount.pl due to new binutils (bsc#1192267). - genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP (bsc#1152489). - gpio: pca953x: Improve bias setting (git-fixes). - gve: Avoid freeing NULL pointer (git-fixes). - gve: Correct available tx qpl check (git-fixes). - gve: fix gve_get_stats() (git-fixes). - gve: Properly handle errors in gve_assign_qpl (bsc#1176940). - gve: report 64bit tx_bytes counter from gve_handle_report_stats() (bsc#1176940). - HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS (git-fixes). - HID: betop: fix slab-out-of-bounds Write in betop_probe (git-fixes). - HID: u2fzero: ignore incomplete packets without data (git-fixes). - HID: usbhid: free raw_report buffers in usbhid_stop (git-fixes). - HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs (git-fixes). - hso: fix bailout in error case of probe (git-fixes). - hwmon: Fix possible memleak in __hwmon_device_register() (git-fixes). - hwmon: (pmbus/lm25066) Add offset coefficients (git-fixes). - hwmon: (pmbus/lm25066) Let compiler determine outer dimension of lm25066_coeff (git-fixes). - hwrng: mtk - Force runtime pm ops for sleep ops (git-fixes). - i2c: acpi: fix resource leak in reconfiguration device addition (git-fixes). - i40e: Fix ATR queue selection (git-fixes). - i40e: fix endless loop under rtnl (git-fixes). - i40e: Fix freeing of uninitialized misc IRQ vector (git-fixes). - iavf: fix double unlock of crit_lock (git-fixes). - ibmvnic: delay complete() (bsc#1094840 ltc#167098 git-fixes). - ice: Add missing E810 device ids (jsc#SLE-7966 bsc#1157177). - ice: fix getting UDP tunnel entry (jsc#SLE-12878). - ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241). - iio: adc128s052: Fix the error handling path of 'adc128_probe()' (git-fixes). - iio: adc: aspeed: set driver data when adc probe (git-fixes). - iio: dac: ti-dac5571: fix an error code in probe() (git-fixes). - iio: light: opt3001: Fixed timeout error when 0 lux (git-fixes). - iio: mtk-auxadc: fix case IIO_CHAN_INFO_PROCESSED (git-fixes). - iio: ssp_sensors: add more range checking in ssp_parse_dataframe() (git-fixes). - iio: ssp_sensors: fix error code in ssp_print_mcu_debug() (git-fixes). - Input: i8042 - Add quirk for Fujitsu Lifebook T725 (bsc#1191980). - Input: snvs_pwrkey - add clk handling (git-fixes). - Input: xpad - add support for another USB ID of Nacon GC-100 (git-fixes). - ionic: do not remove netdev->dev_addr when syncing uc list (bsc#1167773). - ipv6/netfilter: Discard first fragment not including all headers (bsc#1191241). - IPv6: reply ICMP error if the first fragment do not include all headers (bsc#1191241). - isdn: cpai: check ctr->cnr to avoid array index out of bound (git-fixes). - isdn: mISDN: Fix sleeping function called from invalid context (git-fixes). - iwlwifi: mvm: fix some kerneldoc issues (git-fixes). - iwlwifi: pcie: add configuration of a Wi-Fi adapter on Dell XPS 15 (git-fixes). - ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup (git-fixes). - kabi: block: Fix kabi of blk_mq_sched_try_insert_merge() (bsc#1191456). - kABI: Fix kABI after 36950f2da1ea (bsc#1191851). - kABI workaround for cfg80211 mgmt_registration_lock changes (git-fixes). - kABI workaround for HD-audio probe retry changes (bsc#1190801). - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167). - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167 bsc#1191240 ltc#194716). - kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as well. Fixes: e98096d5cf85 ('rpm: Abolish scritplet templating (bsc#1189841).') - kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229). - KVM: PPC: Book3S HV: Fix copy_tofrom_guest routines (jsc#SLE-12936 git-fixes). - KVM: PPC: Book3S HV Nested: Reflect guest PMU in-use to L0 when guest SPRs are live (bsc#1156395). - KVM: PPC: Book3S HV Nested: Sanitise H_ENTER_NESTED TM state (bsc#1156395). - KVM: PPC: Book3S HV: Save host FSCR in the P7/8 path (bsc#1065729). - KVM: PPC: Book3S HV: Tolerate treclaim. in fake-suspend mode changing registers (bsc#1156395). - KVM: PPC: Fix clearing never mapped TCEs in realmode (bsc#1156395). - KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak (bsc#1156395). - KVM: s390: extend kvm_s390_shadow_fault to return entry pointer (bsc#1133021). - KVM: s390: index kvm->arch.idle_mask by vcpu_idx (bsc#1133021). - KVM: s390: split kvm_s390_logical_to_effective (bsc#1133021). - KVM: s390: VSIE: correctly handle MVPG when in VSIE (bsc#1133021). - lan78xx: select CRC32 (git-fixes). - libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD (git-fixes). - libertas: Fix possible memory leak in probe and disconnect (git-fixes). - libertas_tf: Fix possible memory leak in probe and disconnect (git-fixes). - mac80211: check return value of rhashtable_init (git-fixes). - mac80211: Drop frames from invalid MAC address in ad-hoc mode (git-fixes). - media: cedrus: Fix SUNXI tile size calculation (git-fixes). - media: cx23885: Fix snd_card_free call on null card pointer (git-fixes). - media: cxd2880-spi: Fix a null pointer dereference on error handling path (git-fixes). - media: dvb-frontends: mn88443x: Handle errors of clk_prepare_enable() (git-fixes). - media: dvb-usb: fix ununit-value in az6027_rc_query (git-fixes). - media: em28xx: add missing em28xx_close_extension (git-fixes). - media: em28xx: Do not use ops->suspend if it is NULL (git-fixes). - media: i2c: ths8200 needs V4L2_ASYNC (git-fixes). - media: ite-cir: IR receiver stop working after receive overflow (git-fixes). - media: mtk-vpu: Fix a resource leak in the error handling path of 'mtk_vpu_probe()' (git-fixes). - media: mxl111sf: change mutex_init() location (git-fixes). - media: radio-wl1273: Avoid card name truncation (git-fixes). - media: si470x: Avoid card name truncation (git-fixes). - media: staging/intel-ipu3: css: Fix wrong size comparison imgu_css_fw_init (git-fixes). - media: TDA1997x: handle short reads of hdmi info frame (git-fixes). - media: tm6000: Avoid card name truncation (git-fixes). - media: v4l2-ioctl: Fix check_ext_ctrls (git-fixes). - media: v4l2-ioctl: S_CTRL output the right value (git-fixes). - mei: me: add Ice Lake-N device id (git-fixes). - memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe (git-fixes). - memstick: avoid out-of-range warning (git-fixes). - memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host() (git-fixes). - mlx5: count all link events (git-fixes). - mlxsw: thermal: Fix out-of-bounds memory accesses (git-fixes). - mmc: dw_mmc: exynos: fix the finding clock sample value (git-fixes). - mmc: meson-gx: do not use memcpy_to/fromio for dram-access-quirk (git-fixes). - mmc: mxs-mmc: disable regulator on error and in the remove function (git-fixes). - mmc: sdhci: Map more voltage level to SDHCI_POWER_330 (git-fixes). - mmc: sdhci-omap: Fix NULL pointer exception if regulator is not configured (git-fixes). - mmc: vub300: fix control-message timeouts (git-fixes). - mt76: mt7615: fix endianness warning in mt7615_mac_write_txwi (git-fixes). - mt76: mt76x02: fix endianness warnings in mt76x02_mac.c (git-fixes). - mt76: mt7915: fix muar_idx in mt7915_mcu_alloc_sta_req() (git-fixes). - mt76: mt7915: fix possible infinite loop release semaphore (git-fixes). - mt76: mt7915: fix sta_rec_wtbl tag len (git-fixes). - mwifiex: fix division by zero in fw download path (git-fixes). - mwifiex: Send DELBA requests according to spec (git-fixes). - net/af_unix: fix a data-race in unix_dgram_poll (bsc#1154353). - net: batman-adv: fix error handling (git-fixes). - net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size() (git-fixes). - net: can: ems_usb: fix use-after-free in ems_usb_disconnect() (git-fixes). - net: cdc_eem: fix tx fixup skb leak (git-fixes). - net: cdc_ncm: correct overhead in delayed_ndp_size (git-fixes). - netfilter: conntrack: collect all entries in one cycle (bsc#1173604). - netfilter: Drop fragmented ndisc packets assembled in netfilter (git-fixes). - netfilter: xt_IDLETIMER: fix panic that occurs when timer_type has garbage value (bsc#1176447). - net: hns3: check queue id range before using (jsc#SLE-14777). - net: hns3: fix vf reset workqueue cannot exit (bsc#1154353). - net: hso: add failure handler for add_net_device (git-fixes). - net: hso: fix NULL-deref on disconnect regression (git-fixes). - net: hso: fix null-ptr-deref during tty device unregistration (git-fixes). - net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241). - net: lan78xx: fix division by zero in send path (git-fixes). - net: mana: Fix error handling in mana_create_rxq() (git-fixes, bsc#1191800). - net/mlx4_en: Do not allow aRFS for encapsulated packets (git-fixes). - net/mlx4_en: Resolve bad operstate value (git-fixes). - net/mlx5e: IPSEC RX, enable checksum complete (jsc#SLE-15172). - net/mlx5e: Mutually exclude RX-FCS and RX-port-timestamp (git-fixes). - net/mlx5e: RX, Avoid possible data corruption when relaxed ordering and LRO combined (jsc#SLE-15172). - net/mlx5: E-Switch, Fix double allocation of acl flow counter (jsc#SLE-15172). - net/mlx5: Fix unpublish devlink parameters (jsc#SLE-8464). - net/mlx5: FWTrace, cancel work on alloc pd error flow (git-fixes). - net/sched: ets: fix crash when flipping from 'strict' to 'quantum' (bsc#1176774). - net: usb: Fix uninit-was-stored issue in asix_read_phy_addr() (git-fixes). - NFC: digital: fix possible memory leak in digital_in_send_sdd_req() (git-fixes). - NFC: digital: fix possible memory leak in digital_tg_listen_mdaa() (git-fixes). - nfc: fix error handling of nfc_proto_register() (git-fixes). - nfc: port100: fix using -ERRNO as command type mask (git-fixes). - nfs: dir_cookie is a pointer to the cookie in older kernels, not the cookie itself. (bsc#1191628 bsc#1192549). - NFS: Do uncached readdir when we're seeking a cookie in an empty page cache (bsc#1191628). - nvme: add command id quirk for apple controllers (git-fixes). - nvme-fc: avoid race between time out and tear down (bsc#1185762). - nvme-fc: remove freeze/unfreeze around update_nr_hw_queues (bsc#1185762). - nvme-fc: update hardware queues before using them (bsc#1185762). - nvme-pci: Fix abort command id (git-fixes). - nvme-pci: fix error unwind in nvme_map_data (bsc#1191934). - nvme-pci: refactor nvme_unmap_data (bsc#1191934). - nvme-pci: set min_align_mask (bsc#1191851). - ocfs2: fix data corruption after conversion from inline format (bsc#1190795). - pata_legacy: fix a couple uninitialized variable bugs (git-fixes). - PCI: Fix pci_host_bridge struct device release/free handling (git-fixes). - phy: mdio: fix memory leak (git-fixes). - platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call (git-fixes). - platform/mellanox: mlxreg-io: Fix read access of n-bytes size attributes (git-fixes). - platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from run_smbios_call (git-fixes). - platform/x86: intel_scu_ipc: Fix busy loop expiry time (git-fixes). - platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning (git-fixes). - PM / devfreq: rk3399_dmc: Add missing of_node_put() (git-fixes). - PM / devfreq: rk3399_dmc: Disable devfreq-event device when fails (git-fixes). - PM / devfreq: rk3399_dmc: Fix kernel oops when rockchip,pmu is absent (git-fixes). - PM / devfreq: rk3399_dmc: Fix spelling typo (git-fixes). - PM / devfreq: rk3399_dmc: Remove unneeded semicolon (git-fixes). - PM: sleep: Do not let 'syscore' devices runtime-suspend during system transitions (git-fixes). - powerpc/64s: Fix entry flush patching w/strict RWX & hash (jsc#SLE-13847 git-fixes). - powerpc/64s: Fix stf mitigation patching w/strict RWX & hash (jsc#SLE-13847 git-fixes). - powerpc/64s: Remove irq mask workaround in accumulate_stolen_time() (jsc#SLE-9246 git-fixes). - powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729). - powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729). - powerpc/bpf: Use bctrl for making function calls (bsc#1065729). - powerpc: Do not dereference code as 'struct ppc_inst' (uprobe, code-patching, feature-fixups) (jsc#SLE-13847 git-fixes). - powerpc: Do not use 'struct ppc_inst' to reference instruction location (jsc#SLE-13847 git-fixes). - powerpc/lib/code-patching: Do not use struct 'ppc_inst' for runnable code in tests (jsc#SLE-13847 git-fixes). - powerpc/lib/code-patching: Make instr_is_branch_to_addr() static (jsc#SLE-13847 git-fixes). - powerpc/lib: Fix emulate_step() std test (bsc#1065729). - powerpc: Move arch_cpu_idle_dead() into smp.c (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/numa: Update cpu_cpu_map on CPU online/offline (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/pseries: Fix build error when NUMA=n (bsc#1190620 ltc#194498 git-fixes). - powerpc/smp: Cache CPU to chip lookup (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Enable CACHE domain for shared processor (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Fix a crash while booting kvm guest with nr_cpus=2 (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Fold cpu_die() into its only caller (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Set numa node before updating mask (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Update cpu_core_map on all PowerPc systems (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/uprobes: Validation for prefixed instruction (jsc#SLE-13847 git-fixes). - powerpc/xive: Discard disabled interrupts in get_irqchip_state() (bsc#1085030 git-fixes). - pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init (git-fixes). - ptp_pch: Load module automatically if ID matches (git-fixes). - ptp_pch: Restore dependency on PCI (git-fixes). - qed: Fix missing error code in qed_slowpath_start() (git-fixes). - qed: Handle management FW error (git-fixes). - qed: rdma - do not wait for resources under hw error recovery flow (git-fixes). - RDMA/cma: Do not change route.addr.src_addr.ss_family (bsc#1181147). - RDMA/cma: Fix listener leak in rdma_cma_listen_on_all() failure (bsc#1181147). - regmap: Fix possible double-free in regcache_rbtree_exit() (git-fixes). - regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-dvs-idx property (git-fixes). - regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled (git-fixes). - rpm: fix kmp install path - rpm: use _rpmmacrodir (boo#1191384) - rsi: fix control-message timeout (git-fixes). - rsi: Fix module dev_oper_mode parameter description (git-fixes). - rsi: stop thread firstly in rsi_91x_init() error handling (git-fixes). - rtl8187: fix control-message timeouts (git-fixes). - scsi: ibmvfc: Fix up duplicate response detection (bsc#1191867 ltc#194757). - scsi: iscsi: Fix deadlock on recovery path during GFP_IO reclaim (git-fixes). - scsi: lpfc: Allow fabric node recovery if recovery is in progress before devloss (bsc#1192145). - scsi: lpfc: Allow PLOGI retry if previous PLOGI was aborted (bsc#1192145). - scsi: lpfc: Correct sysfs reporting of loop support after SFP status change (bsc#1192145). - scsi: lpfc: Fix link down processing to address NULL pointer dereference (bsc#1192145). - scsi: lpfc: Fix memory overwrite during FC-GS I/O abort handling (bsc#1191349). - scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine (bsc#1192145). - scsi: lpfc: Revert LOG_TRACE_EVENT back to LOG_INIT prior to driver_resource_setup() (bsc#1192145). - scsi: lpfc: Update lpfc version to 14.0.0.3 (bsc#1192145). - scsi: lpfc: Wait for successful restart of SLI3 adapter during host sg_reset (bsc#1192145). - scsi: mpi3mr: Add bios_param SCSI host template hook (jsc#SLE-18120). - scsi: mpi3mr: Add change queue depth support (jsc#SLE-18120). - scsi: mpi3mr: Add EEDP DIF DIX support (jsc#SLE-18120). - scsi: mpi3mr: Add event handling debug prints (jsc#SLE-18120). - scsi: mpi3mr: Additional event handling (jsc#SLE-18120). - scsi: mpi3mr: Add mpi30 Rev-R headers and Kconfig (jsc#SLE-18120). - scsi: mpi3mr: Add support for device add/remove event handling (jsc#SLE-18120). - scsi: mpi3mr: Add support for DSN secure firmware check (jsc#SLE-18120). - scsi: mpi3mr: Add support for internal watchdog thread (jsc#SLE-18120). - scsi: mpi3mr: Add support for PCIe device event handling (jsc#SLE-18120). - scsi: mpi3mr: Add support for PM suspend and resume (jsc#SLE-18120). - scsi: mpi3mr: Add support for queue command processing (jsc#SLE-18120). - scsi: mpi3mr: Add support for recovering controller (jsc#SLE-18120). - scsi: mpi3mr: Add support for threaded ISR (jsc#SLE-18120). - scsi: mpi3mr: Add support for timestamp sync with firmware (jsc#SLE-18120). - scsi: mpi3mr: Allow certain commands during pci-remove hook (jsc#SLE-18120). - scsi: mpi3mr: Base driver code (jsc#SLE-18120). - scsi: mpi3mr: Complete support for soft reset (jsc#SLE-18120). - scsi: mpi3mr: Create operational request and reply queue pair (jsc#SLE-18120). - scsi: mpi3mr: Fix error handling in mpi3mr_setup_isr() (git-fixes). - scsi: mpi3mr: Fix missing unlock on error (git-fixes). - scsi: mpi3mr: Hardware workaround for UNMAP commands to NVMe drives (jsc#SLE-18120). - scsi: mpi3mr: Implement SCSI error handler hooks (jsc#SLE-18120). - scsi: mpi3mr: Print IOC info for debugging (jsc#SLE-18120). - scsi: mpi3mr: Print pending host I/Os for debugging (jsc#SLE-18120). - scsi: mpi3mr: Set up IRQs in resume path (jsc#SLE-18120). - scsi: mpi3mr: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (jsc#SLE-18120). - scsi: mpi3mr: Use the proper SCSI midlayer interfaces for PI (jsc#SLE-18120). - scsi: mpi3mr: Wait for pending I/O completions upon detection of VD I/O timeout (jsc#SLE-18120). - scsi: qla2xxx: Add debug print of 64G link speed (bsc#1190941). - scsi: qla2xxx: Add host attribute to trigger MPI hang (bsc#1190941). - scsi: qla2xxx: Add support for mailbox passthru (bsc#1190941). - scsi: qla2xxx: Adjust request/response queue size for 28xx (bsc#1190941). - scsi: qla2xxx: Call process_response_queue() in Tx path (bsc#1190941). - scsi: qla2xxx: Changes to support FCP2 Target (bsc#1190941). - scsi: qla2xxx: Changes to support kdump kernel (bsc#1190941). - scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS (bsc#1190941). - scsi: qla2xxx: Check for firmware capability before creating QPair (bsc#1190941). - scsi: qla2xxx: Display 16G only as supported speeds for 3830c card (bsc#1190941). - scsi: qla2xxx: Do not call fc_block_scsi_eh() during bus reset (bsc#1190941). - scsi: qla2xxx: edif: Add N2N support for EDIF (bsc#1190941). - scsi: qla2xxx: edif: Do secure PLOGI when auth app is present (bsc#1190941). - scsi: qla2xxx: edif: Fix EDIF enable flag (bsc#1190941). - scsi: qla2xxx: edif: Fix returnvar.cocci warnings (bsc#1190941). - scsi: qla2xxx: edif: Fix stale session (bsc#1190941). - scsi: qla2xxx: edif: Reject AUTH ELS on session down (bsc#1190941). - scsi: qla2xxx: edif: Use link event to wake up app (bsc#1190941). - scsi: qla2xxx: Fix crash in NVMe abort path (bsc#1190941). - scsi: qla2xxx: Fix excessive messages during device logout (bsc#1190941). - scsi: qla2xxx: Fix hang during NVMe session tear down (bsc#1190941). - scsi: qla2xxx: Fix hang on NVMe command timeouts (bsc#1190941). - scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file (bsc#1190941). - scsi: qla2xxx: Fix NPIV create erroneous error (bsc#1190941). - scsi: qla2xxx: Fix NVMe | FCP personality change (bsc#1190941). - scsi: qla2xxx: Fix NVMe retry (bsc#1190941). - scsi: qla2xxx: Fix NVMe session down detection (bsc#1190941). - scsi: qla2xxx: Fix port type info (bsc#1190941). - scsi: qla2xxx: Fix unsafe removal from linked list (bsc#1190941). - scsi: qla2xxx: Fix use after free in eh_abort path (bsc#1190941). - scsi: qla2xxx: Move heartbeat handling from DPC thread to workqueue (bsc#1190941). - scsi: qla2xxx: Open-code qla2xxx_eh_device_reset() (bsc#1190941). - scsi: qla2xxx: Open-code qla2xxx_eh_target_reset() (bsc#1190941). - scsi: qla2xxx: Remove redundant initialization of pointer req (bsc#1190941). - scsi: qla2xxx: Restore initiator in dual mode (bsc#1190941). - scsi: qla2xxx: Show OS name and version in FDMI-1 (bsc#1190941). - scsi: qla2xxx: Suppress unnecessary log messages during login (bsc#1190941). - scsi: qla2xxx: Sync queue idx with queue_pair_map idx (bsc#1190941). - scsi: qla2xxx: Update version to 10.02.06.100-k (bsc#1190941). - scsi: qla2xxx: Update version to 10.02.06.200-k (bsc#1190941). - scsi: qla2xxx: Update version to 10.02.07.100-k (bsc#1190941). - scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190941). - scsi: target: Fix the pgr/alua_support_store functions (git-fixes). - sctp: check asoc peer.asconf_capable before processing asconf (bsc#1190351). - soc: qcom: mdt_loader: Drop PT_LOAD check on hash segment (git-fixes). - spi: spi-nxp-fspi: do not depend on a specific node name erratum workaround (git-fixes). - swiotlb: add a IO_TLB_SIZE define (bsc#1191851). - swiotlb: clean up swiotlb_tbl_unmap_single (bsc#1191851). - swiotlb: do not modify orig_addr in swiotlb_tbl_sync_single (bsc#1191851). - swiotlb: factor out an io_tlb_offset helper (bsc#1191851). - swiotlb: factor out a nr_slots helper (bsc#1191851). - swiotlb: refactor swiotlb_tbl_map_single (bsc#1191851). - swiotlb: respect min_align_mask (bsc#1191851). - swiotlb: Split size parameter to map/unmap APIs (bsc#1191851). - tpm: Check for integer overflow in tpm2_map_response_body() (git-fixes). - tpm: ibmvtpm: Avoid error message when process gets signal while waiting (bsc#1065729). - Update patch reference for AMDGPU fix (bsc#1180749) - USB: cdc-acm: clean up probe error labels (git-fixes). - USB: cdc-acm: fix minor-number release (git-fixes). - usb: chipidea: ci_hdrc_imx: Also search for 'phys' phandle (git-fixes). - usb: hso: fix error handling code of hso_create_net_device (git-fixes). - usb: hso: remove the bailout parameter (git-fixes). - usb: musb: dsps: Fix the probe error path (git-fixes). - usbnet: fix error return code in usbnet_probe() (git-fixes). - usbnet: sanity check for maxpacket (git-fixes). - USB: serial: option: add prod. id for Quectel EG91 (git-fixes). - USB: serial: option: add Quectel EC200S-CN module support (git-fixes). - USB: serial: option: add Telit LE910Cx composition 0x1204 (git-fixes). - USB: serial: qcserial: add EM9191 QDL support (git-fixes). - USB: xhci: dbc: fix tty registration race (git-fixes). - video: fbdev: gbefb: Only instantiate device when built for IP32 (git-fixes). - virtio-gpu: fix possible memory allocation failure (git-fixes). - virtio: write back F_VERSION_1 before validate (git-fixes). - watchdog: orion: use 0 for unset heartbeat (git-fixes). - wcn36xx: Add ability for wcn36xx_smd_dump_cmd_req to pass two's complement (git-fixes). - wcn36xx: add proper DMA memory barriers in rx path (git-fixes). - wcn36xx: Fix HT40 capability for 2Ghz band (git-fixes). - x86/ioapic: Force affinity setup before startup (bsc#1152489). - x86/msi: Force affinity setup before startup (bsc#1152489). - x86/pat: Pass valid address to sanitize_phys() (bsc#1152489). - x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions (bsc#1152489). - x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state() fails (bsc#1152489). - x86/sev: Return an error on a returned non-zero SW_EXITINFO1[31:0] (bsc#1178134). - xen: fix setting of max_pfn in shared_info (git-fixes). - xen: reset legacy rtc flag for PV domU (git-fixes). - xfs: do not allow log writes if the data device is readonly (bsc#1192229). - xfs: ensure that the inode uid/gid match values match the icdinode ones (bsc#1190006). - xfs: Fixed non-directory creation in SGID directories introduced by CVE-2018-13405 patch (bsc#1190006). - xfs: fix I_DONTCACHE (bsc#1192074). - xfs: fix log intent recovery ENOSPC shutdowns when inactivating inodes (bsc#1190642). - xfs: merge the projid fields in struct xfs_icdinode (bsc#1190006). - xfs: remove the icdinode di_uid/di_gid members (bsc#1190006). - xhci: Enable trust tx length quirk for Fresco FL11 USB controller (git-fixes). - xhci: Fix command ring pointer corruption while aborting a command (git-fixes). - xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3782-1 Released: Tue Nov 23 23:49:03 2021 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1187190,1188713,1190326 This update for dracut fixes the following issues: - Fixed multipath devices that always default to bfq scheduler (bsc#1188713) - Fixed unbootable system when testing kernel 5.14 (bsc#1190326) - Add support for the new iscsiadm 'no-wait' (-W) command (bsc#1187190) - Add iscsid.service requirements (bsc#1187190) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3786-1 Released: Wed Nov 24 05:59:13 2021 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: important References: 1192160 This update for rpm-config-SUSE fixes the following issues: - Add support for the kernel xz-compressed firmware files (bsc#1192160) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3787-1 Released: Wed Nov 24 06:00:10 2021 Summary: Recommended update for xfsprogs Type: recommended Severity: moderate References: 1189983,1189984,1191500,1191566,1191675 This update for xfsprogs fixes the following issues: - Make libhandle1 an explicit dependency in the xfsprogs-devel package (bsc#1191566) - Remove deprecated barrier/nobarrier mount options from manual pages section 5 (bsc#1191675) - xfs_io: include support for label command (bsc#1191500) - xfs_quota: state command to report all three (-ugp) grace times separately (bsc#1189983) - xfs_admin: add support for external log devices (bsc#1189984) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3790-1 Released: Wed Nov 24 06:10:31 2021 Summary: Recommended update for open-iscsi Type: recommended Severity: moderate References: 1187190,1187958,1188869,1191054,1192013,1192568 This update for open-iscsi fixes the following issues: - Ensure executables are not moved from /sbin to /usr/sbin in SLE (bsc#1192013)(bsc#1191054) - iscsi-init.service default dependencies can cause the boot to hang so they have been removed (bsc#1187190) - IPv6 offload iSCSI lun needs to be exposed during installation (bsc#1187958) - iscsid needs to use the new prctl(PR_SET_IO_FLUSHER) system call (bsc#1188869) - The iscsi-init.service unit can run too early, when root is read-only, causing it to fail (bsc#1192568) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3792-1 Released: Wed Nov 24 06:12:09 2021 Summary: Recommended update for kmod Type: recommended Severity: moderate References: 1192104 This update for kmod fixes the following issues: - Enable ZSTD compression (bsc#1192104)(jsc#SLE-21256) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3799-1 Released: Wed Nov 24 18:07:54 2021 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1187153,1187273,1188623 This update for gcc11 fixes the following issues: The additional GNU compiler collection GCC 11 is provided: To select these compilers install the packages: - gcc11 - gcc-c++11 - and others with 11 prefix. to select them for building: - CC='gcc-11' - CXX='g++-11' The compiler baselibraries (libgcc_s1, libstdc++6 and others) are being replaced by the GCC 11 variants. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3808-1 Released: Fri Nov 26 00:30:54 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186071,1190440,1190984,1192161 This update for systemd fixes the following issues: - Add timestamp to D-Bus events to improve traceability (jsc#SLE-17798) - Fix fd_is_mount_point() when both the parent and directory are network file systems (bsc#1190984) - Support detection for ARM64 Hyper-V guests (bsc#1186071) - Fix systemd-detect-virt not detecting Amazon EC2 Nitro instance (bsc#1190440) - Enable support for Portable Services in openSUSE Leap only (jsc#SLE-21694) - Fix IO scheduler udev rules to address performance issues (jsc#SLE-21032, bsc#1192161) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3838-1 Released: Wed Dec 1 16:07:54 2021 Summary: Security update for ruby2.5 Type: security Severity: important References: 1188160,1188161,1190375,CVE-2021-31799,CVE-2021-31810,CVE-2021-32066 This update for ruby2.5 fixes the following issues: - CVE-2021-31799: Fixed Command injection vulnerability in RDoc (bsc#1190375). - CVE-2021-31810: Fixed trusting FTP PASV responses vulnerability in Net:FTP (bsc#1188161). - CVE-2021-32066: Fixed StartTLS stripping vulnerability in Net:IMAP (bsc#1188160). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3870-1 Released: Thu Dec 2 07:11:50 2021 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1190356,1191286,1191324,1191370,1191609,1192337,1192436 This update for libzypp, zypper fixes the following issues: libzypp: - Check log writer before accessing it (bsc#1192337) - Zypper should keep cached files if transaction is aborted (bsc#1190356) - Require a minimum number of mirrors for multicurl (bsc#1191609) - Fixed slowdowns when rlimit is too high by using procfs to detect niumber of open file descriptors (bsc#1191324) - Fixed zypper incomplete messages when using non English localization (bsc#1191370) - RepoManager: Don't probe for plaindir repository if the URL schema is a plugin (bsc#1191286) - Disable logger in the child process after fork (bsc#1192436) zypper: - Fixed Zypper removing a kernel explicitely pinned that uses uname -r output format as name (openSUSE/zypper#418) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3872-1 Released: Thu Dec 2 07:25:55 2021 Summary: Recommended update for cracklib Type: recommended Severity: moderate References: 1191736 This update for cracklib fixes the following issues: - Enable build time tests (bsc#1191736) The following package changes have been done: - apparmor-abstractions-2.13.6-3.3.1 added - cracklib-dict-small-2.9.7-11.6.1 updated - cracklib-2.9.7-11.6.1 updated - dracut-049.1+suse.216.gf705637b-3.45.1 updated - kernel-default-5.3.18-59.34.1 updated - kmod-29-4.12.1 updated - libcrack2-2.9.7-11.6.1 updated - libdcerpc-binding0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libdcerpc0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libgcc_s1-11.2.1+git610-1.3.9 updated - libkmod2-29-4.12.1 updated - libldb2-2.2.2-3.3.1 updated - libndr-krb5pac0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libndr-nbt0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libndr-standard0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libndr1-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libnetapi0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libopeniscsiusr0_2_0-2.1.5-32.12.1 updated - libruby2_5-2_5-2.5.9-4.20.1 updated - libsamba-credentials0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libsamba-errors0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libsamba-hostconfig0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libsamba-passdb0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libsamba-util0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libsamdb0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libsmbconf0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libsmbldap2-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libstdc++6-11.2.1+git610-1.3.9 updated - libsystemd0-246.16-7.21.1 updated - libtevent-util0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libudev1-246.16-7.21.1 updated - libwbclient0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libzypp-17.28.8-20.1 updated - open-iscsi-2.1.5-32.12.1 updated - python3-ldb-2.2.2-3.3.1 updated - rpm-config-SUSE-1-5.6.1 updated - ruby2.5-stdlib-2.5.9-4.20.1 updated - ruby2.5-2.5.9-4.20.1 updated - samba-libs-python3-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - samba-libs-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - suse-module-tools-15.3.14-3.14.1 updated - systemd-sysvinit-246.16-7.21.1 updated - systemd-246.16-7.21.1 updated - udev-246.16-7.21.1 updated - xfsprogs-4.15.0-4.52.1 updated - zypper-1.14.50-21.1 updated From sle-updates at lists.suse.com Sat Dec 4 07:26:03 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 4 Dec 2021 08:26:03 +0100 (CET) Subject: SUSE-IU-2021:771-1: Security update of suse-sles-15-sp3-chost-byos-v20211202-hvm-ssd-x86_64 Message-ID: <20211204072603.8F00BFC9F@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp3-chost-byos-v20211202-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2021:771-1 Image Tags : suse-sles-15-sp3-chost-byos-v20211202-hvm-ssd-x86_64:20211202 Image Release : Severity : important Type : security References : 1014440 1065729 1065729 1085030 1085030 1089118 1094840 1133021 1152472 1152472 1152489 1152489 1154353 1156395 1156395 1157177 1167773 1172073 1172073 1173604 1173604 1176447 1176447 1176774 1176774 1176914 1176914 1176940 1178134 1178134 1180100 1180100 1180749 1181147 1181147 1184673 1184673 1185232 1185261 1185441 1185464 1185762 1185762 1185961 1186063 1186063 1186071 1186109 1186109 1187071 1187153 1187167 1187167 1187190 1187190 1187260 1187273 1187696 1187958 1188160 1188161 1188563 1188563 1188601 1188623 1188713 1188727 1188869 1189017 1189841 1189841 1189983 1189984 1190006 1190006 1190067 1190067 1190326 1190349 1190349 1190351 1190351 1190356 1190375 1190440 1190479 1190479 1190620 1190620 1190642 1190642 1190795 1190795 1190801 1190801 1190941 1190941 1190984 1191054 1191229 1191229 1191240 1191240 1191241 1191241 1191286 1191315 1191315 1191317 1191317 1191324 1191349 1191349 1191370 1191384 1191384 1191449 1191449 1191450 1191450 1191451 1191451 1191452 1191452 1191455 1191455 1191456 1191456 1191500 1191566 1191609 1191628 1191628 1191645 1191645 1191663 1191663 1191675 1191731 1191731 1191736 1191800 1191800 1191804 1191851 1191867 1191867 1191934 1191934 1191958 1191958 1191980 1192013 1192040 1192040 1192041 1192041 1192074 1192074 1192104 1192107 1192107 1192145 1192145 1192160 1192161 1192214 1192215 1192229 1192246 1192247 1192267 1192283 1192284 1192288 1192337 1192436 1192505 1192549 1192568 1192601 14571 CVE-2016-2124 CVE-2020-25717 CVE-2020-25717 CVE-2020-25718 CVE-2020-25719 CVE-2020-25721 CVE-2020-25722 CVE-2021-23192 CVE-2021-31799 CVE-2021-31810 CVE-2021-32066 CVE-2021-33033 CVE-2021-33033 CVE-2021-34866 CVE-2021-34866 CVE-2021-3542 CVE-2021-3542 CVE-2021-3655 CVE-2021-3655 CVE-2021-3715 CVE-2021-3715 CVE-2021-37159 CVE-2021-3738 CVE-2021-3760 CVE-2021-3760 CVE-2021-3772 CVE-2021-3772 CVE-2021-3896 CVE-2021-3896 CVE-2021-41864 CVE-2021-41864 CVE-2021-42008 CVE-2021-42008 CVE-2021-42252 CVE-2021-42252 CVE-2021-42739 CVE-2021-42739 CVE-2021-43056 CVE-2021-43056 CVE-2021-43389 ----------------------------------------------------------------- The container suse-sles-15-sp3-chost-byos-v20211202-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2464-1 Released: Fri Jul 23 14:20:23 2021 Summary: Recommended update for shim Type: recommended Severity: moderate References: 1185232,1185261,1185441,1185464,1185961,1187071,1187260,1187696 This update for shim fixes the following issues: - shim-install: Always assume 'removable' for Azure to avoid the endless reset loop (bsc#1185464) - Avoid deleting the mirrored RT variables (bsc#1187696) - Split the keys in vendor-dbx.bin to vendor-dbx-sles and vendor-dbx-opensuse for shim-sles and shim-opensuse to reduce the size of MokListXRT (bsc#1185261) + Also update generate-vendor-dbx.sh in dbx-cert.tar.xz - Handle ignore_db and user_insecure_mode correctly (bsc#1185441, bsc#1187071) - Relax the maximum variable size check for u-boot (bsc#1185621) - Relax the check for import_mok_state() when Secure Boot is off. (bsc#1185261) - Ignore the odd LoadOptions length (bsc#1185232) - shim-install: reset def_shim_efi to 'shim.efi' if the given file doesn't exist - Fided the size of rela sections for AArch64 - Disable exporting vendor-dbx to MokListXRT since writing a large RT variable could crash some machines (bsc#1185261) - Avoid potential crash when calling QueryVariableInfo in EFI 1.10 machines (bsc#1187260) - Avoid buffer overflow when copying data to the MOK config table (bsc#1185232) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3638-1 Released: Tue Nov 9 15:15:38 2021 Summary: Recommended update for samba Type: recommended Severity: important References: 1188727,1189017,14571 This update for samba fixes the following issues: Features added: - Add Certificate Auto Enrollment Policy. (jsc#SLE-18456) Bugs fixed: - Fix wrong kvno exported to keytab after net ads changetrustpw due to replication delay. (bsc#1188727) - Fix 'net rpc' authentication when using the machine account. (bsc#1189017) Samba was updated to 4.13.10 * s3: smbd: Ensure POSIX default ACL is mapped into returned Windows ACL for directory handles; (bso#14708); * Take a copy to make sure we don't reference free'd memory; (bso#14721); * s3: lib: Fix talloc heirarcy error in parent_smb_fname(); (bso#14722); * s3: smbd: Remove erroneous TALLOC_FREE(smb_fname_parent) in change_file_owner_to_parent() error path; (bso#14736); * samba-tool: Give better error information when the 'domain backup restore' fails with a duplicate SID; (bso#14575); * smbd: Correctly initialize close timestamp fields; (bso#14714); * Spotlight RPC service doesn't work with vfs_glusterfs; (bso#14740); * ctdb: Fix a crash in run_proc_signal_handler(); (bso#14475); * gensec_krb5: Restore ipv6 support for kpasswd; (bso#14750); * smbXsrv_{open,session,tcon}: Protect smbXsrv_{open,session,tcon}_global_traverse_fn against invalid records; (bso#14752); * samba-tool domain backup offline doesn't work against bind DLZ backend; (bso#14027); * netcmd: Use next_free_rid() function to calculate a SID for restoring a backup; (bso#14669); Samba was updated to 4.13.9: * s3: smbd: SMB1 SMBsplwr doesn't send a reply packet on success; (bso#14696); * Add documentation for dsdb_group_audit and dsdb_group_json_audit to 'log level', synchronise 'log level' in smb.conf with the code; (bso#14689); * Fix smbd panic when two clients open same file; (bso#14672); * Fix memory leak in the RPC server; (bso#14675); * s3: smbd: Fix deferred renames; (bso#14679); * s3-iremotewinspool: Set the per-request memory context; (bso#14675); * rpc_server3: Fix a memleak for internal pipes; (bso#14675); * third_party: Update socket_wrapper to version 1.3.2; (bso#11899); * third_party: Update socket_wrapper to version 1.3.3; (bso#14639); * idmap_rfc2307 and idmap_nss return wrong mapping for uid/gid conflict; (bso#14663); * Fix the build on OmniOS; (bso#14288); Update to 4.13.7 * Release with dependency on ldb version 2.2.1. - Fix wrong kvno exported to keytab after net ads changetrustpw due to replication delay (bsc#1188727) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3647-1 Released: Wed Nov 10 17:34:14 2021 Summary: Security update for samba and ldb Type: security Severity: important References: 1014440,1192214,1192215,1192246,1192247,1192283,1192284,1192505,CVE-2016-2124,CVE-2020-25717,CVE-2020-25718,CVE-2020-25719,CVE-2020-25721,CVE-2020-25722,CVE-2021-23192,CVE-2021-3738 This update for samba and ldb fixes the following issues: - CVE-2020-25718: Fixed that an RODC can issue (forge) administrator tickets to other servers (bsc#1192246). - CVE-2021-3738: Fixed crash in dsdb stack (bsc#1192215). - CVE-2016-2124: Fixed not to fallback to non spnego authentication if we require kerberos (bsc#1014440). - CVE-2020-25717: Fixed privilege escalation inside an AD Domain where a user could become root on domain members (bsc#1192284). - CVE-2020-25719: Fixed AD DC Username based races when no PAC is given (bsc#1192247). - CVE-2020-25722: Fixed AD DC UPN vs samAccountName not checked (top-level bug for AD DC validation issues) (bsc#1192283). - CVE-2021-23192: Fixed dcerpc requests to don't check all fragments against the first auth_state (bsc#1192214). - CVE-2020-25721: Fixed fill in the new HAS_SAM_NAME_AND_SID values (bsc#1192505). Samba was updated to 4.13.13 * rodc_rwdc test flaps;(bso#14868). * Backport bronze bit fixes, tests, and selftest improvements; (bso#14881). * Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze bit' S4U2Proxy Constrained Delegation bypass in Samba with embedded Heimdal;(bso#14642). * Python ldb.msg_diff() memory handling failure;(bso#14836). * 'in' operator on ldb.Message is case sensitive;(bso#14845). * Fix Samba support for UF_NO_AUTH_DATA_REQUIRED;(bso#14871). * Allow special chars like '@' in samAccountName when generating the salt;(bso#14874). * Fix transit path validation;(bso#12998). * Prepare to operate with MIT krb5 >= 1.20;(bso#14870). * rpcclient NetFileEnum and net rpc file both cause lock order violation: brlock.tdb, share_entries.tdb;(bso#14645). * Python ldb.msg_diff() memory handling failure;(bso#14836). * Release LDB 2.3.1 for Samba 4.14.9;(bso#14848). Samba was updated to 4.13.12: * Address a signifcant performance regression in database access in the AD DC since Samba 4.12;(bso#14806). * Fix performance regression in lsa_LookupSids3/LookupNames4 since Samba 4.9 by using an explicit database handle cache; (bso#14807). * An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ;(bso#14817). * Address flapping samba_tool_drs_showrepl test;(bso#14818). * Address flapping dsdb_schema_attributes test;(bso#14819). * An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ;(bso#14817). * Fix CTDB flag/status update race conditions(bso#14784). Samba was updated to 4.13.11: * smbd: panic on force-close share during offload write; (bso#14769). * Fix returned attributes on fake quota file handle and avoid hitting the VFS;(bso#14731). * smbd: 'deadtime' parameter doesn't work anymore;(bso#14783). * net conf list crashes when run as normal user;(bso#14787). * Work around special SMB2 READ response behavior of NetApp Ontap 7.3.7;(bso#14607). * Start the SMB encryption as soon as possible;(bso#14793). * Winbind should not start if the socket path for the privileged pipe is too long;(bso#14792). ldb was updated to 2.2.2: + CVE-2020-25718: samba: An RODC can issue (forge) administrator tickets to other servers; (bsc#1192246); (bso#14558) + CVE-2021-3738: samba: crash in dsdb stack; (bsc#1192215);(bso#14848) Release ldb 2.2.2 + Corrected python behaviour for 'in' for LDAP attributes contained as part of ldb.Message;(bso#14845). + Fix memory handling in ldb.msg_diff Corrected python docstrings;(bso#14836) + Backport bronze bit fixes, tests, and selftest improvements; (bso#14881). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3655-1 Released: Thu Nov 11 11:59:22 2021 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1085030,1152472,1152489,1156395,1172073,1173604,1176447,1176774,1176914,1178134,1180100,1181147,1184673,1185762,1186063,1186109,1187167,1188563,1189841,1190006,1190067,1190349,1190351,1190479,1190620,1190642,1190795,1190801,1190941,1191229,1191240,1191241,1191315,1191317,1191349,1191384,1191449,1191450,1191451,1191452,1191455,1191456,1191628,1191645,1191663,1191731,1191800,1191867,1191934,1191958,1192040,1192041,1192074,1192107,1192145,CVE-2021-33033,CVE-2021-34866,CVE-2021-3542,CVE-2021-3655,CVE-2021-3715,CVE-2021-3760,CVE-2021-3772,CVE-2021-3896,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252,CVE-2021-42739,CVE-2021-43056 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. NOTE: This update was retracted due to a NFS regression. The following security bugs were fixed: - CVE-2021-3772: Fixed sctp vtag check in sctp_sf_ootb (bsc#1190351). - CVE-2021-3655: Fixed a missing size validations on inbound SCTP packets, which may have allowed the kernel to read uninitialized memory (bsc#1188563). - CVE-2021-43056: Fixed possible KVM host crash via malicious KVM guest on Power8 (bnc#1192107). - CVE-2021-3896: Fixed a array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c (bsc#1191958). - CVE-2021-3760: Fixed a use-after-free vulnerability with the ndev->rf_conn_info object (bsc#1190067). - CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673). - CVE-2021-3542: Fixed heap buffer overflow in firedtv driver (bsc#1186063). - CVE-2021-33033: Fixed a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled (bsc#1186109). - CVE-2021-3715: Fixed a use-after-free in route4_change() in net/sched/cls_route.c (bsc#1190349). - CVE-2021-34866: Fixed eBPF Type Confusion Privilege Escalation Vulnerability (bsc#1191645). - CVE-2021-42252: Fixed an issue inside aspeed_lpc_ctrl_mmap that could have allowed local attackers to access the Aspeed LPC control interface to overwrite memory in the kernel and potentially execute privileges (bnc#1190479). - CVE-2021-41864: Fixed prealloc_elems_and_freelist that allowed unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write (bnc#1191317). - CVE-2021-42008: Fixed a slab out-of-bounds write in the decode_data function in drivers/net/hamradio/6pack.c. Input from a process that had the CAP_NET_ADMIN capability could have lead to root access (bsc#1191315). The following non-security bugs were fixed: - ACPI: NFIT: Use fallback node id when numa info in NFIT table is incorrect (git-fixes). - ACPI: bgrt: Fix CFI violation (git-fixes). - ACPI: fix NULL pointer dereference (git-fixes). - ACPI: fix NULL pointer dereference (git-fixes). - ALSA: hda - Enable headphone mic on Dell Latitude laptops with ALC3254 (git-fixes). - ALSA: hda/realtek - ALC236 headset MIC recording issue (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PC50HS (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo X170KM-G (git-fixes). - ALSA: hda/realtek: Add quirk for TongFang PHxTxX1 (git-fixes). - ALSA: hda/realtek: Complete partial device name to avoid ambiguity (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output for Dell Precision 5560 laptop (git-fixes). - ALSA: hda/realtek: Fix for quirk to enable speaker output on the Lenovo 13s Gen2 (git-fixes). - ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW (git-fixes). - ALSA: hda/realtek: Quirks to enable speaker output for Lenovo Legion 7i 15IMHG05, Yoga 7i 14ITL5/15ITL5, and 13s Gen2 laptops (git-fixes). - ALSA: hda: avoid write to STATESTS if controller is in reset (git-fixes). - ALSA: hda: intel: Allow repeatedly probing on codec configuration errors (bsc#1190801). - ALSA: pcm: Workaround for a wrong offset in SYNC_PTR compat ioctl (git-fixes). - ALSA: seq: Fix a potential UAF by wrong private_free call order (git-fixes). - ALSA: usb-audio: Add quirk for VF0770 (git-fixes). - ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset (git-fixes). - ASoC: DAPM: Fix missing kctl change notifications (git-fixes). - ASoC: Intel: Skylake: Fix module configuration for KPB and MIXER (git-fixes). - ASoC: Intel: Skylake: Fix passing loadable flag for module (git-fixes). - ASoC: Intel: bytcr_rt5640: Move 'Platform Clock' routes to the maps for the matching in-/output (git-fixes). - ASoC: Intel: sof_sdw: tag SoundWire BEs as non-atomic (git-fixes). - ASoC: SOF: imx: imx8: Bar index is only valid for IRAM and SRAM types (git-fixes). - ASoC: SOF: imx: imx8m: Bar index is only valid for IRAM and SRAM types (git-fixes). - ASoC: SOF: loader: release_firmware() on load failure to avoid batching (git-fixes). - ASoC: atmel: ATMEL drivers do not need HAS_DMA (git-fixes). - ASoC: dapm: use component prefix when checking widget names (git-fixes). - ASoC: fsl_spdif: register platform component before registering cpu dai (git-fixes). - ASoC: wm8960: Fix clock configuration on slave mode (git-fixes). - Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731). - Configure mpi3mr as currently unsupported (jsc#SLE-18120) - HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS (git-fixes). - HID: betop: fix slab-out-of-bounds Write in betop_probe (git-fixes). - HID: u2fzero: ignore incomplete packets without data (git-fixes). - HID: usbhid: free raw_report buffers in usbhid_stop (git-fixes). - HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs (git-fixes). - ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241). - ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241). - IPv6: reply ICMP error if the first fragment do not include all headers (bsc#1191241). - IPv6: reply ICMP error if the first fragment do not include all headers (bsc#1191241). - Input: snvs_pwrkey - add clk handling (git-fixes). - Input: xpad - add support for another USB ID of Nacon GC-100 (git-fixes). - KVM: PPC: Book3S HV Nested: Reflect guest PMU in-use to L0 when guest SPRs are live (bsc#1156395). - KVM: PPC: Book3S HV Nested: Sanitise H_ENTER_NESTED TM state (bsc#1156395). - KVM: PPC: Book3S HV: Fix copy_tofrom_guest routines (jsc#SLE-12936 git-fixes). - KVM: PPC: Book3S HV: Save host FSCR in the P7/8 path (bsc#1065729). - KVM: PPC: Book3S HV: Tolerate treclaim. in fake-suspend mode changing registers (bsc#1156395). - KVM: PPC: Fix clearing never mapped TCEs in realmode (bsc#1156395). - KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak (bsc#1156395). - NFC: digital: fix possible memory leak in digital_in_send_sdd_req() (git-fixes). - NFC: digital: fix possible memory leak in digital_tg_listen_mdaa() (git-fixes). - NFS: Do uncached readdir when we're seeking a cookie in an empty page cache (bsc#1191628). - PCI: Fix pci_host_bridge struct device release/free handling (git-fixes). - PM / devfreq: rk3399_dmc: Add missing of_node_put() (git-fixes). - PM / devfreq: rk3399_dmc: Disable devfreq-event device when fails (git-fixes). - PM / devfreq: rk3399_dmc: Fix kernel oops when rockchip,pmu is absent (git-fixes). - PM / devfreq: rk3399_dmc: Fix spelling typo (git-fixes). - PM / devfreq: rk3399_dmc: Remove unneeded semicolon (git-fixes). - RDMA/cma: Do not change route.addr.src_addr.ss_family (bsc#1181147). - RDMA/cma: Fix listener leak in rdma_cma_listen_on_all() failure (bsc#1181147). - USB: cdc-acm: clean up probe error labels (git-fixes). - USB: cdc-acm: fix minor-number release (git-fixes). - USB: serial: option: add Quectel EC200S-CN module support (git-fixes). - USB: serial: option: add Telit LE910Cx composition 0x1204 (git-fixes). - USB: serial: option: add prod. id for Quectel EG91 (git-fixes). - USB: serial: qcserial: add EM9191 QDL support (git-fixes). - USB: xhci: dbc: fix tty registration race (git-fixes). - acpi/arm64: fix next_platform_timer() section mismatch error (git-fixes). - acpi/arm64: fix next_platform_timer() section mismatch error (git-fixes). - ata: ahci_platform: fix null-ptr-deref in ahci_platform_enable_regulators() (git-fixes). - ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init() (git-fixes). - audit: fix possible null-pointer dereference in audit_filter_rules (git-fixes). - bfq: Remove merged request already in bfq_requests_merged() (bsc#1191456). - blk: Fix lock inversion between ioc lock and bfqd lock (bsc#1191456). - blktrace: Fix uaf in blk_trace access after removing by sysfs (bsc#1191452). - block: bfq: fix bfq_set_next_ioprio_data() (bsc#1191451). - bnxt_en: make bnxt_free_skbs() safe to call after bnxt_free_mem() (jsc#SLE-16649). - bpf: Add bpf_patch_call_args prototype to include/linux/bpf.h (git-fixes). - bpf: Fix OOB read when printing XDP link fdinfo (git-fixes). - bpf: Fix a typo of reuseport map in bpf.h (git-fixes). - bpf: Fix up bpf_skb_adjust_room helper's skb csum setting (git-fixes). - can: dev: can_restart: fix use after free bug (git-fixes). - can: peak_pci: peak_pci_remove(): fix UAF (git-fixes). - can: peak_usb: fix use after free bugs (git-fixes). - can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification (git-fixes). - can: rcar_can: fix suspend/resume (git-fixes). - can: ti_hecc: ti_hecc_probe(): add missed clk_disable_unprepare() in error path (git-fixes). - can: xilinx_can: handle failure cases of pm_runtime_get_sync (git-fixes). - cb710: avoid NULL pointer subtraction (git-fixes). - ceph: fix handling of 'meta' errors (bsc#1192041). - ceph: skip existing superblocks that are blocklisted or shut down when mounting (bsc#1192040). - cfg80211: correct bridge/4addr mode check (git-fixes). - cfg80211: fix management registrations locking (git-fixes). - cfg80211: scan: fix RCU in cfg80211_add_nontrans_list() (git-fixes). - cpuidle: pseries: Mark pseries_idle_proble() as __init (jsc#SLE-13614 bsc#1176914 ltc#186394 git-fixes). - drm/amd/display: Pass PCI deviceid into DC (git-fixes). - drm/amdgpu: correct initial cp_hqd_quantum for gfx9 (git-fixes). - drm/amdgpu: fix gart.bo pin_count leak (git-fixes). - drm/edid: In connector_bad_edid() cap num_of_ext by num_blocks read (git-fixes). - drm/i915: Fix syncmap memory leak (bsc#1152489) Backporting notes: * context changes in intel_timeline_fini() - drm/msm/dsi: Fix an error code in msm_dsi_modeset_init() (git-fixes). - drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling (git-fixes). - drm/msm: Avoid potential overflow in timeout_to_jiffies() (git-fixes). - drm/msm: Fix null pointer dereference on pointer edp (git-fixes). - drm/nouveau/debugfs: fix file release memory leak (git-fixes). - drm/nouveau/kms/nv50-: fix file release memory leak (git-fixes). - drm/nouveau/kms/tu102-: delay enabling cursor until after assign_windows (git-fixes). - drm/nouveau: avoid a use-after-free when BO init fails (bsc#1152472) - drm/panel: olimex-lcd-olinuxino: select CRC32 (git-fixes). - drm/panfrost: Make sure MMU context lifetime is not bound to (bsc#1152472) - drm/sun4i: dw-hdmi: Fix HDMI PHY clock setup (git-fixes). - e1000e: Drop patch to avoid regressions until real fix is available (bsc#1191663). - e1000e: Fix packet loss on Tiger Lake and later (git-fixes). - e100: fix buffer overrun in e100_get_regs (git-fixes). - e100: fix length calculation in e100_get_regs_len (git-fixes). - e100: handle eeprom as little endian (git-fixes). - ext4: fix reserved space counter leakage (bsc#1191450). - ext4: report correct st_size for encrypted symlinks (bsc#1191449). - fs, mm: fix race in unlinking swapfile (bsc#1191455). - fscrypt: add fscrypt_symlink_getattr() for computing st_size (bsc#1191449). - gpio: pca953x: Improve bias setting (git-fixes). - hso: fix bailout in error case of probe (git-fixes). - i2c: acpi: fix resource leak in reconfiguration device addition (git-fixes). - ice: fix getting UDP tunnel entry (jsc#SLE-12878). - iio: adc128s052: Fix the error handling path of 'adc128_probe()' (git-fixes). - iio: adc: aspeed: set driver data when adc probe (git-fixes). - iio: dac: ti-dac5571: fix an error code in probe() (git-fixes). - iio: light: opt3001: Fixed timeout error when 0 lux (git-fixes). - iio: mtk-auxadc: fix case IIO_CHAN_INFO_PROCESSED (git-fixes). - iio: ssp_sensors: add more range checking in ssp_parse_dataframe() (git-fixes). - iio: ssp_sensors: fix error code in ssp_print_mcu_debug() (git-fixes). - ipv6/netfilter: Discard first fragment not including all headers (bsc#1191241). - ipv6/netfilter: Discard first fragment not including all headers (bsc#1191241). - isdn: cpai: check ctr->cnr to avoid array index out of bound (git-fixes). - isdn: mISDN: Fix sleeping function called from invalid context (git-fixes). - iwlwifi: pcie: add configuration of a Wi-Fi adapter on Dell XPS 15 (git-fixes). - ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup (git-fixes). - kABI workaround for HD-audio probe retry changes (bsc#1190801). - kABI workaround for cfg80211 mgmt_registration_lock changes (git-fixes). - kabi: block: Fix kabi of blk_mq_sched_try_insert_merge() (bsc#1191456). - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167 bsc#1191240 ltc#194716). - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167). - kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as well. Fixes: e98096d5cf85 ('rpm: Abolish scritplet templating (bsc#1189841).') - kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229). - lan78xx: select CRC32 (git-fixes). - libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD (git-fixes). - mac80211: Drop frames from invalid MAC address in ad-hoc mode (git-fixes). - mac80211: check return value of rhashtable_init (git-fixes). - mei: me: add Ice Lake-N device id (git-fixes). - mmc: dw_mmc: exynos: fix the finding clock sample value (git-fixes). - mmc: meson-gx: do not use memcpy_to/fromio for dram-access-quirk (git-fixes). - mmc: vub300: fix control-message timeouts (git-fixes). - net/mlx5: E-Switch, Fix double allocation of acl flow counter (jsc#SLE-15172). - net/mlx5e: IPSEC RX, enable checksum complete (jsc#SLE-15172). - net/mlx5e: RX, Avoid possible data corruption when relaxed ordering and LRO combined (jsc#SLE-15172). - net/sched: ets: fix crash when flipping from 'strict' to 'quantum' (bsc#1176774). - net: batman-adv: fix error handling (git-fixes). - net: can: ems_usb: fix use-after-free in ems_usb_disconnect() (git-fixes). - net: cdc_eem: fix tx fixup skb leak (git-fixes). - net: cdc_ncm: correct overhead in delayed_ndp_size (git-fixes). - net: hns3: check queue id range before using (jsc#SLE-14777). - net: hso: add failure handler for add_net_device (git-fixes). - net: hso: fix NULL-deref on disconnect regression (git-fixes). - net: hso: fix null-ptr-deref during tty device unregistration (git-fixes). - net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241). - net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241). - net: lan78xx: fix division by zero in send path (git-fixes). - net: mana: Fix error handling in mana_create_rxq() (git-fixes, bsc#1191800). - net: usb: Fix uninit-was-stored issue in asix_read_phy_addr() (git-fixes). - netfilter: Drop fragmented ndisc packets assembled in netfilter (git-fixes). - netfilter: conntrack: collect all entries in one cycle (bsc#1173604). - netfilter: xt_IDLETIMER: fix panic that occurs when timer_type has garbage value (bsc#1176447). - nfc: fix error handling of nfc_proto_register() (git-fixes). - nfc: port100: fix using -ERRNO as command type mask (git-fixes). - nvme-fc: avoid race between time out and tear down (bsc#1185762). - nvme-fc: remove freeze/unfreeze around update_nr_hw_queues (bsc#1185762). - nvme-fc: update hardware queues before using them (bsc#1185762). - nvme-pci: Fix abort command id (git-fixes). - nvme-pci: fix error unwind in nvme_map_data (bsc#1191934). - nvme-pci: fix error unwind in nvme_map_data (bsc#1191934). - nvme-pci: refactor nvme_unmap_data (bsc#1191934). - nvme-pci: refactor nvme_unmap_data (bsc#1191934). - nvme: add command id quirk for apple controllers (git-fixes). - ocfs2: fix data corruption after conversion from inline format (bsc#1190795). - pata_legacy: fix a couple uninitialized variable bugs (git-fixes). - phy: mdio: fix memory leak (git-fixes). - platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call (git-fixes). - platform/mellanox: mlxreg-io: Fix read access of n-bytes size attributes (git-fixes). - platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from run_smbios_call (git-fixes). - platform/x86: intel_scu_ipc: Fix busy loop expiry time (git-fixes). - powerpc/64s: Fix entry flush patching w/strict RWX & hash (jsc#SLE-13847 git-fixes). - powerpc/64s: Fix stf mitigation patching w/strict RWX & hash (jsc#SLE-13847 git-fixes). - powerpc/64s: Remove irq mask workaround in accumulate_stolen_time() (jsc#SLE-9246 git-fixes). - powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729). - powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729). - powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729). - powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729). - powerpc/bpf: Use bctrl for making function calls (bsc#1065729). - powerpc/bpf: Use bctrl for making function calls (bsc#1065729). - powerpc/lib/code-patching: Do not use struct 'ppc_inst' for runnable code in tests (jsc#SLE-13847 git-fixes). - powerpc/lib/code-patching: Make instr_is_branch_to_addr() static (jsc#SLE-13847 git-fixes). - powerpc/lib: Fix emulate_step() std test (bsc#1065729). - powerpc/numa: Update cpu_cpu_map on CPU online/offline (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/pseries: Fix build error when NUMA=n (bsc#1190620 ltc#194498 git-fixes). - powerpc/smp: Cache CPU to chip lookup (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Enable CACHE domain for shared processor (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Fix a crash while booting kvm guest with nr_cpus=2 (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Fold cpu_die() into its only caller (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Set numa node before updating mask (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Update cpu_core_map on all PowerPc systems (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/uprobes: Validation for prefixed instruction (jsc#SLE-13847 git-fixes). - powerpc/xive: Discard disabled interrupts in get_irqchip_state() (bsc#1085030 git-fixes). - powerpc: Do not dereference code as 'struct ppc_inst' (uprobe, code-patching, feature-fixups) (jsc#SLE-13847 git-fixes). - powerpc: Do not use 'struct ppc_inst' to reference instruction location (jsc#SLE-13847 git-fixes). - powerpc: Move arch_cpu_idle_dead() into smp.c (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init (git-fixes). - ptp_pch: Load module automatically if ID matches (git-fixes). - ptp_pch: Restore dependency on PCI (git-fixes). - regmap: Fix possible double-free in regcache_rbtree_exit() (git-fixes). - rpm: fix kmp install path - rpm: use _rpmmacrodir (boo#1191384) - scsi: ibmvfc: Fix up duplicate response detection (bsc#1191867 ltc#194757). - scsi: iscsi: Fix deadlock on recovery path during GFP_IO reclaim (git-fixes). - scsi: lpfc: Allow PLOGI retry if previous PLOGI was aborted (bsc#1192145). - scsi: lpfc: Allow fabric node recovery if recovery is in progress before devloss (bsc#1192145). - scsi: lpfc: Correct sysfs reporting of loop support after SFP status change (bsc#1192145). - scsi: lpfc: Fix link down processing to address NULL pointer dereference (bsc#1192145). - scsi: lpfc: Fix memory overwrite during FC-GS I/O abort handling (bsc#1191349). - scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine (bsc#1192145). - scsi: lpfc: Revert LOG_TRACE_EVENT back to LOG_INIT prior to driver_resource_setup() (bsc#1192145). - scsi: lpfc: Update lpfc version to 14.0.0.3 (bsc#1192145). - scsi: lpfc: Wait for successful restart of SLI3 adapter during host sg_reset (bsc#1192145). - scsi: mpi3mr: Add EEDP DIF DIX support (jsc#SLE-18120). - scsi: mpi3mr: Add bios_param SCSI host template hook (jsc#SLE-18120). - scsi: mpi3mr: Add change queue depth support (jsc#SLE-18120). - scsi: mpi3mr: Add event handling debug prints (jsc#SLE-18120). - scsi: mpi3mr: Add mpi30 Rev-R headers and Kconfig (jsc#SLE-18120). - scsi: mpi3mr: Add support for DSN secure firmware check (jsc#SLE-18120). - scsi: mpi3mr: Add support for PCIe device event handling (jsc#SLE-18120). - scsi: mpi3mr: Add support for PM suspend and resume (jsc#SLE-18120). - scsi: mpi3mr: Add support for device add/remove event handling (jsc#SLE-18120). - scsi: mpi3mr: Add support for internal watchdog thread (jsc#SLE-18120). - scsi: mpi3mr: Add support for queue command processing (jsc#SLE-18120). - scsi: mpi3mr: Add support for recovering controller (jsc#SLE-18120). - scsi: mpi3mr: Add support for threaded ISR (jsc#SLE-18120). - scsi: mpi3mr: Add support for timestamp sync with firmware (jsc#SLE-18120). - scsi: mpi3mr: Additional event handling (jsc#SLE-18120). - scsi: mpi3mr: Allow certain commands during pci-remove hook (jsc#SLE-18120). - scsi: mpi3mr: Base driver code (jsc#SLE-18120). - scsi: mpi3mr: Complete support for soft reset (jsc#SLE-18120). - scsi: mpi3mr: Create operational request and reply queue pair (jsc#SLE-18120). - scsi: mpi3mr: Fix error handling in mpi3mr_setup_isr() (git-fixes). - scsi: mpi3mr: Fix missing unlock on error (git-fixes). - scsi: mpi3mr: Hardware workaround for UNMAP commands to NVMe drives (jsc#SLE-18120). - scsi: mpi3mr: Implement SCSI error handler hooks (jsc#SLE-18120). - scsi: mpi3mr: Print IOC info for debugging (jsc#SLE-18120). - scsi: mpi3mr: Print pending host I/Os for debugging (jsc#SLE-18120). - scsi: mpi3mr: Set up IRQs in resume path (jsc#SLE-18120). - scsi: mpi3mr: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (jsc#SLE-18120). - scsi: mpi3mr: Use the proper SCSI midlayer interfaces for PI (jsc#SLE-18120). - scsi: mpi3mr: Wait for pending I/O completions upon detection of VD I/O timeout (jsc#SLE-18120). - scsi: qla2xxx: Add debug print of 64G link speed (bsc#1190941). - scsi: qla2xxx: Add host attribute to trigger MPI hang (bsc#1190941). - scsi: qla2xxx: Add support for mailbox passthru (bsc#1190941). - scsi: qla2xxx: Adjust request/response queue size for 28xx (bsc#1190941). - scsi: qla2xxx: Call process_response_queue() in Tx path (bsc#1190941). - scsi: qla2xxx: Changes to support FCP2 Target (bsc#1190941). - scsi: qla2xxx: Changes to support kdump kernel (bsc#1190941). - scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS (bsc#1190941). - scsi: qla2xxx: Check for firmware capability before creating QPair (bsc#1190941). - scsi: qla2xxx: Display 16G only as supported speeds for 3830c card (bsc#1190941). - scsi: qla2xxx: Do not call fc_block_scsi_eh() during bus reset (bsc#1190941). - scsi: qla2xxx: Fix NPIV create erroneous error (bsc#1190941). - scsi: qla2xxx: Fix NVMe retry (bsc#1190941). - scsi: qla2xxx: Fix NVMe session down detection (bsc#1190941). - scsi: qla2xxx: Fix NVMe | FCP personality change (bsc#1190941). - scsi: qla2xxx: Fix crash in NVMe abort path (bsc#1190941). - scsi: qla2xxx: Fix excessive messages during device logout (bsc#1190941). - scsi: qla2xxx: Fix hang during NVMe session tear down (bsc#1190941). - scsi: qla2xxx: Fix hang on NVMe command timeouts (bsc#1190941). - scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file (bsc#1190941). - scsi: qla2xxx: Fix port type info (bsc#1190941). - scsi: qla2xxx: Fix unsafe removal from linked list (bsc#1190941). - scsi: qla2xxx: Fix use after free in eh_abort path (bsc#1190941). - scsi: qla2xxx: Move heartbeat handling from DPC thread to workqueue (bsc#1190941). - scsi: qla2xxx: Open-code qla2xxx_eh_device_reset() (bsc#1190941). - scsi: qla2xxx: Open-code qla2xxx_eh_target_reset() (bsc#1190941). - scsi: qla2xxx: Remove redundant initialization of pointer req (bsc#1190941). - scsi: qla2xxx: Restore initiator in dual mode (bsc#1190941). - scsi: qla2xxx: Show OS name and version in FDMI-1 (bsc#1190941). - scsi: qla2xxx: Suppress unnecessary log messages during login (bsc#1190941). - scsi: qla2xxx: Sync queue idx with queue_pair_map idx (bsc#1190941). - scsi: qla2xxx: Update version to 10.02.06.100-k (bsc#1190941). - scsi: qla2xxx: Update version to 10.02.06.200-k (bsc#1190941). - scsi: qla2xxx: Update version to 10.02.07.100-k (bsc#1190941). - scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190941). - scsi: qla2xxx: edif: Add N2N support for EDIF (bsc#1190941). - scsi: qla2xxx: edif: Do secure PLOGI when auth app is present (bsc#1190941). - scsi: qla2xxx: edif: Fix EDIF enable flag (bsc#1190941). - scsi: qla2xxx: edif: Fix returnvar.cocci warnings (bsc#1190941). - scsi: qla2xxx: edif: Fix stale session (bsc#1190941). - scsi: qla2xxx: edif: Reject AUTH ELS on session down (bsc#1190941). - scsi: qla2xxx: edif: Use link event to wake up app (bsc#1190941). - scsi: target: Fix the pgr/alua_support_store functions (git-fixes). - sctp: check asoc peer.asconf_capable before processing asconf (bsc#1190351). - soc: qcom: mdt_loader: Drop PT_LOAD check on hash segment (git-fixes). - spi: spi-nxp-fspi: do not depend on a specific node name erratum workaround (git-fixes). - tpm: ibmvtpm: Avoid error message when process gets signal while waiting (bsc#1065729). - usb: chipidea: ci_hdrc_imx: Also search for 'phys' phandle (git-fixes). - usb: hso: fix error handling code of hso_create_net_device (git-fixes). - usb: hso: remove the bailout parameter (git-fixes). - usb: musb: dsps: Fix the probe error path (git-fixes). - video: fbdev: gbefb: Only instantiate device when built for IP32 (git-fixes). - virtio: write back F_VERSION_1 before validate (git-fixes). - watchdog: orion: use 0 for unset heartbeat (git-fixes). - x86/pat: Pass valid address to sanitize_phys() (bsc#1152489). - x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state() fails (bsc#1152489). - x86/sev: Return an error on a returned non-zero SW_EXITINFO1[31:0] (bsc#1178134). - xen: fix setting of max_pfn in shared_info (git-fixes). - xen: reset legacy rtc flag for PV domU (git-fixes). - xfs: Fixed non-directory creation in SGID directories introduced by CVE-2018-13405 patch (bsc#1190006). - xfs: ensure that the inode uid/gid match values match the icdinode ones (bsc#1190006). - xfs: fix I_DONTCACHE (bsc#1192074). - xfs: fix log intent recovery ENOSPC shutdowns when inactivating inodes (bsc#1190642). - xfs: merge the projid fields in struct xfs_icdinode (bsc#1190006). - xfs: remove the icdinode di_uid/di_gid members (bsc#1190006). - xhci: Enable trust tx length quirk for Fresco FL11 USB controller (git-fixes). - xhci: Fix command ring pointer corruption while aborting a command (git-fixes). - xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes). - xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3662-1 Released: Mon Nov 15 19:13:54 2021 Summary: Security update for samba Type: security Severity: important References: 1192601,CVE-2020-25717 This update for samba fixes the following issues: - Fix regression introduced by CVE-2020-25717 patches, winbindd does not start when 'allow trusted domains' is off; (bso#14899); ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3663-1 Released: Mon Nov 15 19:14:32 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1191804 This update for suse-module-tools fixes the following issues: - Update to version 15.3.14: * more fixes for updates under secure boot * cert-script: Deal with existing $cert.delete file (bsc#1191804). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3675-1 Released: Tue Nov 16 17:47:44 2021 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1085030,1089118,1094840,1133021,1152472,1152489,1154353,1156395,1157177,1167773,1172073,1173604,1176447,1176774,1176914,1176940,1178134,1180100,1180749,1181147,1184673,1185762,1186063,1186109,1187167,1188563,1188601,1189841,1190006,1190067,1190349,1190351,1190479,1190620,1190642,1190795,1190801,1190941,1191229,1191240,1191241,1191315,1191317,1191349,1191384,1191449,1191450,1191451,1191452,1191455,1191456,1191628,1191645,1191663,1191731,1191800,1191851,1191867,1191934,1191958,1191980,1192040,1192041,1192074,1192107,1192145,1192229,1192267,1192288,1192549,CVE-2021-33033,CVE-2021-34866,CVE-2021-3542,CVE-2021-3655,CVE-2021-3715,CVE-2021-37159,CVE-2021-3760,CVE-2021-3772,CVE-2021-3896,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252,CVE-2021-42739,CVE-2021-43056,CVE-2021-43389 The following security bugs were fixed: - CVE-2021-3542: Fixed heap buffer overflow in firedtv driver (bsc#1186063). - CVE-2021-3655: Fixed a missing size validations on inbound SCTP packets, which may have allowed the kernel to read uninitialized memory (bsc#1188563). - CVE-2021-3715: Fixed a use-after-free in route4_change() in net/sched/cls_route.c (bsc#1190349). - CVE-2021-3760: Fixed a use-after-free vulnerability with the ndev->rf_conn_info object (bsc#1190067). - CVE-2021-3772: Fixed sctp vtag check in sctp_sf_ootb (bsc#1190351). - CVE-2021-3896: Fixed a array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c (bsc#1191958). - CVE-2021-33033: Fixed a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled (bsc#1186109). - CVE-2021-34866: Fixed eBPF Type Confusion Privilege Escalation Vulnerability (bsc#1191645). - CVE-2021-37159: hso_free_net_device in drivers/net/usb/hso.c called without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free (bnc#1188601). - CVE-2021-41864: Fixed prealloc_elems_and_freelist that allowed unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write (bnc#1191317). - CVE-2021-42008: Fixed a slab out-of-bounds write in the decode_data function in drivers/net/hamradio/6pack.c. Input from a process that had the CAP_NET_ADMIN capability could have lead to root access (bsc#1191315). - CVE-2021-42252: Fixed an issue inside aspeed_lpc_ctrl_mmap that could have allowed local attackers to access the Aspeed LPC control interface to overwrite memory in the kernel and potentially execute privileges (bnc#1190479). - CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673). - CVE-2021-43056: Fixed possible KVM host crash via malicious KVM guest on Power8 (bnc#1192107). - CVE-2021-43389: There was an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958). The following non-security bugs were fixed: - acpi/arm64: fix next_platform_timer() section mismatch error (git-fixes). - ACPI: bgrt: Fix CFI violation (git-fixes). - ACPI: fix NULL pointer dereference (git-fixes). - ACPI: NFIT: Use fallback node id when numa info in NFIT table is incorrect (git-fixes). - Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731). - ALSA: hda: avoid write to STATESTS if controller is in reset (git-fixes). - ALSA: hda - Enable headphone mic on Dell Latitude laptops with ALC3254 (git-fixes). - ALSA: hda: intel: Allow repeatedly probing on codec configuration errors (bsc#1190801). - ALSA: hda/realtek: Add quirk for Clevo PC50HS (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo X170KM-G (git-fixes). - ALSA: hda/realtek: Add quirk for TongFang PHxTxX1 (git-fixes). - ALSA: hda/realtek - ALC236 headset MIC recording issue (git-fixes). - ALSA: hda/realtek: Complete partial device name to avoid ambiguity (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output for Dell Precision 5560 laptop (git-fixes). - ALSA: hda/realtek: Fix for quirk to enable speaker output on the Lenovo 13s Gen2 (git-fixes). - ALSA: hda/realtek: Fix mic mute LED for the HP Spectre x360 14 (git-fixes). - ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW (git-fixes). - ALSA: hda/realtek: Quirks to enable speaker output for Lenovo Legion 7i 15IMHG05, Yoga 7i 14ITL5/15ITL5, and 13s Gen2 laptops (git-fixes). - ALSA: hda: Reduce udelay() at SKL+ position reporting (git-fixes). - ALSA: hda: Use position buffer for SKL+ again (git-fixes). - ALSA: pcm: Workaround for a wrong offset in SYNC_PTR compat ioctl (git-fixes). - ALSA: seq: Fix a potential UAF by wrong private_free call order (git-fixes). - ALSA: ua101: fix division by zero at probe (git-fixes). - ALSA: uapi: Fix a C++ style comment in asound.h (git-fixes). - ALSA: usb-audio: Add quirk for VF0770 (git-fixes). - ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset (git-fixes). - ASoC: atmel: ATMEL drivers do not need HAS_DMA (git-fixes). - ASoC: cs42l42: Correct some register default values (git-fixes). - ASoC: cs42l42: Defer probe if request_threaded_irq() returns EPROBE_DEFER (git-fixes). - ASoC: cs42l42: Do not set defaults for volatile registers (git-fixes). - ASoC: DAPM: Fix missing kctl change notifications (git-fixes). - ASoC: dapm: use component prefix when checking widget names (git-fixes). - ASoC: dt-bindings: cs42l42: Correct description of ts-inv (git-fixes). - ASoC: fsl_spdif: register platform component before registering cpu dai (git-fixes). - ASoC: Intel: bytcr_rt5640: Move 'Platform Clock' routes to the maps for the matching in-/output (git-fixes). - ASoC: Intel: Skylake: Fix module configuration for KPB and MIXER (git-fixes). - ASoC: Intel: Skylake: Fix passing loadable flag for module (git-fixes). - ASoC: Intel: sof_sdw: tag SoundWire BEs as non-atomic (git-fixes). - ASoC: mediatek: mt8195: Remove unsued irqs_lock (git-fixes). - ASoC: rockchip: Use generic dmaengine code (git-fixes). - ASoC: SOF: imx: imx8: Bar index is only valid for IRAM and SRAM types (git-fixes). - ASoC: SOF: imx: imx8m: Bar index is only valid for IRAM and SRAM types (git-fixes). - ASoC: SOF: loader: release_firmware() on load failure to avoid batching (git-fixes). - ASoC: SOF: topology: do not power down primary core during topology removal (git-fixes). - ASoC: topology: Fix stub for snd_soc_tplg_component_remove() (git-fixes). - ASoC: wm8960: Fix clock configuration on slave mode (git-fixes). - ata: ahci_platform: fix null-ptr-deref in ahci_platform_enable_regulators() (git-fixes). - ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init() (git-fixes). - ata: sata_mv: Fix the error handling of mv_chip_id() (git-fixes). - ath10k: fix control-message timeout (git-fixes). - ath10k: fix division by zero in send path (git-fixes). - ath10k: fix max antenna gain unit (git-fixes). - ath10k: Fix missing frame timestamp for beacon/probe-resp (git-fixes). - ath10k: sdio: Add missing BH locking around napi_schdule() (git-fixes). - ath6kl: fix control-message timeout (git-fixes). - ath6kl: fix division by zero in send path (git-fixes). - ath9k: Fix potential interrupt storm on queue reset (git-fixes). - audit: fix possible null-pointer dereference in audit_filter_rules (git-fixes). - b43: fix a lower bounds test (git-fixes). - b43legacy: fix a lower bounds test (git-fixes). - bfq: Remove merged request already in bfq_requests_merged() (bsc#1191456). - blk: Fix lock inversion between ioc lock and bfqd lock (bsc#1191456). - blktrace: Fix uaf in blk_trace access after removing by sysfs (bsc#1191452). - block: bfq: fix bfq_set_next_ioprio_data() (bsc#1191451). - Bluetooth: btmtkuart: fix a memleak in mtk_hci_wmt_sync (git-fixes). - Bluetooth: fix init and cleanup of sco_conn.timeout_work (git-fixes). - bnxt_en: Fix TX timeout when TX ring size is set to the smallest (git-fixes). - bnxt_en: make bnxt_free_skbs() safe to call after bnxt_free_mem() (jsc#SLE-16649). - bpf: Add bpf_patch_call_args prototype to include/linux/bpf.h (git-fixes). - bpf: Fix a typo of reuseport map in bpf.h (git-fixes). - bpf: Fix OOB read when printing XDP link fdinfo (git-fixes). - bpf: Fix up bpf_skb_adjust_room helper's skb csum setting (git-fixes). - can: dev: can_restart: fix use after free bug (git-fixes). - can: peak_pci: peak_pci_remove(): fix UAF (git-fixes). - can: peak_usb: fix use after free bugs (git-fixes). - can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification (git-fixes). - can: rcar_can: fix suspend/resume (git-fixes). - can: ti_hecc: ti_hecc_probe(): add missed clk_disable_unprepare() in error path (git-fixes). - can: xilinx_can: handle failure cases of pm_runtime_get_sync (git-fixes). - cb710: avoid NULL pointer subtraction (git-fixes). - ceph: fix handling of 'meta' errors (bsc#1192041). - ceph: skip existing superblocks that are blocklisted or shut down when mounting (bsc#1192040). - cfg80211: correct bridge/4addr mode check (git-fixes). - cfg80211: fix management registrations locking (git-fixes). - cfg80211: scan: fix RCU in cfg80211_add_nontrans_list() (git-fixes). - Configure mpi3mr as currently unsupported (jsc#SLE-18120) - cpuidle: pseries: Mark pseries_idle_proble() as __init (jsc#SLE-13614 bsc#1176914 ltc#186394 git-fixes). - driver core: add a min_align_mask field to struct device_dma_parameters (bsc#1191851). - drm/amd/display: Pass PCI deviceid into DC (git-fixes). - drm/amdgpu: correct initial cp_hqd_quantum for gfx9 (git-fixes). - drm/amdgpu/display: add quirk handling for stutter mode (git-fixes). - drm/amdgpu: fix gart.bo pin_count leak (git-fixes). - drm/amdgpu: fix warning for overflow check (git-fixes). - drm/amdgpu/gmc6: fix DMA mask from 44 to 40 bits (git-fixes). - drm/edid: In connector_bad_edid() cap num_of_ext by num_blocks read (git-fixes). - drm/i915: Fix syncmap memory leak (bsc#1152489) Backporting notes: * context changes in intel_timeline_fini() - drm/msm: Avoid potential overflow in timeout_to_jiffies() (git-fixes). - drm/msm/dsi: Fix an error code in msm_dsi_modeset_init() (git-fixes). - drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling (git-fixes). - drm/msm: Fix null pointer dereference on pointer edp (git-fixes). - drm/msm: Fix potential NULL dereference in DPU SSPP (git-fixes). - drm/msm: potential error pointer dereference in init() (git-fixes). - drm/msm: uninitialized variable in msm_gem_import() (git-fixes). - drm/nouveau: avoid a use-after-free when BO init fails (bsc#1152472) - drm/nouveau/debugfs: fix file release memory leak (git-fixes). - drm/nouveau/kms/nv50-: fix file release memory leak (git-fixes). - drm/nouveau/kms/tu102-: delay enabling cursor until after assign_windows (git-fixes). - drm/panel: olimex-lcd-olinuxino: select CRC32 (git-fixes). - drm/panfrost: Make sure MMU context lifetime is not bound to (bsc#1152472) - drm/sun4i: dw-hdmi: Fix HDMI PHY clock setup (git-fixes). - drm/sun4i: Fix macros in sun8i_csc.h (git-fixes). - drm/ttm: stop calling tt_swapin in vm_access (git-fixes). - drm/v3d: fix wait for TMU write combiner flush (git-fixes). - e1000e: Drop patch to avoid regressions until real fix is available (bsc#1191663). - e1000e: Fix packet loss on Tiger Lake and later (git-fixes). - e100: fix buffer overrun in e100_get_regs (git-fixes). - e100: fix length calculation in e100_get_regs_len (git-fixes). - e100: handle eeprom as little endian (git-fixes). - EDAC/amd64: Set proper family type for Family 19h Models 20h-2Fh (bsc#1192288). - ext4: fix reserved space counter leakage (bsc#1191450). - ext4: report correct st_size for encrypted symlinks (bsc#1191449). - firmware/psci: fix application of sizeof to pointer (git-fixes). - fscrypt: add fscrypt_symlink_getattr() for computing st_size (bsc#1191449). - fs, mm: fix race in unlinking swapfile (bsc#1191455). - ftrace: Fix scripts/recordmcount.pl due to new binutils (bsc#1192267). - genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP (bsc#1152489). - gpio: pca953x: Improve bias setting (git-fixes). - gve: Avoid freeing NULL pointer (git-fixes). - gve: Correct available tx qpl check (git-fixes). - gve: fix gve_get_stats() (git-fixes). - gve: Properly handle errors in gve_assign_qpl (bsc#1176940). - gve: report 64bit tx_bytes counter from gve_handle_report_stats() (bsc#1176940). - HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS (git-fixes). - HID: betop: fix slab-out-of-bounds Write in betop_probe (git-fixes). - HID: u2fzero: ignore incomplete packets without data (git-fixes). - HID: usbhid: free raw_report buffers in usbhid_stop (git-fixes). - HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs (git-fixes). - hso: fix bailout in error case of probe (git-fixes). - hwmon: Fix possible memleak in __hwmon_device_register() (git-fixes). - hwmon: (pmbus/lm25066) Add offset coefficients (git-fixes). - hwmon: (pmbus/lm25066) Let compiler determine outer dimension of lm25066_coeff (git-fixes). - hwrng: mtk - Force runtime pm ops for sleep ops (git-fixes). - i2c: acpi: fix resource leak in reconfiguration device addition (git-fixes). - i40e: Fix ATR queue selection (git-fixes). - i40e: fix endless loop under rtnl (git-fixes). - i40e: Fix freeing of uninitialized misc IRQ vector (git-fixes). - iavf: fix double unlock of crit_lock (git-fixes). - ibmvnic: delay complete() (bsc#1094840 ltc#167098 git-fixes). - ice: Add missing E810 device ids (jsc#SLE-7966 bsc#1157177). - ice: fix getting UDP tunnel entry (jsc#SLE-12878). - ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241). - iio: adc128s052: Fix the error handling path of 'adc128_probe()' (git-fixes). - iio: adc: aspeed: set driver data when adc probe (git-fixes). - iio: dac: ti-dac5571: fix an error code in probe() (git-fixes). - iio: light: opt3001: Fixed timeout error when 0 lux (git-fixes). - iio: mtk-auxadc: fix case IIO_CHAN_INFO_PROCESSED (git-fixes). - iio: ssp_sensors: add more range checking in ssp_parse_dataframe() (git-fixes). - iio: ssp_sensors: fix error code in ssp_print_mcu_debug() (git-fixes). - Input: i8042 - Add quirk for Fujitsu Lifebook T725 (bsc#1191980). - Input: snvs_pwrkey - add clk handling (git-fixes). - Input: xpad - add support for another USB ID of Nacon GC-100 (git-fixes). - ionic: do not remove netdev->dev_addr when syncing uc list (bsc#1167773). - ipv6/netfilter: Discard first fragment not including all headers (bsc#1191241). - IPv6: reply ICMP error if the first fragment do not include all headers (bsc#1191241). - isdn: cpai: check ctr->cnr to avoid array index out of bound (git-fixes). - isdn: mISDN: Fix sleeping function called from invalid context (git-fixes). - iwlwifi: mvm: fix some kerneldoc issues (git-fixes). - iwlwifi: pcie: add configuration of a Wi-Fi adapter on Dell XPS 15 (git-fixes). - ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup (git-fixes). - kabi: block: Fix kabi of blk_mq_sched_try_insert_merge() (bsc#1191456). - kABI: Fix kABI after 36950f2da1ea (bsc#1191851). - kABI workaround for cfg80211 mgmt_registration_lock changes (git-fixes). - kABI workaround for HD-audio probe retry changes (bsc#1190801). - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167). - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167 bsc#1191240 ltc#194716). - kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as well. Fixes: e98096d5cf85 ('rpm: Abolish scritplet templating (bsc#1189841).') - kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229). - KVM: PPC: Book3S HV: Fix copy_tofrom_guest routines (jsc#SLE-12936 git-fixes). - KVM: PPC: Book3S HV Nested: Reflect guest PMU in-use to L0 when guest SPRs are live (bsc#1156395). - KVM: PPC: Book3S HV Nested: Sanitise H_ENTER_NESTED TM state (bsc#1156395). - KVM: PPC: Book3S HV: Save host FSCR in the P7/8 path (bsc#1065729). - KVM: PPC: Book3S HV: Tolerate treclaim. in fake-suspend mode changing registers (bsc#1156395). - KVM: PPC: Fix clearing never mapped TCEs in realmode (bsc#1156395). - KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak (bsc#1156395). - KVM: s390: extend kvm_s390_shadow_fault to return entry pointer (bsc#1133021). - KVM: s390: index kvm->arch.idle_mask by vcpu_idx (bsc#1133021). - KVM: s390: split kvm_s390_logical_to_effective (bsc#1133021). - KVM: s390: VSIE: correctly handle MVPG when in VSIE (bsc#1133021). - lan78xx: select CRC32 (git-fixes). - libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD (git-fixes). - libertas: Fix possible memory leak in probe and disconnect (git-fixes). - libertas_tf: Fix possible memory leak in probe and disconnect (git-fixes). - mac80211: check return value of rhashtable_init (git-fixes). - mac80211: Drop frames from invalid MAC address in ad-hoc mode (git-fixes). - media: cedrus: Fix SUNXI tile size calculation (git-fixes). - media: cx23885: Fix snd_card_free call on null card pointer (git-fixes). - media: cxd2880-spi: Fix a null pointer dereference on error handling path (git-fixes). - media: dvb-frontends: mn88443x: Handle errors of clk_prepare_enable() (git-fixes). - media: dvb-usb: fix ununit-value in az6027_rc_query (git-fixes). - media: em28xx: add missing em28xx_close_extension (git-fixes). - media: em28xx: Do not use ops->suspend if it is NULL (git-fixes). - media: i2c: ths8200 needs V4L2_ASYNC (git-fixes). - media: ite-cir: IR receiver stop working after receive overflow (git-fixes). - media: mtk-vpu: Fix a resource leak in the error handling path of 'mtk_vpu_probe()' (git-fixes). - media: mxl111sf: change mutex_init() location (git-fixes). - media: radio-wl1273: Avoid card name truncation (git-fixes). - media: si470x: Avoid card name truncation (git-fixes). - media: staging/intel-ipu3: css: Fix wrong size comparison imgu_css_fw_init (git-fixes). - media: TDA1997x: handle short reads of hdmi info frame (git-fixes). - media: tm6000: Avoid card name truncation (git-fixes). - media: v4l2-ioctl: Fix check_ext_ctrls (git-fixes). - media: v4l2-ioctl: S_CTRL output the right value (git-fixes). - mei: me: add Ice Lake-N device id (git-fixes). - memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe (git-fixes). - memstick: avoid out-of-range warning (git-fixes). - memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host() (git-fixes). - mlx5: count all link events (git-fixes). - mlxsw: thermal: Fix out-of-bounds memory accesses (git-fixes). - mmc: dw_mmc: exynos: fix the finding clock sample value (git-fixes). - mmc: meson-gx: do not use memcpy_to/fromio for dram-access-quirk (git-fixes). - mmc: mxs-mmc: disable regulator on error and in the remove function (git-fixes). - mmc: sdhci: Map more voltage level to SDHCI_POWER_330 (git-fixes). - mmc: sdhci-omap: Fix NULL pointer exception if regulator is not configured (git-fixes). - mmc: vub300: fix control-message timeouts (git-fixes). - mt76: mt7615: fix endianness warning in mt7615_mac_write_txwi (git-fixes). - mt76: mt76x02: fix endianness warnings in mt76x02_mac.c (git-fixes). - mt76: mt7915: fix muar_idx in mt7915_mcu_alloc_sta_req() (git-fixes). - mt76: mt7915: fix possible infinite loop release semaphore (git-fixes). - mt76: mt7915: fix sta_rec_wtbl tag len (git-fixes). - mwifiex: fix division by zero in fw download path (git-fixes). - mwifiex: Send DELBA requests according to spec (git-fixes). - net/af_unix: fix a data-race in unix_dgram_poll (bsc#1154353). - net: batman-adv: fix error handling (git-fixes). - net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size() (git-fixes). - net: can: ems_usb: fix use-after-free in ems_usb_disconnect() (git-fixes). - net: cdc_eem: fix tx fixup skb leak (git-fixes). - net: cdc_ncm: correct overhead in delayed_ndp_size (git-fixes). - netfilter: conntrack: collect all entries in one cycle (bsc#1173604). - netfilter: Drop fragmented ndisc packets assembled in netfilter (git-fixes). - netfilter: xt_IDLETIMER: fix panic that occurs when timer_type has garbage value (bsc#1176447). - net: hns3: check queue id range before using (jsc#SLE-14777). - net: hns3: fix vf reset workqueue cannot exit (bsc#1154353). - net: hso: add failure handler for add_net_device (git-fixes). - net: hso: fix NULL-deref on disconnect regression (git-fixes). - net: hso: fix null-ptr-deref during tty device unregistration (git-fixes). - net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241). - net: lan78xx: fix division by zero in send path (git-fixes). - net: mana: Fix error handling in mana_create_rxq() (git-fixes, bsc#1191800). - net/mlx4_en: Do not allow aRFS for encapsulated packets (git-fixes). - net/mlx4_en: Resolve bad operstate value (git-fixes). - net/mlx5e: IPSEC RX, enable checksum complete (jsc#SLE-15172). - net/mlx5e: Mutually exclude RX-FCS and RX-port-timestamp (git-fixes). - net/mlx5e: RX, Avoid possible data corruption when relaxed ordering and LRO combined (jsc#SLE-15172). - net/mlx5: E-Switch, Fix double allocation of acl flow counter (jsc#SLE-15172). - net/mlx5: Fix unpublish devlink parameters (jsc#SLE-8464). - net/mlx5: FWTrace, cancel work on alloc pd error flow (git-fixes). - net/sched: ets: fix crash when flipping from 'strict' to 'quantum' (bsc#1176774). - net: usb: Fix uninit-was-stored issue in asix_read_phy_addr() (git-fixes). - NFC: digital: fix possible memory leak in digital_in_send_sdd_req() (git-fixes). - NFC: digital: fix possible memory leak in digital_tg_listen_mdaa() (git-fixes). - nfc: fix error handling of nfc_proto_register() (git-fixes). - nfc: port100: fix using -ERRNO as command type mask (git-fixes). - nfs: dir_cookie is a pointer to the cookie in older kernels, not the cookie itself. (bsc#1191628 bsc#1192549). - NFS: Do uncached readdir when we're seeking a cookie in an empty page cache (bsc#1191628). - nvme: add command id quirk for apple controllers (git-fixes). - nvme-fc: avoid race between time out and tear down (bsc#1185762). - nvme-fc: remove freeze/unfreeze around update_nr_hw_queues (bsc#1185762). - nvme-fc: update hardware queues before using them (bsc#1185762). - nvme-pci: Fix abort command id (git-fixes). - nvme-pci: fix error unwind in nvme_map_data (bsc#1191934). - nvme-pci: refactor nvme_unmap_data (bsc#1191934). - nvme-pci: set min_align_mask (bsc#1191851). - ocfs2: fix data corruption after conversion from inline format (bsc#1190795). - pata_legacy: fix a couple uninitialized variable bugs (git-fixes). - PCI: Fix pci_host_bridge struct device release/free handling (git-fixes). - phy: mdio: fix memory leak (git-fixes). - platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call (git-fixes). - platform/mellanox: mlxreg-io: Fix read access of n-bytes size attributes (git-fixes). - platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from run_smbios_call (git-fixes). - platform/x86: intel_scu_ipc: Fix busy loop expiry time (git-fixes). - platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning (git-fixes). - PM / devfreq: rk3399_dmc: Add missing of_node_put() (git-fixes). - PM / devfreq: rk3399_dmc: Disable devfreq-event device when fails (git-fixes). - PM / devfreq: rk3399_dmc: Fix kernel oops when rockchip,pmu is absent (git-fixes). - PM / devfreq: rk3399_dmc: Fix spelling typo (git-fixes). - PM / devfreq: rk3399_dmc: Remove unneeded semicolon (git-fixes). - PM: sleep: Do not let 'syscore' devices runtime-suspend during system transitions (git-fixes). - powerpc/64s: Fix entry flush patching w/strict RWX & hash (jsc#SLE-13847 git-fixes). - powerpc/64s: Fix stf mitigation patching w/strict RWX & hash (jsc#SLE-13847 git-fixes). - powerpc/64s: Remove irq mask workaround in accumulate_stolen_time() (jsc#SLE-9246 git-fixes). - powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729). - powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729). - powerpc/bpf: Use bctrl for making function calls (bsc#1065729). - powerpc: Do not dereference code as 'struct ppc_inst' (uprobe, code-patching, feature-fixups) (jsc#SLE-13847 git-fixes). - powerpc: Do not use 'struct ppc_inst' to reference instruction location (jsc#SLE-13847 git-fixes). - powerpc/lib/code-patching: Do not use struct 'ppc_inst' for runnable code in tests (jsc#SLE-13847 git-fixes). - powerpc/lib/code-patching: Make instr_is_branch_to_addr() static (jsc#SLE-13847 git-fixes). - powerpc/lib: Fix emulate_step() std test (bsc#1065729). - powerpc: Move arch_cpu_idle_dead() into smp.c (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/numa: Update cpu_cpu_map on CPU online/offline (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/pseries: Fix build error when NUMA=n (bsc#1190620 ltc#194498 git-fixes). - powerpc/smp: Cache CPU to chip lookup (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Enable CACHE domain for shared processor (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Fix a crash while booting kvm guest with nr_cpus=2 (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Fold cpu_die() into its only caller (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Set numa node before updating mask (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Update cpu_core_map on all PowerPc systems (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/uprobes: Validation for prefixed instruction (jsc#SLE-13847 git-fixes). - powerpc/xive: Discard disabled interrupts in get_irqchip_state() (bsc#1085030 git-fixes). - pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init (git-fixes). - ptp_pch: Load module automatically if ID matches (git-fixes). - ptp_pch: Restore dependency on PCI (git-fixes). - qed: Fix missing error code in qed_slowpath_start() (git-fixes). - qed: Handle management FW error (git-fixes). - qed: rdma - do not wait for resources under hw error recovery flow (git-fixes). - RDMA/cma: Do not change route.addr.src_addr.ss_family (bsc#1181147). - RDMA/cma: Fix listener leak in rdma_cma_listen_on_all() failure (bsc#1181147). - regmap: Fix possible double-free in regcache_rbtree_exit() (git-fixes). - regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-dvs-idx property (git-fixes). - regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled (git-fixes). - rpm: fix kmp install path - rpm: use _rpmmacrodir (boo#1191384) - rsi: fix control-message timeout (git-fixes). - rsi: Fix module dev_oper_mode parameter description (git-fixes). - rsi: stop thread firstly in rsi_91x_init() error handling (git-fixes). - rtl8187: fix control-message timeouts (git-fixes). - scsi: ibmvfc: Fix up duplicate response detection (bsc#1191867 ltc#194757). - scsi: iscsi: Fix deadlock on recovery path during GFP_IO reclaim (git-fixes). - scsi: lpfc: Allow fabric node recovery if recovery is in progress before devloss (bsc#1192145). - scsi: lpfc: Allow PLOGI retry if previous PLOGI was aborted (bsc#1192145). - scsi: lpfc: Correct sysfs reporting of loop support after SFP status change (bsc#1192145). - scsi: lpfc: Fix link down processing to address NULL pointer dereference (bsc#1192145). - scsi: lpfc: Fix memory overwrite during FC-GS I/O abort handling (bsc#1191349). - scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine (bsc#1192145). - scsi: lpfc: Revert LOG_TRACE_EVENT back to LOG_INIT prior to driver_resource_setup() (bsc#1192145). - scsi: lpfc: Update lpfc version to 14.0.0.3 (bsc#1192145). - scsi: lpfc: Wait for successful restart of SLI3 adapter during host sg_reset (bsc#1192145). - scsi: mpi3mr: Add bios_param SCSI host template hook (jsc#SLE-18120). - scsi: mpi3mr: Add change queue depth support (jsc#SLE-18120). - scsi: mpi3mr: Add EEDP DIF DIX support (jsc#SLE-18120). - scsi: mpi3mr: Add event handling debug prints (jsc#SLE-18120). - scsi: mpi3mr: Additional event handling (jsc#SLE-18120). - scsi: mpi3mr: Add mpi30 Rev-R headers and Kconfig (jsc#SLE-18120). - scsi: mpi3mr: Add support for device add/remove event handling (jsc#SLE-18120). - scsi: mpi3mr: Add support for DSN secure firmware check (jsc#SLE-18120). - scsi: mpi3mr: Add support for internal watchdog thread (jsc#SLE-18120). - scsi: mpi3mr: Add support for PCIe device event handling (jsc#SLE-18120). - scsi: mpi3mr: Add support for PM suspend and resume (jsc#SLE-18120). - scsi: mpi3mr: Add support for queue command processing (jsc#SLE-18120). - scsi: mpi3mr: Add support for recovering controller (jsc#SLE-18120). - scsi: mpi3mr: Add support for threaded ISR (jsc#SLE-18120). - scsi: mpi3mr: Add support for timestamp sync with firmware (jsc#SLE-18120). - scsi: mpi3mr: Allow certain commands during pci-remove hook (jsc#SLE-18120). - scsi: mpi3mr: Base driver code (jsc#SLE-18120). - scsi: mpi3mr: Complete support for soft reset (jsc#SLE-18120). - scsi: mpi3mr: Create operational request and reply queue pair (jsc#SLE-18120). - scsi: mpi3mr: Fix error handling in mpi3mr_setup_isr() (git-fixes). - scsi: mpi3mr: Fix missing unlock on error (git-fixes). - scsi: mpi3mr: Hardware workaround for UNMAP commands to NVMe drives (jsc#SLE-18120). - scsi: mpi3mr: Implement SCSI error handler hooks (jsc#SLE-18120). - scsi: mpi3mr: Print IOC info for debugging (jsc#SLE-18120). - scsi: mpi3mr: Print pending host I/Os for debugging (jsc#SLE-18120). - scsi: mpi3mr: Set up IRQs in resume path (jsc#SLE-18120). - scsi: mpi3mr: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (jsc#SLE-18120). - scsi: mpi3mr: Use the proper SCSI midlayer interfaces for PI (jsc#SLE-18120). - scsi: mpi3mr: Wait for pending I/O completions upon detection of VD I/O timeout (jsc#SLE-18120). - scsi: qla2xxx: Add debug print of 64G link speed (bsc#1190941). - scsi: qla2xxx: Add host attribute to trigger MPI hang (bsc#1190941). - scsi: qla2xxx: Add support for mailbox passthru (bsc#1190941). - scsi: qla2xxx: Adjust request/response queue size for 28xx (bsc#1190941). - scsi: qla2xxx: Call process_response_queue() in Tx path (bsc#1190941). - scsi: qla2xxx: Changes to support FCP2 Target (bsc#1190941). - scsi: qla2xxx: Changes to support kdump kernel (bsc#1190941). - scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS (bsc#1190941). - scsi: qla2xxx: Check for firmware capability before creating QPair (bsc#1190941). - scsi: qla2xxx: Display 16G only as supported speeds for 3830c card (bsc#1190941). - scsi: qla2xxx: Do not call fc_block_scsi_eh() during bus reset (bsc#1190941). - scsi: qla2xxx: edif: Add N2N support for EDIF (bsc#1190941). - scsi: qla2xxx: edif: Do secure PLOGI when auth app is present (bsc#1190941). - scsi: qla2xxx: edif: Fix EDIF enable flag (bsc#1190941). - scsi: qla2xxx: edif: Fix returnvar.cocci warnings (bsc#1190941). - scsi: qla2xxx: edif: Fix stale session (bsc#1190941). - scsi: qla2xxx: edif: Reject AUTH ELS on session down (bsc#1190941). - scsi: qla2xxx: edif: Use link event to wake up app (bsc#1190941). - scsi: qla2xxx: Fix crash in NVMe abort path (bsc#1190941). - scsi: qla2xxx: Fix excessive messages during device logout (bsc#1190941). - scsi: qla2xxx: Fix hang during NVMe session tear down (bsc#1190941). - scsi: qla2xxx: Fix hang on NVMe command timeouts (bsc#1190941). - scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file (bsc#1190941). - scsi: qla2xxx: Fix NPIV create erroneous error (bsc#1190941). - scsi: qla2xxx: Fix NVMe | FCP personality change (bsc#1190941). - scsi: qla2xxx: Fix NVMe retry (bsc#1190941). - scsi: qla2xxx: Fix NVMe session down detection (bsc#1190941). - scsi: qla2xxx: Fix port type info (bsc#1190941). - scsi: qla2xxx: Fix unsafe removal from linked list (bsc#1190941). - scsi: qla2xxx: Fix use after free in eh_abort path (bsc#1190941). - scsi: qla2xxx: Move heartbeat handling from DPC thread to workqueue (bsc#1190941). - scsi: qla2xxx: Open-code qla2xxx_eh_device_reset() (bsc#1190941). - scsi: qla2xxx: Open-code qla2xxx_eh_target_reset() (bsc#1190941). - scsi: qla2xxx: Remove redundant initialization of pointer req (bsc#1190941). - scsi: qla2xxx: Restore initiator in dual mode (bsc#1190941). - scsi: qla2xxx: Show OS name and version in FDMI-1 (bsc#1190941). - scsi: qla2xxx: Suppress unnecessary log messages during login (bsc#1190941). - scsi: qla2xxx: Sync queue idx with queue_pair_map idx (bsc#1190941). - scsi: qla2xxx: Update version to 10.02.06.100-k (bsc#1190941). - scsi: qla2xxx: Update version to 10.02.06.200-k (bsc#1190941). - scsi: qla2xxx: Update version to 10.02.07.100-k (bsc#1190941). - scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190941). - scsi: target: Fix the pgr/alua_support_store functions (git-fixes). - sctp: check asoc peer.asconf_capable before processing asconf (bsc#1190351). - soc: qcom: mdt_loader: Drop PT_LOAD check on hash segment (git-fixes). - spi: spi-nxp-fspi: do not depend on a specific node name erratum workaround (git-fixes). - swiotlb: add a IO_TLB_SIZE define (bsc#1191851). - swiotlb: clean up swiotlb_tbl_unmap_single (bsc#1191851). - swiotlb: do not modify orig_addr in swiotlb_tbl_sync_single (bsc#1191851). - swiotlb: factor out an io_tlb_offset helper (bsc#1191851). - swiotlb: factor out a nr_slots helper (bsc#1191851). - swiotlb: refactor swiotlb_tbl_map_single (bsc#1191851). - swiotlb: respect min_align_mask (bsc#1191851). - swiotlb: Split size parameter to map/unmap APIs (bsc#1191851). - tpm: Check for integer overflow in tpm2_map_response_body() (git-fixes). - tpm: ibmvtpm: Avoid error message when process gets signal while waiting (bsc#1065729). - Update patch reference for AMDGPU fix (bsc#1180749) - USB: cdc-acm: clean up probe error labels (git-fixes). - USB: cdc-acm: fix minor-number release (git-fixes). - usb: chipidea: ci_hdrc_imx: Also search for 'phys' phandle (git-fixes). - usb: hso: fix error handling code of hso_create_net_device (git-fixes). - usb: hso: remove the bailout parameter (git-fixes). - usb: musb: dsps: Fix the probe error path (git-fixes). - usbnet: fix error return code in usbnet_probe() (git-fixes). - usbnet: sanity check for maxpacket (git-fixes). - USB: serial: option: add prod. id for Quectel EG91 (git-fixes). - USB: serial: option: add Quectel EC200S-CN module support (git-fixes). - USB: serial: option: add Telit LE910Cx composition 0x1204 (git-fixes). - USB: serial: qcserial: add EM9191 QDL support (git-fixes). - USB: xhci: dbc: fix tty registration race (git-fixes). - video: fbdev: gbefb: Only instantiate device when built for IP32 (git-fixes). - virtio-gpu: fix possible memory allocation failure (git-fixes). - virtio: write back F_VERSION_1 before validate (git-fixes). - watchdog: orion: use 0 for unset heartbeat (git-fixes). - wcn36xx: Add ability for wcn36xx_smd_dump_cmd_req to pass two's complement (git-fixes). - wcn36xx: add proper DMA memory barriers in rx path (git-fixes). - wcn36xx: Fix HT40 capability for 2Ghz band (git-fixes). - x86/ioapic: Force affinity setup before startup (bsc#1152489). - x86/msi: Force affinity setup before startup (bsc#1152489). - x86/pat: Pass valid address to sanitize_phys() (bsc#1152489). - x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions (bsc#1152489). - x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state() fails (bsc#1152489). - x86/sev: Return an error on a returned non-zero SW_EXITINFO1[31:0] (bsc#1178134). - xen: fix setting of max_pfn in shared_info (git-fixes). - xen: reset legacy rtc flag for PV domU (git-fixes). - xfs: do not allow log writes if the data device is readonly (bsc#1192229). - xfs: ensure that the inode uid/gid match values match the icdinode ones (bsc#1190006). - xfs: Fixed non-directory creation in SGID directories introduced by CVE-2018-13405 patch (bsc#1190006). - xfs: fix I_DONTCACHE (bsc#1192074). - xfs: fix log intent recovery ENOSPC shutdowns when inactivating inodes (bsc#1190642). - xfs: merge the projid fields in struct xfs_icdinode (bsc#1190006). - xfs: remove the icdinode di_uid/di_gid members (bsc#1190006). - xhci: Enable trust tx length quirk for Fresco FL11 USB controller (git-fixes). - xhci: Fix command ring pointer corruption while aborting a command (git-fixes). - xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3782-1 Released: Tue Nov 23 23:49:03 2021 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1187190,1188713,1190326 This update for dracut fixes the following issues: - Fixed multipath devices that always default to bfq scheduler (bsc#1188713) - Fixed unbootable system when testing kernel 5.14 (bsc#1190326) - Add support for the new iscsiadm 'no-wait' (-W) command (bsc#1187190) - Add iscsid.service requirements (bsc#1187190) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3786-1 Released: Wed Nov 24 05:59:13 2021 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: important References: 1192160 This update for rpm-config-SUSE fixes the following issues: - Add support for the kernel xz-compressed firmware files (bsc#1192160) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3787-1 Released: Wed Nov 24 06:00:10 2021 Summary: Recommended update for xfsprogs Type: recommended Severity: moderate References: 1189983,1189984,1191500,1191566,1191675 This update for xfsprogs fixes the following issues: - Make libhandle1 an explicit dependency in the xfsprogs-devel package (bsc#1191566) - Remove deprecated barrier/nobarrier mount options from manual pages section 5 (bsc#1191675) - xfs_io: include support for label command (bsc#1191500) - xfs_quota: state command to report all three (-ugp) grace times separately (bsc#1189983) - xfs_admin: add support for external log devices (bsc#1189984) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3790-1 Released: Wed Nov 24 06:10:31 2021 Summary: Recommended update for open-iscsi Type: recommended Severity: moderate References: 1187190,1187958,1188869,1191054,1192013,1192568 This update for open-iscsi fixes the following issues: - Ensure executables are not moved from /sbin to /usr/sbin in SLE (bsc#1192013)(bsc#1191054) - iscsi-init.service default dependencies can cause the boot to hang so they have been removed (bsc#1187190) - IPv6 offload iSCSI lun needs to be exposed during installation (bsc#1187958) - iscsid needs to use the new prctl(PR_SET_IO_FLUSHER) system call (bsc#1188869) - The iscsi-init.service unit can run too early, when root is read-only, causing it to fail (bsc#1192568) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3792-1 Released: Wed Nov 24 06:12:09 2021 Summary: Recommended update for kmod Type: recommended Severity: moderate References: 1192104 This update for kmod fixes the following issues: - Enable ZSTD compression (bsc#1192104)(jsc#SLE-21256) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3799-1 Released: Wed Nov 24 18:07:54 2021 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1187153,1187273,1188623 This update for gcc11 fixes the following issues: The additional GNU compiler collection GCC 11 is provided: To select these compilers install the packages: - gcc11 - gcc-c++11 - and others with 11 prefix. to select them for building: - CC='gcc-11' - CXX='g++-11' The compiler baselibraries (libgcc_s1, libstdc++6 and others) are being replaced by the GCC 11 variants. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3808-1 Released: Fri Nov 26 00:30:54 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186071,1190440,1190984,1192161 This update for systemd fixes the following issues: - Add timestamp to D-Bus events to improve traceability (jsc#SLE-17798) - Fix fd_is_mount_point() when both the parent and directory are network file systems (bsc#1190984) - Support detection for ARM64 Hyper-V guests (bsc#1186071) - Fix systemd-detect-virt not detecting Amazon EC2 Nitro instance (bsc#1190440) - Enable support for Portable Services in openSUSE Leap only (jsc#SLE-21694) - Fix IO scheduler udev rules to address performance issues (jsc#SLE-21032, bsc#1192161) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3838-1 Released: Wed Dec 1 16:07:54 2021 Summary: Security update for ruby2.5 Type: security Severity: important References: 1188160,1188161,1190375,CVE-2021-31799,CVE-2021-31810,CVE-2021-32066 This update for ruby2.5 fixes the following issues: - CVE-2021-31799: Fixed Command injection vulnerability in RDoc (bsc#1190375). - CVE-2021-31810: Fixed trusting FTP PASV responses vulnerability in Net:FTP (bsc#1188161). - CVE-2021-32066: Fixed StartTLS stripping vulnerability in Net:IMAP (bsc#1188160). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3870-1 Released: Thu Dec 2 07:11:50 2021 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1190356,1191286,1191324,1191370,1191609,1192337,1192436 This update for libzypp, zypper fixes the following issues: libzypp: - Check log writer before accessing it (bsc#1192337) - Zypper should keep cached files if transaction is aborted (bsc#1190356) - Require a minimum number of mirrors for multicurl (bsc#1191609) - Fixed slowdowns when rlimit is too high by using procfs to detect niumber of open file descriptors (bsc#1191324) - Fixed zypper incomplete messages when using non English localization (bsc#1191370) - RepoManager: Don't probe for plaindir repository if the URL schema is a plugin (bsc#1191286) - Disable logger in the child process after fork (bsc#1192436) zypper: - Fixed Zypper removing a kernel explicitely pinned that uses uname -r output format as name (openSUSE/zypper#418) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3872-1 Released: Thu Dec 2 07:25:55 2021 Summary: Recommended update for cracklib Type: recommended Severity: moderate References: 1191736 This update for cracklib fixes the following issues: - Enable build time tests (bsc#1191736) The following package changes have been done: - apparmor-abstractions-2.13.6-3.3.1 added - cracklib-dict-small-2.9.7-11.6.1 updated - cracklib-2.9.7-11.6.1 updated - dracut-049.1+suse.216.gf705637b-3.45.1 updated - kernel-default-5.3.18-59.34.1 updated - kmod-29-4.12.1 updated - libcrack2-2.9.7-11.6.1 updated - libdcerpc-binding0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libdcerpc0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libgcc_s1-11.2.1+git610-1.3.9 updated - libkmod2-29-4.12.1 updated - libldb2-2.2.2-3.3.1 updated - libndr-krb5pac0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libndr-nbt0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libndr-standard0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libndr1-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libnetapi0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libopeniscsiusr0_2_0-2.1.5-32.12.1 updated - libruby2_5-2_5-2.5.9-4.20.1 updated - libsamba-credentials0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libsamba-errors0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libsamba-hostconfig0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libsamba-passdb0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libsamba-util0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libsamdb0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libsmbconf0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libsmbldap2-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libstdc++6-11.2.1+git610-1.3.9 updated - libsystemd0-246.16-7.21.1 updated - libtevent-util0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libudev1-246.16-7.21.1 updated - libwbclient0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libzypp-17.28.8-20.1 updated - open-iscsi-2.1.5-32.12.1 updated - python3-ldb-2.2.2-3.3.1 updated - rpm-config-SUSE-1-5.6.1 updated - ruby2.5-stdlib-2.5.9-4.20.1 updated - ruby2.5-2.5.9-4.20.1 updated - samba-libs-python3-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - samba-libs-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - shim-15.4-4.7.1 added - suse-module-tools-15.3.14-3.14.1 updated - systemd-sysvinit-246.16-7.21.1 updated - systemd-246.16-7.21.1 updated - udev-246.16-7.21.1 updated - xfsprogs-4.15.0-4.52.1 updated - zypper-1.14.50-21.1 updated From sle-updates at lists.suse.com Sat Dec 4 07:27:06 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 4 Dec 2021 08:27:06 +0100 (CET) Subject: SUSE-IU-2021:772-1: Security update of sles-15-sp3-chost-byos-v20211202 Message-ID: <20211204072706.3B595FC9F@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp3-chost-byos-v20211202 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2021:772-1 Image Tags : sles-15-sp3-chost-byos-v20211202:20211202 Image Release : Severity : important Type : security References : 1014440 1065729 1065729 1085030 1085030 1089118 1094840 1133021 1152472 1152472 1152489 1152489 1154353 1156395 1156395 1157177 1167773 1172073 1172073 1173604 1173604 1176447 1176447 1176774 1176774 1176914 1176914 1176940 1178134 1178134 1180100 1180100 1180749 1181147 1181147 1184673 1184673 1185762 1185762 1186063 1186063 1186071 1186109 1186109 1187153 1187167 1187167 1187190 1187190 1187273 1187958 1188160 1188161 1188563 1188563 1188601 1188623 1188713 1188727 1188869 1189017 1189841 1189841 1189983 1189984 1190006 1190006 1190067 1190067 1190326 1190349 1190349 1190351 1190351 1190356 1190375 1190440 1190479 1190479 1190620 1190620 1190642 1190642 1190795 1190795 1190801 1190801 1190941 1190941 1190984 1191054 1191229 1191229 1191240 1191240 1191241 1191241 1191286 1191315 1191315 1191317 1191317 1191324 1191349 1191349 1191370 1191384 1191384 1191449 1191449 1191450 1191450 1191451 1191451 1191452 1191452 1191455 1191455 1191456 1191456 1191500 1191566 1191609 1191628 1191628 1191645 1191645 1191663 1191663 1191675 1191731 1191731 1191736 1191800 1191800 1191804 1191851 1191867 1191867 1191934 1191934 1191958 1191958 1191980 1192013 1192040 1192040 1192041 1192041 1192074 1192074 1192104 1192107 1192107 1192145 1192145 1192160 1192161 1192214 1192215 1192229 1192246 1192247 1192267 1192283 1192284 1192288 1192337 1192436 1192505 1192549 1192568 1192601 14571 CVE-2016-2124 CVE-2020-25717 CVE-2020-25717 CVE-2020-25718 CVE-2020-25719 CVE-2020-25721 CVE-2020-25722 CVE-2021-23192 CVE-2021-31799 CVE-2021-31810 CVE-2021-32066 CVE-2021-33033 CVE-2021-33033 CVE-2021-34866 CVE-2021-34866 CVE-2021-3542 CVE-2021-3542 CVE-2021-3655 CVE-2021-3655 CVE-2021-3715 CVE-2021-3715 CVE-2021-37159 CVE-2021-3738 CVE-2021-3760 CVE-2021-3760 CVE-2021-3772 CVE-2021-3772 CVE-2021-3896 CVE-2021-3896 CVE-2021-41864 CVE-2021-41864 CVE-2021-42008 CVE-2021-42008 CVE-2021-42252 CVE-2021-42252 CVE-2021-42739 CVE-2021-42739 CVE-2021-43056 CVE-2021-43056 CVE-2021-43389 ----------------------------------------------------------------- The container sles-15-sp3-chost-byos-v20211202 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3638-1 Released: Tue Nov 9 15:15:38 2021 Summary: Recommended update for samba Type: recommended Severity: important References: 1188727,1189017,14571 This update for samba fixes the following issues: Features added: - Add Certificate Auto Enrollment Policy. (jsc#SLE-18456) Bugs fixed: - Fix wrong kvno exported to keytab after net ads changetrustpw due to replication delay. (bsc#1188727) - Fix 'net rpc' authentication when using the machine account. (bsc#1189017) Samba was updated to 4.13.10 * s3: smbd: Ensure POSIX default ACL is mapped into returned Windows ACL for directory handles; (bso#14708); * Take a copy to make sure we don't reference free'd memory; (bso#14721); * s3: lib: Fix talloc heirarcy error in parent_smb_fname(); (bso#14722); * s3: smbd: Remove erroneous TALLOC_FREE(smb_fname_parent) in change_file_owner_to_parent() error path; (bso#14736); * samba-tool: Give better error information when the 'domain backup restore' fails with a duplicate SID; (bso#14575); * smbd: Correctly initialize close timestamp fields; (bso#14714); * Spotlight RPC service doesn't work with vfs_glusterfs; (bso#14740); * ctdb: Fix a crash in run_proc_signal_handler(); (bso#14475); * gensec_krb5: Restore ipv6 support for kpasswd; (bso#14750); * smbXsrv_{open,session,tcon}: Protect smbXsrv_{open,session,tcon}_global_traverse_fn against invalid records; (bso#14752); * samba-tool domain backup offline doesn't work against bind DLZ backend; (bso#14027); * netcmd: Use next_free_rid() function to calculate a SID for restoring a backup; (bso#14669); Samba was updated to 4.13.9: * s3: smbd: SMB1 SMBsplwr doesn't send a reply packet on success; (bso#14696); * Add documentation for dsdb_group_audit and dsdb_group_json_audit to 'log level', synchronise 'log level' in smb.conf with the code; (bso#14689); * Fix smbd panic when two clients open same file; (bso#14672); * Fix memory leak in the RPC server; (bso#14675); * s3: smbd: Fix deferred renames; (bso#14679); * s3-iremotewinspool: Set the per-request memory context; (bso#14675); * rpc_server3: Fix a memleak for internal pipes; (bso#14675); * third_party: Update socket_wrapper to version 1.3.2; (bso#11899); * third_party: Update socket_wrapper to version 1.3.3; (bso#14639); * idmap_rfc2307 and idmap_nss return wrong mapping for uid/gid conflict; (bso#14663); * Fix the build on OmniOS; (bso#14288); Update to 4.13.7 * Release with dependency on ldb version 2.2.1. - Fix wrong kvno exported to keytab after net ads changetrustpw due to replication delay (bsc#1188727) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3647-1 Released: Wed Nov 10 17:34:14 2021 Summary: Security update for samba and ldb Type: security Severity: important References: 1014440,1192214,1192215,1192246,1192247,1192283,1192284,1192505,CVE-2016-2124,CVE-2020-25717,CVE-2020-25718,CVE-2020-25719,CVE-2020-25721,CVE-2020-25722,CVE-2021-23192,CVE-2021-3738 This update for samba and ldb fixes the following issues: - CVE-2020-25718: Fixed that an RODC can issue (forge) administrator tickets to other servers (bsc#1192246). - CVE-2021-3738: Fixed crash in dsdb stack (bsc#1192215). - CVE-2016-2124: Fixed not to fallback to non spnego authentication if we require kerberos (bsc#1014440). - CVE-2020-25717: Fixed privilege escalation inside an AD Domain where a user could become root on domain members (bsc#1192284). - CVE-2020-25719: Fixed AD DC Username based races when no PAC is given (bsc#1192247). - CVE-2020-25722: Fixed AD DC UPN vs samAccountName not checked (top-level bug for AD DC validation issues) (bsc#1192283). - CVE-2021-23192: Fixed dcerpc requests to don't check all fragments against the first auth_state (bsc#1192214). - CVE-2020-25721: Fixed fill in the new HAS_SAM_NAME_AND_SID values (bsc#1192505). Samba was updated to 4.13.13 * rodc_rwdc test flaps;(bso#14868). * Backport bronze bit fixes, tests, and selftest improvements; (bso#14881). * Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze bit' S4U2Proxy Constrained Delegation bypass in Samba with embedded Heimdal;(bso#14642). * Python ldb.msg_diff() memory handling failure;(bso#14836). * 'in' operator on ldb.Message is case sensitive;(bso#14845). * Fix Samba support for UF_NO_AUTH_DATA_REQUIRED;(bso#14871). * Allow special chars like '@' in samAccountName when generating the salt;(bso#14874). * Fix transit path validation;(bso#12998). * Prepare to operate with MIT krb5 >= 1.20;(bso#14870). * rpcclient NetFileEnum and net rpc file both cause lock order violation: brlock.tdb, share_entries.tdb;(bso#14645). * Python ldb.msg_diff() memory handling failure;(bso#14836). * Release LDB 2.3.1 for Samba 4.14.9;(bso#14848). Samba was updated to 4.13.12: * Address a signifcant performance regression in database access in the AD DC since Samba 4.12;(bso#14806). * Fix performance regression in lsa_LookupSids3/LookupNames4 since Samba 4.9 by using an explicit database handle cache; (bso#14807). * An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ;(bso#14817). * Address flapping samba_tool_drs_showrepl test;(bso#14818). * Address flapping dsdb_schema_attributes test;(bso#14819). * An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ;(bso#14817). * Fix CTDB flag/status update race conditions(bso#14784). Samba was updated to 4.13.11: * smbd: panic on force-close share during offload write; (bso#14769). * Fix returned attributes on fake quota file handle and avoid hitting the VFS;(bso#14731). * smbd: 'deadtime' parameter doesn't work anymore;(bso#14783). * net conf list crashes when run as normal user;(bso#14787). * Work around special SMB2 READ response behavior of NetApp Ontap 7.3.7;(bso#14607). * Start the SMB encryption as soon as possible;(bso#14793). * Winbind should not start if the socket path for the privileged pipe is too long;(bso#14792). ldb was updated to 2.2.2: + CVE-2020-25718: samba: An RODC can issue (forge) administrator tickets to other servers; (bsc#1192246); (bso#14558) + CVE-2021-3738: samba: crash in dsdb stack; (bsc#1192215);(bso#14848) Release ldb 2.2.2 + Corrected python behaviour for 'in' for LDAP attributes contained as part of ldb.Message;(bso#14845). + Fix memory handling in ldb.msg_diff Corrected python docstrings;(bso#14836) + Backport bronze bit fixes, tests, and selftest improvements; (bso#14881). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3655-1 Released: Thu Nov 11 11:59:22 2021 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1085030,1152472,1152489,1156395,1172073,1173604,1176447,1176774,1176914,1178134,1180100,1181147,1184673,1185762,1186063,1186109,1187167,1188563,1189841,1190006,1190067,1190349,1190351,1190479,1190620,1190642,1190795,1190801,1190941,1191229,1191240,1191241,1191315,1191317,1191349,1191384,1191449,1191450,1191451,1191452,1191455,1191456,1191628,1191645,1191663,1191731,1191800,1191867,1191934,1191958,1192040,1192041,1192074,1192107,1192145,CVE-2021-33033,CVE-2021-34866,CVE-2021-3542,CVE-2021-3655,CVE-2021-3715,CVE-2021-3760,CVE-2021-3772,CVE-2021-3896,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252,CVE-2021-42739,CVE-2021-43056 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. NOTE: This update was retracted due to a NFS regression. The following security bugs were fixed: - CVE-2021-3772: Fixed sctp vtag check in sctp_sf_ootb (bsc#1190351). - CVE-2021-3655: Fixed a missing size validations on inbound SCTP packets, which may have allowed the kernel to read uninitialized memory (bsc#1188563). - CVE-2021-43056: Fixed possible KVM host crash via malicious KVM guest on Power8 (bnc#1192107). - CVE-2021-3896: Fixed a array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c (bsc#1191958). - CVE-2021-3760: Fixed a use-after-free vulnerability with the ndev->rf_conn_info object (bsc#1190067). - CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673). - CVE-2021-3542: Fixed heap buffer overflow in firedtv driver (bsc#1186063). - CVE-2021-33033: Fixed a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled (bsc#1186109). - CVE-2021-3715: Fixed a use-after-free in route4_change() in net/sched/cls_route.c (bsc#1190349). - CVE-2021-34866: Fixed eBPF Type Confusion Privilege Escalation Vulnerability (bsc#1191645). - CVE-2021-42252: Fixed an issue inside aspeed_lpc_ctrl_mmap that could have allowed local attackers to access the Aspeed LPC control interface to overwrite memory in the kernel and potentially execute privileges (bnc#1190479). - CVE-2021-41864: Fixed prealloc_elems_and_freelist that allowed unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write (bnc#1191317). - CVE-2021-42008: Fixed a slab out-of-bounds write in the decode_data function in drivers/net/hamradio/6pack.c. Input from a process that had the CAP_NET_ADMIN capability could have lead to root access (bsc#1191315). The following non-security bugs were fixed: - ACPI: NFIT: Use fallback node id when numa info in NFIT table is incorrect (git-fixes). - ACPI: bgrt: Fix CFI violation (git-fixes). - ACPI: fix NULL pointer dereference (git-fixes). - ACPI: fix NULL pointer dereference (git-fixes). - ALSA: hda - Enable headphone mic on Dell Latitude laptops with ALC3254 (git-fixes). - ALSA: hda/realtek - ALC236 headset MIC recording issue (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PC50HS (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo X170KM-G (git-fixes). - ALSA: hda/realtek: Add quirk for TongFang PHxTxX1 (git-fixes). - ALSA: hda/realtek: Complete partial device name to avoid ambiguity (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output for Dell Precision 5560 laptop (git-fixes). - ALSA: hda/realtek: Fix for quirk to enable speaker output on the Lenovo 13s Gen2 (git-fixes). - ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW (git-fixes). - ALSA: hda/realtek: Quirks to enable speaker output for Lenovo Legion 7i 15IMHG05, Yoga 7i 14ITL5/15ITL5, and 13s Gen2 laptops (git-fixes). - ALSA: hda: avoid write to STATESTS if controller is in reset (git-fixes). - ALSA: hda: intel: Allow repeatedly probing on codec configuration errors (bsc#1190801). - ALSA: pcm: Workaround for a wrong offset in SYNC_PTR compat ioctl (git-fixes). - ALSA: seq: Fix a potential UAF by wrong private_free call order (git-fixes). - ALSA: usb-audio: Add quirk for VF0770 (git-fixes). - ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset (git-fixes). - ASoC: DAPM: Fix missing kctl change notifications (git-fixes). - ASoC: Intel: Skylake: Fix module configuration for KPB and MIXER (git-fixes). - ASoC: Intel: Skylake: Fix passing loadable flag for module (git-fixes). - ASoC: Intel: bytcr_rt5640: Move 'Platform Clock' routes to the maps for the matching in-/output (git-fixes). - ASoC: Intel: sof_sdw: tag SoundWire BEs as non-atomic (git-fixes). - ASoC: SOF: imx: imx8: Bar index is only valid for IRAM and SRAM types (git-fixes). - ASoC: SOF: imx: imx8m: Bar index is only valid for IRAM and SRAM types (git-fixes). - ASoC: SOF: loader: release_firmware() on load failure to avoid batching (git-fixes). - ASoC: atmel: ATMEL drivers do not need HAS_DMA (git-fixes). - ASoC: dapm: use component prefix when checking widget names (git-fixes). - ASoC: fsl_spdif: register platform component before registering cpu dai (git-fixes). - ASoC: wm8960: Fix clock configuration on slave mode (git-fixes). - Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731). - Configure mpi3mr as currently unsupported (jsc#SLE-18120) - HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS (git-fixes). - HID: betop: fix slab-out-of-bounds Write in betop_probe (git-fixes). - HID: u2fzero: ignore incomplete packets without data (git-fixes). - HID: usbhid: free raw_report buffers in usbhid_stop (git-fixes). - HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs (git-fixes). - ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241). - ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241). - IPv6: reply ICMP error if the first fragment do not include all headers (bsc#1191241). - IPv6: reply ICMP error if the first fragment do not include all headers (bsc#1191241). - Input: snvs_pwrkey - add clk handling (git-fixes). - Input: xpad - add support for another USB ID of Nacon GC-100 (git-fixes). - KVM: PPC: Book3S HV Nested: Reflect guest PMU in-use to L0 when guest SPRs are live (bsc#1156395). - KVM: PPC: Book3S HV Nested: Sanitise H_ENTER_NESTED TM state (bsc#1156395). - KVM: PPC: Book3S HV: Fix copy_tofrom_guest routines (jsc#SLE-12936 git-fixes). - KVM: PPC: Book3S HV: Save host FSCR in the P7/8 path (bsc#1065729). - KVM: PPC: Book3S HV: Tolerate treclaim. in fake-suspend mode changing registers (bsc#1156395). - KVM: PPC: Fix clearing never mapped TCEs in realmode (bsc#1156395). - KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak (bsc#1156395). - NFC: digital: fix possible memory leak in digital_in_send_sdd_req() (git-fixes). - NFC: digital: fix possible memory leak in digital_tg_listen_mdaa() (git-fixes). - NFS: Do uncached readdir when we're seeking a cookie in an empty page cache (bsc#1191628). - PCI: Fix pci_host_bridge struct device release/free handling (git-fixes). - PM / devfreq: rk3399_dmc: Add missing of_node_put() (git-fixes). - PM / devfreq: rk3399_dmc: Disable devfreq-event device when fails (git-fixes). - PM / devfreq: rk3399_dmc: Fix kernel oops when rockchip,pmu is absent (git-fixes). - PM / devfreq: rk3399_dmc: Fix spelling typo (git-fixes). - PM / devfreq: rk3399_dmc: Remove unneeded semicolon (git-fixes). - RDMA/cma: Do not change route.addr.src_addr.ss_family (bsc#1181147). - RDMA/cma: Fix listener leak in rdma_cma_listen_on_all() failure (bsc#1181147). - USB: cdc-acm: clean up probe error labels (git-fixes). - USB: cdc-acm: fix minor-number release (git-fixes). - USB: serial: option: add Quectel EC200S-CN module support (git-fixes). - USB: serial: option: add Telit LE910Cx composition 0x1204 (git-fixes). - USB: serial: option: add prod. id for Quectel EG91 (git-fixes). - USB: serial: qcserial: add EM9191 QDL support (git-fixes). - USB: xhci: dbc: fix tty registration race (git-fixes). - acpi/arm64: fix next_platform_timer() section mismatch error (git-fixes). - acpi/arm64: fix next_platform_timer() section mismatch error (git-fixes). - ata: ahci_platform: fix null-ptr-deref in ahci_platform_enable_regulators() (git-fixes). - ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init() (git-fixes). - audit: fix possible null-pointer dereference in audit_filter_rules (git-fixes). - bfq: Remove merged request already in bfq_requests_merged() (bsc#1191456). - blk: Fix lock inversion between ioc lock and bfqd lock (bsc#1191456). - blktrace: Fix uaf in blk_trace access after removing by sysfs (bsc#1191452). - block: bfq: fix bfq_set_next_ioprio_data() (bsc#1191451). - bnxt_en: make bnxt_free_skbs() safe to call after bnxt_free_mem() (jsc#SLE-16649). - bpf: Add bpf_patch_call_args prototype to include/linux/bpf.h (git-fixes). - bpf: Fix OOB read when printing XDP link fdinfo (git-fixes). - bpf: Fix a typo of reuseport map in bpf.h (git-fixes). - bpf: Fix up bpf_skb_adjust_room helper's skb csum setting (git-fixes). - can: dev: can_restart: fix use after free bug (git-fixes). - can: peak_pci: peak_pci_remove(): fix UAF (git-fixes). - can: peak_usb: fix use after free bugs (git-fixes). - can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification (git-fixes). - can: rcar_can: fix suspend/resume (git-fixes). - can: ti_hecc: ti_hecc_probe(): add missed clk_disable_unprepare() in error path (git-fixes). - can: xilinx_can: handle failure cases of pm_runtime_get_sync (git-fixes). - cb710: avoid NULL pointer subtraction (git-fixes). - ceph: fix handling of 'meta' errors (bsc#1192041). - ceph: skip existing superblocks that are blocklisted or shut down when mounting (bsc#1192040). - cfg80211: correct bridge/4addr mode check (git-fixes). - cfg80211: fix management registrations locking (git-fixes). - cfg80211: scan: fix RCU in cfg80211_add_nontrans_list() (git-fixes). - cpuidle: pseries: Mark pseries_idle_proble() as __init (jsc#SLE-13614 bsc#1176914 ltc#186394 git-fixes). - drm/amd/display: Pass PCI deviceid into DC (git-fixes). - drm/amdgpu: correct initial cp_hqd_quantum for gfx9 (git-fixes). - drm/amdgpu: fix gart.bo pin_count leak (git-fixes). - drm/edid: In connector_bad_edid() cap num_of_ext by num_blocks read (git-fixes). - drm/i915: Fix syncmap memory leak (bsc#1152489) Backporting notes: * context changes in intel_timeline_fini() - drm/msm/dsi: Fix an error code in msm_dsi_modeset_init() (git-fixes). - drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling (git-fixes). - drm/msm: Avoid potential overflow in timeout_to_jiffies() (git-fixes). - drm/msm: Fix null pointer dereference on pointer edp (git-fixes). - drm/nouveau/debugfs: fix file release memory leak (git-fixes). - drm/nouveau/kms/nv50-: fix file release memory leak (git-fixes). - drm/nouveau/kms/tu102-: delay enabling cursor until after assign_windows (git-fixes). - drm/nouveau: avoid a use-after-free when BO init fails (bsc#1152472) - drm/panel: olimex-lcd-olinuxino: select CRC32 (git-fixes). - drm/panfrost: Make sure MMU context lifetime is not bound to (bsc#1152472) - drm/sun4i: dw-hdmi: Fix HDMI PHY clock setup (git-fixes). - e1000e: Drop patch to avoid regressions until real fix is available (bsc#1191663). - e1000e: Fix packet loss on Tiger Lake and later (git-fixes). - e100: fix buffer overrun in e100_get_regs (git-fixes). - e100: fix length calculation in e100_get_regs_len (git-fixes). - e100: handle eeprom as little endian (git-fixes). - ext4: fix reserved space counter leakage (bsc#1191450). - ext4: report correct st_size for encrypted symlinks (bsc#1191449). - fs, mm: fix race in unlinking swapfile (bsc#1191455). - fscrypt: add fscrypt_symlink_getattr() for computing st_size (bsc#1191449). - gpio: pca953x: Improve bias setting (git-fixes). - hso: fix bailout in error case of probe (git-fixes). - i2c: acpi: fix resource leak in reconfiguration device addition (git-fixes). - ice: fix getting UDP tunnel entry (jsc#SLE-12878). - iio: adc128s052: Fix the error handling path of 'adc128_probe()' (git-fixes). - iio: adc: aspeed: set driver data when adc probe (git-fixes). - iio: dac: ti-dac5571: fix an error code in probe() (git-fixes). - iio: light: opt3001: Fixed timeout error when 0 lux (git-fixes). - iio: mtk-auxadc: fix case IIO_CHAN_INFO_PROCESSED (git-fixes). - iio: ssp_sensors: add more range checking in ssp_parse_dataframe() (git-fixes). - iio: ssp_sensors: fix error code in ssp_print_mcu_debug() (git-fixes). - ipv6/netfilter: Discard first fragment not including all headers (bsc#1191241). - ipv6/netfilter: Discard first fragment not including all headers (bsc#1191241). - isdn: cpai: check ctr->cnr to avoid array index out of bound (git-fixes). - isdn: mISDN: Fix sleeping function called from invalid context (git-fixes). - iwlwifi: pcie: add configuration of a Wi-Fi adapter on Dell XPS 15 (git-fixes). - ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup (git-fixes). - kABI workaround for HD-audio probe retry changes (bsc#1190801). - kABI workaround for cfg80211 mgmt_registration_lock changes (git-fixes). - kabi: block: Fix kabi of blk_mq_sched_try_insert_merge() (bsc#1191456). - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167 bsc#1191240 ltc#194716). - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167). - kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as well. Fixes: e98096d5cf85 ('rpm: Abolish scritplet templating (bsc#1189841).') - kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229). - lan78xx: select CRC32 (git-fixes). - libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD (git-fixes). - mac80211: Drop frames from invalid MAC address in ad-hoc mode (git-fixes). - mac80211: check return value of rhashtable_init (git-fixes). - mei: me: add Ice Lake-N device id (git-fixes). - mmc: dw_mmc: exynos: fix the finding clock sample value (git-fixes). - mmc: meson-gx: do not use memcpy_to/fromio for dram-access-quirk (git-fixes). - mmc: vub300: fix control-message timeouts (git-fixes). - net/mlx5: E-Switch, Fix double allocation of acl flow counter (jsc#SLE-15172). - net/mlx5e: IPSEC RX, enable checksum complete (jsc#SLE-15172). - net/mlx5e: RX, Avoid possible data corruption when relaxed ordering and LRO combined (jsc#SLE-15172). - net/sched: ets: fix crash when flipping from 'strict' to 'quantum' (bsc#1176774). - net: batman-adv: fix error handling (git-fixes). - net: can: ems_usb: fix use-after-free in ems_usb_disconnect() (git-fixes). - net: cdc_eem: fix tx fixup skb leak (git-fixes). - net: cdc_ncm: correct overhead in delayed_ndp_size (git-fixes). - net: hns3: check queue id range before using (jsc#SLE-14777). - net: hso: add failure handler for add_net_device (git-fixes). - net: hso: fix NULL-deref on disconnect regression (git-fixes). - net: hso: fix null-ptr-deref during tty device unregistration (git-fixes). - net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241). - net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241). - net: lan78xx: fix division by zero in send path (git-fixes). - net: mana: Fix error handling in mana_create_rxq() (git-fixes, bsc#1191800). - net: usb: Fix uninit-was-stored issue in asix_read_phy_addr() (git-fixes). - netfilter: Drop fragmented ndisc packets assembled in netfilter (git-fixes). - netfilter: conntrack: collect all entries in one cycle (bsc#1173604). - netfilter: xt_IDLETIMER: fix panic that occurs when timer_type has garbage value (bsc#1176447). - nfc: fix error handling of nfc_proto_register() (git-fixes). - nfc: port100: fix using -ERRNO as command type mask (git-fixes). - nvme-fc: avoid race between time out and tear down (bsc#1185762). - nvme-fc: remove freeze/unfreeze around update_nr_hw_queues (bsc#1185762). - nvme-fc: update hardware queues before using them (bsc#1185762). - nvme-pci: Fix abort command id (git-fixes). - nvme-pci: fix error unwind in nvme_map_data (bsc#1191934). - nvme-pci: fix error unwind in nvme_map_data (bsc#1191934). - nvme-pci: refactor nvme_unmap_data (bsc#1191934). - nvme-pci: refactor nvme_unmap_data (bsc#1191934). - nvme: add command id quirk for apple controllers (git-fixes). - ocfs2: fix data corruption after conversion from inline format (bsc#1190795). - pata_legacy: fix a couple uninitialized variable bugs (git-fixes). - phy: mdio: fix memory leak (git-fixes). - platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call (git-fixes). - platform/mellanox: mlxreg-io: Fix read access of n-bytes size attributes (git-fixes). - platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from run_smbios_call (git-fixes). - platform/x86: intel_scu_ipc: Fix busy loop expiry time (git-fixes). - powerpc/64s: Fix entry flush patching w/strict RWX & hash (jsc#SLE-13847 git-fixes). - powerpc/64s: Fix stf mitigation patching w/strict RWX & hash (jsc#SLE-13847 git-fixes). - powerpc/64s: Remove irq mask workaround in accumulate_stolen_time() (jsc#SLE-9246 git-fixes). - powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729). - powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729). - powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729). - powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729). - powerpc/bpf: Use bctrl for making function calls (bsc#1065729). - powerpc/bpf: Use bctrl for making function calls (bsc#1065729). - powerpc/lib/code-patching: Do not use struct 'ppc_inst' for runnable code in tests (jsc#SLE-13847 git-fixes). - powerpc/lib/code-patching: Make instr_is_branch_to_addr() static (jsc#SLE-13847 git-fixes). - powerpc/lib: Fix emulate_step() std test (bsc#1065729). - powerpc/numa: Update cpu_cpu_map on CPU online/offline (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/pseries: Fix build error when NUMA=n (bsc#1190620 ltc#194498 git-fixes). - powerpc/smp: Cache CPU to chip lookup (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Enable CACHE domain for shared processor (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Fix a crash while booting kvm guest with nr_cpus=2 (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Fold cpu_die() into its only caller (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Set numa node before updating mask (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Update cpu_core_map on all PowerPc systems (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/uprobes: Validation for prefixed instruction (jsc#SLE-13847 git-fixes). - powerpc/xive: Discard disabled interrupts in get_irqchip_state() (bsc#1085030 git-fixes). - powerpc: Do not dereference code as 'struct ppc_inst' (uprobe, code-patching, feature-fixups) (jsc#SLE-13847 git-fixes). - powerpc: Do not use 'struct ppc_inst' to reference instruction location (jsc#SLE-13847 git-fixes). - powerpc: Move arch_cpu_idle_dead() into smp.c (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init (git-fixes). - ptp_pch: Load module automatically if ID matches (git-fixes). - ptp_pch: Restore dependency on PCI (git-fixes). - regmap: Fix possible double-free in regcache_rbtree_exit() (git-fixes). - rpm: fix kmp install path - rpm: use _rpmmacrodir (boo#1191384) - scsi: ibmvfc: Fix up duplicate response detection (bsc#1191867 ltc#194757). - scsi: iscsi: Fix deadlock on recovery path during GFP_IO reclaim (git-fixes). - scsi: lpfc: Allow PLOGI retry if previous PLOGI was aborted (bsc#1192145). - scsi: lpfc: Allow fabric node recovery if recovery is in progress before devloss (bsc#1192145). - scsi: lpfc: Correct sysfs reporting of loop support after SFP status change (bsc#1192145). - scsi: lpfc: Fix link down processing to address NULL pointer dereference (bsc#1192145). - scsi: lpfc: Fix memory overwrite during FC-GS I/O abort handling (bsc#1191349). - scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine (bsc#1192145). - scsi: lpfc: Revert LOG_TRACE_EVENT back to LOG_INIT prior to driver_resource_setup() (bsc#1192145). - scsi: lpfc: Update lpfc version to 14.0.0.3 (bsc#1192145). - scsi: lpfc: Wait for successful restart of SLI3 adapter during host sg_reset (bsc#1192145). - scsi: mpi3mr: Add EEDP DIF DIX support (jsc#SLE-18120). - scsi: mpi3mr: Add bios_param SCSI host template hook (jsc#SLE-18120). - scsi: mpi3mr: Add change queue depth support (jsc#SLE-18120). - scsi: mpi3mr: Add event handling debug prints (jsc#SLE-18120). - scsi: mpi3mr: Add mpi30 Rev-R headers and Kconfig (jsc#SLE-18120). - scsi: mpi3mr: Add support for DSN secure firmware check (jsc#SLE-18120). - scsi: mpi3mr: Add support for PCIe device event handling (jsc#SLE-18120). - scsi: mpi3mr: Add support for PM suspend and resume (jsc#SLE-18120). - scsi: mpi3mr: Add support for device add/remove event handling (jsc#SLE-18120). - scsi: mpi3mr: Add support for internal watchdog thread (jsc#SLE-18120). - scsi: mpi3mr: Add support for queue command processing (jsc#SLE-18120). - scsi: mpi3mr: Add support for recovering controller (jsc#SLE-18120). - scsi: mpi3mr: Add support for threaded ISR (jsc#SLE-18120). - scsi: mpi3mr: Add support for timestamp sync with firmware (jsc#SLE-18120). - scsi: mpi3mr: Additional event handling (jsc#SLE-18120). - scsi: mpi3mr: Allow certain commands during pci-remove hook (jsc#SLE-18120). - scsi: mpi3mr: Base driver code (jsc#SLE-18120). - scsi: mpi3mr: Complete support for soft reset (jsc#SLE-18120). - scsi: mpi3mr: Create operational request and reply queue pair (jsc#SLE-18120). - scsi: mpi3mr: Fix error handling in mpi3mr_setup_isr() (git-fixes). - scsi: mpi3mr: Fix missing unlock on error (git-fixes). - scsi: mpi3mr: Hardware workaround for UNMAP commands to NVMe drives (jsc#SLE-18120). - scsi: mpi3mr: Implement SCSI error handler hooks (jsc#SLE-18120). - scsi: mpi3mr: Print IOC info for debugging (jsc#SLE-18120). - scsi: mpi3mr: Print pending host I/Os for debugging (jsc#SLE-18120). - scsi: mpi3mr: Set up IRQs in resume path (jsc#SLE-18120). - scsi: mpi3mr: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (jsc#SLE-18120). - scsi: mpi3mr: Use the proper SCSI midlayer interfaces for PI (jsc#SLE-18120). - scsi: mpi3mr: Wait for pending I/O completions upon detection of VD I/O timeout (jsc#SLE-18120). - scsi: qla2xxx: Add debug print of 64G link speed (bsc#1190941). - scsi: qla2xxx: Add host attribute to trigger MPI hang (bsc#1190941). - scsi: qla2xxx: Add support for mailbox passthru (bsc#1190941). - scsi: qla2xxx: Adjust request/response queue size for 28xx (bsc#1190941). - scsi: qla2xxx: Call process_response_queue() in Tx path (bsc#1190941). - scsi: qla2xxx: Changes to support FCP2 Target (bsc#1190941). - scsi: qla2xxx: Changes to support kdump kernel (bsc#1190941). - scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS (bsc#1190941). - scsi: qla2xxx: Check for firmware capability before creating QPair (bsc#1190941). - scsi: qla2xxx: Display 16G only as supported speeds for 3830c card (bsc#1190941). - scsi: qla2xxx: Do not call fc_block_scsi_eh() during bus reset (bsc#1190941). - scsi: qla2xxx: Fix NPIV create erroneous error (bsc#1190941). - scsi: qla2xxx: Fix NVMe retry (bsc#1190941). - scsi: qla2xxx: Fix NVMe session down detection (bsc#1190941). - scsi: qla2xxx: Fix NVMe | FCP personality change (bsc#1190941). - scsi: qla2xxx: Fix crash in NVMe abort path (bsc#1190941). - scsi: qla2xxx: Fix excessive messages during device logout (bsc#1190941). - scsi: qla2xxx: Fix hang during NVMe session tear down (bsc#1190941). - scsi: qla2xxx: Fix hang on NVMe command timeouts (bsc#1190941). - scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file (bsc#1190941). - scsi: qla2xxx: Fix port type info (bsc#1190941). - scsi: qla2xxx: Fix unsafe removal from linked list (bsc#1190941). - scsi: qla2xxx: Fix use after free in eh_abort path (bsc#1190941). - scsi: qla2xxx: Move heartbeat handling from DPC thread to workqueue (bsc#1190941). - scsi: qla2xxx: Open-code qla2xxx_eh_device_reset() (bsc#1190941). - scsi: qla2xxx: Open-code qla2xxx_eh_target_reset() (bsc#1190941). - scsi: qla2xxx: Remove redundant initialization of pointer req (bsc#1190941). - scsi: qla2xxx: Restore initiator in dual mode (bsc#1190941). - scsi: qla2xxx: Show OS name and version in FDMI-1 (bsc#1190941). - scsi: qla2xxx: Suppress unnecessary log messages during login (bsc#1190941). - scsi: qla2xxx: Sync queue idx with queue_pair_map idx (bsc#1190941). - scsi: qla2xxx: Update version to 10.02.06.100-k (bsc#1190941). - scsi: qla2xxx: Update version to 10.02.06.200-k (bsc#1190941). - scsi: qla2xxx: Update version to 10.02.07.100-k (bsc#1190941). - scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190941). - scsi: qla2xxx: edif: Add N2N support for EDIF (bsc#1190941). - scsi: qla2xxx: edif: Do secure PLOGI when auth app is present (bsc#1190941). - scsi: qla2xxx: edif: Fix EDIF enable flag (bsc#1190941). - scsi: qla2xxx: edif: Fix returnvar.cocci warnings (bsc#1190941). - scsi: qla2xxx: edif: Fix stale session (bsc#1190941). - scsi: qla2xxx: edif: Reject AUTH ELS on session down (bsc#1190941). - scsi: qla2xxx: edif: Use link event to wake up app (bsc#1190941). - scsi: target: Fix the pgr/alua_support_store functions (git-fixes). - sctp: check asoc peer.asconf_capable before processing asconf (bsc#1190351). - soc: qcom: mdt_loader: Drop PT_LOAD check on hash segment (git-fixes). - spi: spi-nxp-fspi: do not depend on a specific node name erratum workaround (git-fixes). - tpm: ibmvtpm: Avoid error message when process gets signal while waiting (bsc#1065729). - usb: chipidea: ci_hdrc_imx: Also search for 'phys' phandle (git-fixes). - usb: hso: fix error handling code of hso_create_net_device (git-fixes). - usb: hso: remove the bailout parameter (git-fixes). - usb: musb: dsps: Fix the probe error path (git-fixes). - video: fbdev: gbefb: Only instantiate device when built for IP32 (git-fixes). - virtio: write back F_VERSION_1 before validate (git-fixes). - watchdog: orion: use 0 for unset heartbeat (git-fixes). - x86/pat: Pass valid address to sanitize_phys() (bsc#1152489). - x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state() fails (bsc#1152489). - x86/sev: Return an error on a returned non-zero SW_EXITINFO1[31:0] (bsc#1178134). - xen: fix setting of max_pfn in shared_info (git-fixes). - xen: reset legacy rtc flag for PV domU (git-fixes). - xfs: Fixed non-directory creation in SGID directories introduced by CVE-2018-13405 patch (bsc#1190006). - xfs: ensure that the inode uid/gid match values match the icdinode ones (bsc#1190006). - xfs: fix I_DONTCACHE (bsc#1192074). - xfs: fix log intent recovery ENOSPC shutdowns when inactivating inodes (bsc#1190642). - xfs: merge the projid fields in struct xfs_icdinode (bsc#1190006). - xfs: remove the icdinode di_uid/di_gid members (bsc#1190006). - xhci: Enable trust tx length quirk for Fresco FL11 USB controller (git-fixes). - xhci: Fix command ring pointer corruption while aborting a command (git-fixes). - xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes). - xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3662-1 Released: Mon Nov 15 19:13:54 2021 Summary: Security update for samba Type: security Severity: important References: 1192601,CVE-2020-25717 This update for samba fixes the following issues: - Fix regression introduced by CVE-2020-25717 patches, winbindd does not start when 'allow trusted domains' is off; (bso#14899); ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3663-1 Released: Mon Nov 15 19:14:32 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1191804 This update for suse-module-tools fixes the following issues: - Update to version 15.3.14: * more fixes for updates under secure boot * cert-script: Deal with existing $cert.delete file (bsc#1191804). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3675-1 Released: Tue Nov 16 17:47:44 2021 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1085030,1089118,1094840,1133021,1152472,1152489,1154353,1156395,1157177,1167773,1172073,1173604,1176447,1176774,1176914,1176940,1178134,1180100,1180749,1181147,1184673,1185762,1186063,1186109,1187167,1188563,1188601,1189841,1190006,1190067,1190349,1190351,1190479,1190620,1190642,1190795,1190801,1190941,1191229,1191240,1191241,1191315,1191317,1191349,1191384,1191449,1191450,1191451,1191452,1191455,1191456,1191628,1191645,1191663,1191731,1191800,1191851,1191867,1191934,1191958,1191980,1192040,1192041,1192074,1192107,1192145,1192229,1192267,1192288,1192549,CVE-2021-33033,CVE-2021-34866,CVE-2021-3542,CVE-2021-3655,CVE-2021-3715,CVE-2021-37159,CVE-2021-3760,CVE-2021-3772,CVE-2021-3896,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252,CVE-2021-42739,CVE-2021-43056,CVE-2021-43389 The following security bugs were fixed: - CVE-2021-3542: Fixed heap buffer overflow in firedtv driver (bsc#1186063). - CVE-2021-3655: Fixed a missing size validations on inbound SCTP packets, which may have allowed the kernel to read uninitialized memory (bsc#1188563). - CVE-2021-3715: Fixed a use-after-free in route4_change() in net/sched/cls_route.c (bsc#1190349). - CVE-2021-3760: Fixed a use-after-free vulnerability with the ndev->rf_conn_info object (bsc#1190067). - CVE-2021-3772: Fixed sctp vtag check in sctp_sf_ootb (bsc#1190351). - CVE-2021-3896: Fixed a array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c (bsc#1191958). - CVE-2021-33033: Fixed a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled (bsc#1186109). - CVE-2021-34866: Fixed eBPF Type Confusion Privilege Escalation Vulnerability (bsc#1191645). - CVE-2021-37159: hso_free_net_device in drivers/net/usb/hso.c called without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free (bnc#1188601). - CVE-2021-41864: Fixed prealloc_elems_and_freelist that allowed unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write (bnc#1191317). - CVE-2021-42008: Fixed a slab out-of-bounds write in the decode_data function in drivers/net/hamradio/6pack.c. Input from a process that had the CAP_NET_ADMIN capability could have lead to root access (bsc#1191315). - CVE-2021-42252: Fixed an issue inside aspeed_lpc_ctrl_mmap that could have allowed local attackers to access the Aspeed LPC control interface to overwrite memory in the kernel and potentially execute privileges (bnc#1190479). - CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673). - CVE-2021-43056: Fixed possible KVM host crash via malicious KVM guest on Power8 (bnc#1192107). - CVE-2021-43389: There was an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958). The following non-security bugs were fixed: - acpi/arm64: fix next_platform_timer() section mismatch error (git-fixes). - ACPI: bgrt: Fix CFI violation (git-fixes). - ACPI: fix NULL pointer dereference (git-fixes). - ACPI: NFIT: Use fallback node id when numa info in NFIT table is incorrect (git-fixes). - Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731). - ALSA: hda: avoid write to STATESTS if controller is in reset (git-fixes). - ALSA: hda - Enable headphone mic on Dell Latitude laptops with ALC3254 (git-fixes). - ALSA: hda: intel: Allow repeatedly probing on codec configuration errors (bsc#1190801). - ALSA: hda/realtek: Add quirk for Clevo PC50HS (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo X170KM-G (git-fixes). - ALSA: hda/realtek: Add quirk for TongFang PHxTxX1 (git-fixes). - ALSA: hda/realtek - ALC236 headset MIC recording issue (git-fixes). - ALSA: hda/realtek: Complete partial device name to avoid ambiguity (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output for Dell Precision 5560 laptop (git-fixes). - ALSA: hda/realtek: Fix for quirk to enable speaker output on the Lenovo 13s Gen2 (git-fixes). - ALSA: hda/realtek: Fix mic mute LED for the HP Spectre x360 14 (git-fixes). - ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW (git-fixes). - ALSA: hda/realtek: Quirks to enable speaker output for Lenovo Legion 7i 15IMHG05, Yoga 7i 14ITL5/15ITL5, and 13s Gen2 laptops (git-fixes). - ALSA: hda: Reduce udelay() at SKL+ position reporting (git-fixes). - ALSA: hda: Use position buffer for SKL+ again (git-fixes). - ALSA: pcm: Workaround for a wrong offset in SYNC_PTR compat ioctl (git-fixes). - ALSA: seq: Fix a potential UAF by wrong private_free call order (git-fixes). - ALSA: ua101: fix division by zero at probe (git-fixes). - ALSA: uapi: Fix a C++ style comment in asound.h (git-fixes). - ALSA: usb-audio: Add quirk for VF0770 (git-fixes). - ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset (git-fixes). - ASoC: atmel: ATMEL drivers do not need HAS_DMA (git-fixes). - ASoC: cs42l42: Correct some register default values (git-fixes). - ASoC: cs42l42: Defer probe if request_threaded_irq() returns EPROBE_DEFER (git-fixes). - ASoC: cs42l42: Do not set defaults for volatile registers (git-fixes). - ASoC: DAPM: Fix missing kctl change notifications (git-fixes). - ASoC: dapm: use component prefix when checking widget names (git-fixes). - ASoC: dt-bindings: cs42l42: Correct description of ts-inv (git-fixes). - ASoC: fsl_spdif: register platform component before registering cpu dai (git-fixes). - ASoC: Intel: bytcr_rt5640: Move 'Platform Clock' routes to the maps for the matching in-/output (git-fixes). - ASoC: Intel: Skylake: Fix module configuration for KPB and MIXER (git-fixes). - ASoC: Intel: Skylake: Fix passing loadable flag for module (git-fixes). - ASoC: Intel: sof_sdw: tag SoundWire BEs as non-atomic (git-fixes). - ASoC: mediatek: mt8195: Remove unsued irqs_lock (git-fixes). - ASoC: rockchip: Use generic dmaengine code (git-fixes). - ASoC: SOF: imx: imx8: Bar index is only valid for IRAM and SRAM types (git-fixes). - ASoC: SOF: imx: imx8m: Bar index is only valid for IRAM and SRAM types (git-fixes). - ASoC: SOF: loader: release_firmware() on load failure to avoid batching (git-fixes). - ASoC: SOF: topology: do not power down primary core during topology removal (git-fixes). - ASoC: topology: Fix stub for snd_soc_tplg_component_remove() (git-fixes). - ASoC: wm8960: Fix clock configuration on slave mode (git-fixes). - ata: ahci_platform: fix null-ptr-deref in ahci_platform_enable_regulators() (git-fixes). - ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init() (git-fixes). - ata: sata_mv: Fix the error handling of mv_chip_id() (git-fixes). - ath10k: fix control-message timeout (git-fixes). - ath10k: fix division by zero in send path (git-fixes). - ath10k: fix max antenna gain unit (git-fixes). - ath10k: Fix missing frame timestamp for beacon/probe-resp (git-fixes). - ath10k: sdio: Add missing BH locking around napi_schdule() (git-fixes). - ath6kl: fix control-message timeout (git-fixes). - ath6kl: fix division by zero in send path (git-fixes). - ath9k: Fix potential interrupt storm on queue reset (git-fixes). - audit: fix possible null-pointer dereference in audit_filter_rules (git-fixes). - b43: fix a lower bounds test (git-fixes). - b43legacy: fix a lower bounds test (git-fixes). - bfq: Remove merged request already in bfq_requests_merged() (bsc#1191456). - blk: Fix lock inversion between ioc lock and bfqd lock (bsc#1191456). - blktrace: Fix uaf in blk_trace access after removing by sysfs (bsc#1191452). - block: bfq: fix bfq_set_next_ioprio_data() (bsc#1191451). - Bluetooth: btmtkuart: fix a memleak in mtk_hci_wmt_sync (git-fixes). - Bluetooth: fix init and cleanup of sco_conn.timeout_work (git-fixes). - bnxt_en: Fix TX timeout when TX ring size is set to the smallest (git-fixes). - bnxt_en: make bnxt_free_skbs() safe to call after bnxt_free_mem() (jsc#SLE-16649). - bpf: Add bpf_patch_call_args prototype to include/linux/bpf.h (git-fixes). - bpf: Fix a typo of reuseport map in bpf.h (git-fixes). - bpf: Fix OOB read when printing XDP link fdinfo (git-fixes). - bpf: Fix up bpf_skb_adjust_room helper's skb csum setting (git-fixes). - can: dev: can_restart: fix use after free bug (git-fixes). - can: peak_pci: peak_pci_remove(): fix UAF (git-fixes). - can: peak_usb: fix use after free bugs (git-fixes). - can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification (git-fixes). - can: rcar_can: fix suspend/resume (git-fixes). - can: ti_hecc: ti_hecc_probe(): add missed clk_disable_unprepare() in error path (git-fixes). - can: xilinx_can: handle failure cases of pm_runtime_get_sync (git-fixes). - cb710: avoid NULL pointer subtraction (git-fixes). - ceph: fix handling of 'meta' errors (bsc#1192041). - ceph: skip existing superblocks that are blocklisted or shut down when mounting (bsc#1192040). - cfg80211: correct bridge/4addr mode check (git-fixes). - cfg80211: fix management registrations locking (git-fixes). - cfg80211: scan: fix RCU in cfg80211_add_nontrans_list() (git-fixes). - Configure mpi3mr as currently unsupported (jsc#SLE-18120) - cpuidle: pseries: Mark pseries_idle_proble() as __init (jsc#SLE-13614 bsc#1176914 ltc#186394 git-fixes). - driver core: add a min_align_mask field to struct device_dma_parameters (bsc#1191851). - drm/amd/display: Pass PCI deviceid into DC (git-fixes). - drm/amdgpu: correct initial cp_hqd_quantum for gfx9 (git-fixes). - drm/amdgpu/display: add quirk handling for stutter mode (git-fixes). - drm/amdgpu: fix gart.bo pin_count leak (git-fixes). - drm/amdgpu: fix warning for overflow check (git-fixes). - drm/amdgpu/gmc6: fix DMA mask from 44 to 40 bits (git-fixes). - drm/edid: In connector_bad_edid() cap num_of_ext by num_blocks read (git-fixes). - drm/i915: Fix syncmap memory leak (bsc#1152489) Backporting notes: * context changes in intel_timeline_fini() - drm/msm: Avoid potential overflow in timeout_to_jiffies() (git-fixes). - drm/msm/dsi: Fix an error code in msm_dsi_modeset_init() (git-fixes). - drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling (git-fixes). - drm/msm: Fix null pointer dereference on pointer edp (git-fixes). - drm/msm: Fix potential NULL dereference in DPU SSPP (git-fixes). - drm/msm: potential error pointer dereference in init() (git-fixes). - drm/msm: uninitialized variable in msm_gem_import() (git-fixes). - drm/nouveau: avoid a use-after-free when BO init fails (bsc#1152472) - drm/nouveau/debugfs: fix file release memory leak (git-fixes). - drm/nouveau/kms/nv50-: fix file release memory leak (git-fixes). - drm/nouveau/kms/tu102-: delay enabling cursor until after assign_windows (git-fixes). - drm/panel: olimex-lcd-olinuxino: select CRC32 (git-fixes). - drm/panfrost: Make sure MMU context lifetime is not bound to (bsc#1152472) - drm/sun4i: dw-hdmi: Fix HDMI PHY clock setup (git-fixes). - drm/sun4i: Fix macros in sun8i_csc.h (git-fixes). - drm/ttm: stop calling tt_swapin in vm_access (git-fixes). - drm/v3d: fix wait for TMU write combiner flush (git-fixes). - e1000e: Drop patch to avoid regressions until real fix is available (bsc#1191663). - e1000e: Fix packet loss on Tiger Lake and later (git-fixes). - e100: fix buffer overrun in e100_get_regs (git-fixes). - e100: fix length calculation in e100_get_regs_len (git-fixes). - e100: handle eeprom as little endian (git-fixes). - EDAC/amd64: Set proper family type for Family 19h Models 20h-2Fh (bsc#1192288). - ext4: fix reserved space counter leakage (bsc#1191450). - ext4: report correct st_size for encrypted symlinks (bsc#1191449). - firmware/psci: fix application of sizeof to pointer (git-fixes). - fscrypt: add fscrypt_symlink_getattr() for computing st_size (bsc#1191449). - fs, mm: fix race in unlinking swapfile (bsc#1191455). - ftrace: Fix scripts/recordmcount.pl due to new binutils (bsc#1192267). - genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP (bsc#1152489). - gpio: pca953x: Improve bias setting (git-fixes). - gve: Avoid freeing NULL pointer (git-fixes). - gve: Correct available tx qpl check (git-fixes). - gve: fix gve_get_stats() (git-fixes). - gve: Properly handle errors in gve_assign_qpl (bsc#1176940). - gve: report 64bit tx_bytes counter from gve_handle_report_stats() (bsc#1176940). - HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS (git-fixes). - HID: betop: fix slab-out-of-bounds Write in betop_probe (git-fixes). - HID: u2fzero: ignore incomplete packets without data (git-fixes). - HID: usbhid: free raw_report buffers in usbhid_stop (git-fixes). - HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs (git-fixes). - hso: fix bailout in error case of probe (git-fixes). - hwmon: Fix possible memleak in __hwmon_device_register() (git-fixes). - hwmon: (pmbus/lm25066) Add offset coefficients (git-fixes). - hwmon: (pmbus/lm25066) Let compiler determine outer dimension of lm25066_coeff (git-fixes). - hwrng: mtk - Force runtime pm ops for sleep ops (git-fixes). - i2c: acpi: fix resource leak in reconfiguration device addition (git-fixes). - i40e: Fix ATR queue selection (git-fixes). - i40e: fix endless loop under rtnl (git-fixes). - i40e: Fix freeing of uninitialized misc IRQ vector (git-fixes). - iavf: fix double unlock of crit_lock (git-fixes). - ibmvnic: delay complete() (bsc#1094840 ltc#167098 git-fixes). - ice: Add missing E810 device ids (jsc#SLE-7966 bsc#1157177). - ice: fix getting UDP tunnel entry (jsc#SLE-12878). - ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241). - iio: adc128s052: Fix the error handling path of 'adc128_probe()' (git-fixes). - iio: adc: aspeed: set driver data when adc probe (git-fixes). - iio: dac: ti-dac5571: fix an error code in probe() (git-fixes). - iio: light: opt3001: Fixed timeout error when 0 lux (git-fixes). - iio: mtk-auxadc: fix case IIO_CHAN_INFO_PROCESSED (git-fixes). - iio: ssp_sensors: add more range checking in ssp_parse_dataframe() (git-fixes). - iio: ssp_sensors: fix error code in ssp_print_mcu_debug() (git-fixes). - Input: i8042 - Add quirk for Fujitsu Lifebook T725 (bsc#1191980). - Input: snvs_pwrkey - add clk handling (git-fixes). - Input: xpad - add support for another USB ID of Nacon GC-100 (git-fixes). - ionic: do not remove netdev->dev_addr when syncing uc list (bsc#1167773). - ipv6/netfilter: Discard first fragment not including all headers (bsc#1191241). - IPv6: reply ICMP error if the first fragment do not include all headers (bsc#1191241). - isdn: cpai: check ctr->cnr to avoid array index out of bound (git-fixes). - isdn: mISDN: Fix sleeping function called from invalid context (git-fixes). - iwlwifi: mvm: fix some kerneldoc issues (git-fixes). - iwlwifi: pcie: add configuration of a Wi-Fi adapter on Dell XPS 15 (git-fixes). - ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup (git-fixes). - kabi: block: Fix kabi of blk_mq_sched_try_insert_merge() (bsc#1191456). - kABI: Fix kABI after 36950f2da1ea (bsc#1191851). - kABI workaround for cfg80211 mgmt_registration_lock changes (git-fixes). - kABI workaround for HD-audio probe retry changes (bsc#1190801). - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167). - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167 bsc#1191240 ltc#194716). - kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as well. Fixes: e98096d5cf85 ('rpm: Abolish scritplet templating (bsc#1189841).') - kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229). - KVM: PPC: Book3S HV: Fix copy_tofrom_guest routines (jsc#SLE-12936 git-fixes). - KVM: PPC: Book3S HV Nested: Reflect guest PMU in-use to L0 when guest SPRs are live (bsc#1156395). - KVM: PPC: Book3S HV Nested: Sanitise H_ENTER_NESTED TM state (bsc#1156395). - KVM: PPC: Book3S HV: Save host FSCR in the P7/8 path (bsc#1065729). - KVM: PPC: Book3S HV: Tolerate treclaim. in fake-suspend mode changing registers (bsc#1156395). - KVM: PPC: Fix clearing never mapped TCEs in realmode (bsc#1156395). - KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak (bsc#1156395). - KVM: s390: extend kvm_s390_shadow_fault to return entry pointer (bsc#1133021). - KVM: s390: index kvm->arch.idle_mask by vcpu_idx (bsc#1133021). - KVM: s390: split kvm_s390_logical_to_effective (bsc#1133021). - KVM: s390: VSIE: correctly handle MVPG when in VSIE (bsc#1133021). - lan78xx: select CRC32 (git-fixes). - libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD (git-fixes). - libertas: Fix possible memory leak in probe and disconnect (git-fixes). - libertas_tf: Fix possible memory leak in probe and disconnect (git-fixes). - mac80211: check return value of rhashtable_init (git-fixes). - mac80211: Drop frames from invalid MAC address in ad-hoc mode (git-fixes). - media: cedrus: Fix SUNXI tile size calculation (git-fixes). - media: cx23885: Fix snd_card_free call on null card pointer (git-fixes). - media: cxd2880-spi: Fix a null pointer dereference on error handling path (git-fixes). - media: dvb-frontends: mn88443x: Handle errors of clk_prepare_enable() (git-fixes). - media: dvb-usb: fix ununit-value in az6027_rc_query (git-fixes). - media: em28xx: add missing em28xx_close_extension (git-fixes). - media: em28xx: Do not use ops->suspend if it is NULL (git-fixes). - media: i2c: ths8200 needs V4L2_ASYNC (git-fixes). - media: ite-cir: IR receiver stop working after receive overflow (git-fixes). - media: mtk-vpu: Fix a resource leak in the error handling path of 'mtk_vpu_probe()' (git-fixes). - media: mxl111sf: change mutex_init() location (git-fixes). - media: radio-wl1273: Avoid card name truncation (git-fixes). - media: si470x: Avoid card name truncation (git-fixes). - media: staging/intel-ipu3: css: Fix wrong size comparison imgu_css_fw_init (git-fixes). - media: TDA1997x: handle short reads of hdmi info frame (git-fixes). - media: tm6000: Avoid card name truncation (git-fixes). - media: v4l2-ioctl: Fix check_ext_ctrls (git-fixes). - media: v4l2-ioctl: S_CTRL output the right value (git-fixes). - mei: me: add Ice Lake-N device id (git-fixes). - memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe (git-fixes). - memstick: avoid out-of-range warning (git-fixes). - memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host() (git-fixes). - mlx5: count all link events (git-fixes). - mlxsw: thermal: Fix out-of-bounds memory accesses (git-fixes). - mmc: dw_mmc: exynos: fix the finding clock sample value (git-fixes). - mmc: meson-gx: do not use memcpy_to/fromio for dram-access-quirk (git-fixes). - mmc: mxs-mmc: disable regulator on error and in the remove function (git-fixes). - mmc: sdhci: Map more voltage level to SDHCI_POWER_330 (git-fixes). - mmc: sdhci-omap: Fix NULL pointer exception if regulator is not configured (git-fixes). - mmc: vub300: fix control-message timeouts (git-fixes). - mt76: mt7615: fix endianness warning in mt7615_mac_write_txwi (git-fixes). - mt76: mt76x02: fix endianness warnings in mt76x02_mac.c (git-fixes). - mt76: mt7915: fix muar_idx in mt7915_mcu_alloc_sta_req() (git-fixes). - mt76: mt7915: fix possible infinite loop release semaphore (git-fixes). - mt76: mt7915: fix sta_rec_wtbl tag len (git-fixes). - mwifiex: fix division by zero in fw download path (git-fixes). - mwifiex: Send DELBA requests according to spec (git-fixes). - net/af_unix: fix a data-race in unix_dgram_poll (bsc#1154353). - net: batman-adv: fix error handling (git-fixes). - net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size() (git-fixes). - net: can: ems_usb: fix use-after-free in ems_usb_disconnect() (git-fixes). - net: cdc_eem: fix tx fixup skb leak (git-fixes). - net: cdc_ncm: correct overhead in delayed_ndp_size (git-fixes). - netfilter: conntrack: collect all entries in one cycle (bsc#1173604). - netfilter: Drop fragmented ndisc packets assembled in netfilter (git-fixes). - netfilter: xt_IDLETIMER: fix panic that occurs when timer_type has garbage value (bsc#1176447). - net: hns3: check queue id range before using (jsc#SLE-14777). - net: hns3: fix vf reset workqueue cannot exit (bsc#1154353). - net: hso: add failure handler for add_net_device (git-fixes). - net: hso: fix NULL-deref on disconnect regression (git-fixes). - net: hso: fix null-ptr-deref during tty device unregistration (git-fixes). - net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241). - net: lan78xx: fix division by zero in send path (git-fixes). - net: mana: Fix error handling in mana_create_rxq() (git-fixes, bsc#1191800). - net/mlx4_en: Do not allow aRFS for encapsulated packets (git-fixes). - net/mlx4_en: Resolve bad operstate value (git-fixes). - net/mlx5e: IPSEC RX, enable checksum complete (jsc#SLE-15172). - net/mlx5e: Mutually exclude RX-FCS and RX-port-timestamp (git-fixes). - net/mlx5e: RX, Avoid possible data corruption when relaxed ordering and LRO combined (jsc#SLE-15172). - net/mlx5: E-Switch, Fix double allocation of acl flow counter (jsc#SLE-15172). - net/mlx5: Fix unpublish devlink parameters (jsc#SLE-8464). - net/mlx5: FWTrace, cancel work on alloc pd error flow (git-fixes). - net/sched: ets: fix crash when flipping from 'strict' to 'quantum' (bsc#1176774). - net: usb: Fix uninit-was-stored issue in asix_read_phy_addr() (git-fixes). - NFC: digital: fix possible memory leak in digital_in_send_sdd_req() (git-fixes). - NFC: digital: fix possible memory leak in digital_tg_listen_mdaa() (git-fixes). - nfc: fix error handling of nfc_proto_register() (git-fixes). - nfc: port100: fix using -ERRNO as command type mask (git-fixes). - nfs: dir_cookie is a pointer to the cookie in older kernels, not the cookie itself. (bsc#1191628 bsc#1192549). - NFS: Do uncached readdir when we're seeking a cookie in an empty page cache (bsc#1191628). - nvme: add command id quirk for apple controllers (git-fixes). - nvme-fc: avoid race between time out and tear down (bsc#1185762). - nvme-fc: remove freeze/unfreeze around update_nr_hw_queues (bsc#1185762). - nvme-fc: update hardware queues before using them (bsc#1185762). - nvme-pci: Fix abort command id (git-fixes). - nvme-pci: fix error unwind in nvme_map_data (bsc#1191934). - nvme-pci: refactor nvme_unmap_data (bsc#1191934). - nvme-pci: set min_align_mask (bsc#1191851). - ocfs2: fix data corruption after conversion from inline format (bsc#1190795). - pata_legacy: fix a couple uninitialized variable bugs (git-fixes). - PCI: Fix pci_host_bridge struct device release/free handling (git-fixes). - phy: mdio: fix memory leak (git-fixes). - platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call (git-fixes). - platform/mellanox: mlxreg-io: Fix read access of n-bytes size attributes (git-fixes). - platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from run_smbios_call (git-fixes). - platform/x86: intel_scu_ipc: Fix busy loop expiry time (git-fixes). - platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning (git-fixes). - PM / devfreq: rk3399_dmc: Add missing of_node_put() (git-fixes). - PM / devfreq: rk3399_dmc: Disable devfreq-event device when fails (git-fixes). - PM / devfreq: rk3399_dmc: Fix kernel oops when rockchip,pmu is absent (git-fixes). - PM / devfreq: rk3399_dmc: Fix spelling typo (git-fixes). - PM / devfreq: rk3399_dmc: Remove unneeded semicolon (git-fixes). - PM: sleep: Do not let 'syscore' devices runtime-suspend during system transitions (git-fixes). - powerpc/64s: Fix entry flush patching w/strict RWX & hash (jsc#SLE-13847 git-fixes). - powerpc/64s: Fix stf mitigation patching w/strict RWX & hash (jsc#SLE-13847 git-fixes). - powerpc/64s: Remove irq mask workaround in accumulate_stolen_time() (jsc#SLE-9246 git-fixes). - powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729). - powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729). - powerpc/bpf: Use bctrl for making function calls (bsc#1065729). - powerpc: Do not dereference code as 'struct ppc_inst' (uprobe, code-patching, feature-fixups) (jsc#SLE-13847 git-fixes). - powerpc: Do not use 'struct ppc_inst' to reference instruction location (jsc#SLE-13847 git-fixes). - powerpc/lib/code-patching: Do not use struct 'ppc_inst' for runnable code in tests (jsc#SLE-13847 git-fixes). - powerpc/lib/code-patching: Make instr_is_branch_to_addr() static (jsc#SLE-13847 git-fixes). - powerpc/lib: Fix emulate_step() std test (bsc#1065729). - powerpc: Move arch_cpu_idle_dead() into smp.c (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/numa: Update cpu_cpu_map on CPU online/offline (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/pseries: Fix build error when NUMA=n (bsc#1190620 ltc#194498 git-fixes). - powerpc/smp: Cache CPU to chip lookup (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Enable CACHE domain for shared processor (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Fix a crash while booting kvm guest with nr_cpus=2 (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Fold cpu_die() into its only caller (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Set numa node before updating mask (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Update cpu_core_map on all PowerPc systems (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/uprobes: Validation for prefixed instruction (jsc#SLE-13847 git-fixes). - powerpc/xive: Discard disabled interrupts in get_irqchip_state() (bsc#1085030 git-fixes). - pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init (git-fixes). - ptp_pch: Load module automatically if ID matches (git-fixes). - ptp_pch: Restore dependency on PCI (git-fixes). - qed: Fix missing error code in qed_slowpath_start() (git-fixes). - qed: Handle management FW error (git-fixes). - qed: rdma - do not wait for resources under hw error recovery flow (git-fixes). - RDMA/cma: Do not change route.addr.src_addr.ss_family (bsc#1181147). - RDMA/cma: Fix listener leak in rdma_cma_listen_on_all() failure (bsc#1181147). - regmap: Fix possible double-free in regcache_rbtree_exit() (git-fixes). - regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-dvs-idx property (git-fixes). - regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled (git-fixes). - rpm: fix kmp install path - rpm: use _rpmmacrodir (boo#1191384) - rsi: fix control-message timeout (git-fixes). - rsi: Fix module dev_oper_mode parameter description (git-fixes). - rsi: stop thread firstly in rsi_91x_init() error handling (git-fixes). - rtl8187: fix control-message timeouts (git-fixes). - scsi: ibmvfc: Fix up duplicate response detection (bsc#1191867 ltc#194757). - scsi: iscsi: Fix deadlock on recovery path during GFP_IO reclaim (git-fixes). - scsi: lpfc: Allow fabric node recovery if recovery is in progress before devloss (bsc#1192145). - scsi: lpfc: Allow PLOGI retry if previous PLOGI was aborted (bsc#1192145). - scsi: lpfc: Correct sysfs reporting of loop support after SFP status change (bsc#1192145). - scsi: lpfc: Fix link down processing to address NULL pointer dereference (bsc#1192145). - scsi: lpfc: Fix memory overwrite during FC-GS I/O abort handling (bsc#1191349). - scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine (bsc#1192145). - scsi: lpfc: Revert LOG_TRACE_EVENT back to LOG_INIT prior to driver_resource_setup() (bsc#1192145). - scsi: lpfc: Update lpfc version to 14.0.0.3 (bsc#1192145). - scsi: lpfc: Wait for successful restart of SLI3 adapter during host sg_reset (bsc#1192145). - scsi: mpi3mr: Add bios_param SCSI host template hook (jsc#SLE-18120). - scsi: mpi3mr: Add change queue depth support (jsc#SLE-18120). - scsi: mpi3mr: Add EEDP DIF DIX support (jsc#SLE-18120). - scsi: mpi3mr: Add event handling debug prints (jsc#SLE-18120). - scsi: mpi3mr: Additional event handling (jsc#SLE-18120). - scsi: mpi3mr: Add mpi30 Rev-R headers and Kconfig (jsc#SLE-18120). - scsi: mpi3mr: Add support for device add/remove event handling (jsc#SLE-18120). - scsi: mpi3mr: Add support for DSN secure firmware check (jsc#SLE-18120). - scsi: mpi3mr: Add support for internal watchdog thread (jsc#SLE-18120). - scsi: mpi3mr: Add support for PCIe device event handling (jsc#SLE-18120). - scsi: mpi3mr: Add support for PM suspend and resume (jsc#SLE-18120). - scsi: mpi3mr: Add support for queue command processing (jsc#SLE-18120). - scsi: mpi3mr: Add support for recovering controller (jsc#SLE-18120). - scsi: mpi3mr: Add support for threaded ISR (jsc#SLE-18120). - scsi: mpi3mr: Add support for timestamp sync with firmware (jsc#SLE-18120). - scsi: mpi3mr: Allow certain commands during pci-remove hook (jsc#SLE-18120). - scsi: mpi3mr: Base driver code (jsc#SLE-18120). - scsi: mpi3mr: Complete support for soft reset (jsc#SLE-18120). - scsi: mpi3mr: Create operational request and reply queue pair (jsc#SLE-18120). - scsi: mpi3mr: Fix error handling in mpi3mr_setup_isr() (git-fixes). - scsi: mpi3mr: Fix missing unlock on error (git-fixes). - scsi: mpi3mr: Hardware workaround for UNMAP commands to NVMe drives (jsc#SLE-18120). - scsi: mpi3mr: Implement SCSI error handler hooks (jsc#SLE-18120). - scsi: mpi3mr: Print IOC info for debugging (jsc#SLE-18120). - scsi: mpi3mr: Print pending host I/Os for debugging (jsc#SLE-18120). - scsi: mpi3mr: Set up IRQs in resume path (jsc#SLE-18120). - scsi: mpi3mr: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (jsc#SLE-18120). - scsi: mpi3mr: Use the proper SCSI midlayer interfaces for PI (jsc#SLE-18120). - scsi: mpi3mr: Wait for pending I/O completions upon detection of VD I/O timeout (jsc#SLE-18120). - scsi: qla2xxx: Add debug print of 64G link speed (bsc#1190941). - scsi: qla2xxx: Add host attribute to trigger MPI hang (bsc#1190941). - scsi: qla2xxx: Add support for mailbox passthru (bsc#1190941). - scsi: qla2xxx: Adjust request/response queue size for 28xx (bsc#1190941). - scsi: qla2xxx: Call process_response_queue() in Tx path (bsc#1190941). - scsi: qla2xxx: Changes to support FCP2 Target (bsc#1190941). - scsi: qla2xxx: Changes to support kdump kernel (bsc#1190941). - scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS (bsc#1190941). - scsi: qla2xxx: Check for firmware capability before creating QPair (bsc#1190941). - scsi: qla2xxx: Display 16G only as supported speeds for 3830c card (bsc#1190941). - scsi: qla2xxx: Do not call fc_block_scsi_eh() during bus reset (bsc#1190941). - scsi: qla2xxx: edif: Add N2N support for EDIF (bsc#1190941). - scsi: qla2xxx: edif: Do secure PLOGI when auth app is present (bsc#1190941). - scsi: qla2xxx: edif: Fix EDIF enable flag (bsc#1190941). - scsi: qla2xxx: edif: Fix returnvar.cocci warnings (bsc#1190941). - scsi: qla2xxx: edif: Fix stale session (bsc#1190941). - scsi: qla2xxx: edif: Reject AUTH ELS on session down (bsc#1190941). - scsi: qla2xxx: edif: Use link event to wake up app (bsc#1190941). - scsi: qla2xxx: Fix crash in NVMe abort path (bsc#1190941). - scsi: qla2xxx: Fix excessive messages during device logout (bsc#1190941). - scsi: qla2xxx: Fix hang during NVMe session tear down (bsc#1190941). - scsi: qla2xxx: Fix hang on NVMe command timeouts (bsc#1190941). - scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file (bsc#1190941). - scsi: qla2xxx: Fix NPIV create erroneous error (bsc#1190941). - scsi: qla2xxx: Fix NVMe | FCP personality change (bsc#1190941). - scsi: qla2xxx: Fix NVMe retry (bsc#1190941). - scsi: qla2xxx: Fix NVMe session down detection (bsc#1190941). - scsi: qla2xxx: Fix port type info (bsc#1190941). - scsi: qla2xxx: Fix unsafe removal from linked list (bsc#1190941). - scsi: qla2xxx: Fix use after free in eh_abort path (bsc#1190941). - scsi: qla2xxx: Move heartbeat handling from DPC thread to workqueue (bsc#1190941). - scsi: qla2xxx: Open-code qla2xxx_eh_device_reset() (bsc#1190941). - scsi: qla2xxx: Open-code qla2xxx_eh_target_reset() (bsc#1190941). - scsi: qla2xxx: Remove redundant initialization of pointer req (bsc#1190941). - scsi: qla2xxx: Restore initiator in dual mode (bsc#1190941). - scsi: qla2xxx: Show OS name and version in FDMI-1 (bsc#1190941). - scsi: qla2xxx: Suppress unnecessary log messages during login (bsc#1190941). - scsi: qla2xxx: Sync queue idx with queue_pair_map idx (bsc#1190941). - scsi: qla2xxx: Update version to 10.02.06.100-k (bsc#1190941). - scsi: qla2xxx: Update version to 10.02.06.200-k (bsc#1190941). - scsi: qla2xxx: Update version to 10.02.07.100-k (bsc#1190941). - scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190941). - scsi: target: Fix the pgr/alua_support_store functions (git-fixes). - sctp: check asoc peer.asconf_capable before processing asconf (bsc#1190351). - soc: qcom: mdt_loader: Drop PT_LOAD check on hash segment (git-fixes). - spi: spi-nxp-fspi: do not depend on a specific node name erratum workaround (git-fixes). - swiotlb: add a IO_TLB_SIZE define (bsc#1191851). - swiotlb: clean up swiotlb_tbl_unmap_single (bsc#1191851). - swiotlb: do not modify orig_addr in swiotlb_tbl_sync_single (bsc#1191851). - swiotlb: factor out an io_tlb_offset helper (bsc#1191851). - swiotlb: factor out a nr_slots helper (bsc#1191851). - swiotlb: refactor swiotlb_tbl_map_single (bsc#1191851). - swiotlb: respect min_align_mask (bsc#1191851). - swiotlb: Split size parameter to map/unmap APIs (bsc#1191851). - tpm: Check for integer overflow in tpm2_map_response_body() (git-fixes). - tpm: ibmvtpm: Avoid error message when process gets signal while waiting (bsc#1065729). - Update patch reference for AMDGPU fix (bsc#1180749) - USB: cdc-acm: clean up probe error labels (git-fixes). - USB: cdc-acm: fix minor-number release (git-fixes). - usb: chipidea: ci_hdrc_imx: Also search for 'phys' phandle (git-fixes). - usb: hso: fix error handling code of hso_create_net_device (git-fixes). - usb: hso: remove the bailout parameter (git-fixes). - usb: musb: dsps: Fix the probe error path (git-fixes). - usbnet: fix error return code in usbnet_probe() (git-fixes). - usbnet: sanity check for maxpacket (git-fixes). - USB: serial: option: add prod. id for Quectel EG91 (git-fixes). - USB: serial: option: add Quectel EC200S-CN module support (git-fixes). - USB: serial: option: add Telit LE910Cx composition 0x1204 (git-fixes). - USB: serial: qcserial: add EM9191 QDL support (git-fixes). - USB: xhci: dbc: fix tty registration race (git-fixes). - video: fbdev: gbefb: Only instantiate device when built for IP32 (git-fixes). - virtio-gpu: fix possible memory allocation failure (git-fixes). - virtio: write back F_VERSION_1 before validate (git-fixes). - watchdog: orion: use 0 for unset heartbeat (git-fixes). - wcn36xx: Add ability for wcn36xx_smd_dump_cmd_req to pass two's complement (git-fixes). - wcn36xx: add proper DMA memory barriers in rx path (git-fixes). - wcn36xx: Fix HT40 capability for 2Ghz band (git-fixes). - x86/ioapic: Force affinity setup before startup (bsc#1152489). - x86/msi: Force affinity setup before startup (bsc#1152489). - x86/pat: Pass valid address to sanitize_phys() (bsc#1152489). - x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions (bsc#1152489). - x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state() fails (bsc#1152489). - x86/sev: Return an error on a returned non-zero SW_EXITINFO1[31:0] (bsc#1178134). - xen: fix setting of max_pfn in shared_info (git-fixes). - xen: reset legacy rtc flag for PV domU (git-fixes). - xfs: do not allow log writes if the data device is readonly (bsc#1192229). - xfs: ensure that the inode uid/gid match values match the icdinode ones (bsc#1190006). - xfs: Fixed non-directory creation in SGID directories introduced by CVE-2018-13405 patch (bsc#1190006). - xfs: fix I_DONTCACHE (bsc#1192074). - xfs: fix log intent recovery ENOSPC shutdowns when inactivating inodes (bsc#1190642). - xfs: merge the projid fields in struct xfs_icdinode (bsc#1190006). - xfs: remove the icdinode di_uid/di_gid members (bsc#1190006). - xhci: Enable trust tx length quirk for Fresco FL11 USB controller (git-fixes). - xhci: Fix command ring pointer corruption while aborting a command (git-fixes). - xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3782-1 Released: Tue Nov 23 23:49:03 2021 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1187190,1188713,1190326 This update for dracut fixes the following issues: - Fixed multipath devices that always default to bfq scheduler (bsc#1188713) - Fixed unbootable system when testing kernel 5.14 (bsc#1190326) - Add support for the new iscsiadm 'no-wait' (-W) command (bsc#1187190) - Add iscsid.service requirements (bsc#1187190) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3786-1 Released: Wed Nov 24 05:59:13 2021 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: important References: 1192160 This update for rpm-config-SUSE fixes the following issues: - Add support for the kernel xz-compressed firmware files (bsc#1192160) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3787-1 Released: Wed Nov 24 06:00:10 2021 Summary: Recommended update for xfsprogs Type: recommended Severity: moderate References: 1189983,1189984,1191500,1191566,1191675 This update for xfsprogs fixes the following issues: - Make libhandle1 an explicit dependency in the xfsprogs-devel package (bsc#1191566) - Remove deprecated barrier/nobarrier mount options from manual pages section 5 (bsc#1191675) - xfs_io: include support for label command (bsc#1191500) - xfs_quota: state command to report all three (-ugp) grace times separately (bsc#1189983) - xfs_admin: add support for external log devices (bsc#1189984) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3790-1 Released: Wed Nov 24 06:10:31 2021 Summary: Recommended update for open-iscsi Type: recommended Severity: moderate References: 1187190,1187958,1188869,1191054,1192013,1192568 This update for open-iscsi fixes the following issues: - Ensure executables are not moved from /sbin to /usr/sbin in SLE (bsc#1192013)(bsc#1191054) - iscsi-init.service default dependencies can cause the boot to hang so they have been removed (bsc#1187190) - IPv6 offload iSCSI lun needs to be exposed during installation (bsc#1187958) - iscsid needs to use the new prctl(PR_SET_IO_FLUSHER) system call (bsc#1188869) - The iscsi-init.service unit can run too early, when root is read-only, causing it to fail (bsc#1192568) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3792-1 Released: Wed Nov 24 06:12:09 2021 Summary: Recommended update for kmod Type: recommended Severity: moderate References: 1192104 This update for kmod fixes the following issues: - Enable ZSTD compression (bsc#1192104)(jsc#SLE-21256) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3799-1 Released: Wed Nov 24 18:07:54 2021 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1187153,1187273,1188623 This update for gcc11 fixes the following issues: The additional GNU compiler collection GCC 11 is provided: To select these compilers install the packages: - gcc11 - gcc-c++11 - and others with 11 prefix. to select them for building: - CC='gcc-11' - CXX='g++-11' The compiler baselibraries (libgcc_s1, libstdc++6 and others) are being replaced by the GCC 11 variants. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3808-1 Released: Fri Nov 26 00:30:54 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186071,1190440,1190984,1192161 This update for systemd fixes the following issues: - Add timestamp to D-Bus events to improve traceability (jsc#SLE-17798) - Fix fd_is_mount_point() when both the parent and directory are network file systems (bsc#1190984) - Support detection for ARM64 Hyper-V guests (bsc#1186071) - Fix systemd-detect-virt not detecting Amazon EC2 Nitro instance (bsc#1190440) - Enable support for Portable Services in openSUSE Leap only (jsc#SLE-21694) - Fix IO scheduler udev rules to address performance issues (jsc#SLE-21032, bsc#1192161) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3838-1 Released: Wed Dec 1 16:07:54 2021 Summary: Security update for ruby2.5 Type: security Severity: important References: 1188160,1188161,1190375,CVE-2021-31799,CVE-2021-31810,CVE-2021-32066 This update for ruby2.5 fixes the following issues: - CVE-2021-31799: Fixed Command injection vulnerability in RDoc (bsc#1190375). - CVE-2021-31810: Fixed trusting FTP PASV responses vulnerability in Net:FTP (bsc#1188161). - CVE-2021-32066: Fixed StartTLS stripping vulnerability in Net:IMAP (bsc#1188160). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3870-1 Released: Thu Dec 2 07:11:50 2021 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1190356,1191286,1191324,1191370,1191609,1192337,1192436 This update for libzypp, zypper fixes the following issues: libzypp: - Check log writer before accessing it (bsc#1192337) - Zypper should keep cached files if transaction is aborted (bsc#1190356) - Require a minimum number of mirrors for multicurl (bsc#1191609) - Fixed slowdowns when rlimit is too high by using procfs to detect niumber of open file descriptors (bsc#1191324) - Fixed zypper incomplete messages when using non English localization (bsc#1191370) - RepoManager: Don't probe for plaindir repository if the URL schema is a plugin (bsc#1191286) - Disable logger in the child process after fork (bsc#1192436) zypper: - Fixed Zypper removing a kernel explicitely pinned that uses uname -r output format as name (openSUSE/zypper#418) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3872-1 Released: Thu Dec 2 07:25:55 2021 Summary: Recommended update for cracklib Type: recommended Severity: moderate References: 1191736 This update for cracklib fixes the following issues: - Enable build time tests (bsc#1191736) The following package changes have been done: - apparmor-abstractions-2.13.6-3.3.1 added - cracklib-dict-small-2.9.7-11.6.1 updated - cracklib-2.9.7-11.6.1 updated - dracut-049.1+suse.216.gf705637b-3.45.1 updated - kernel-default-5.3.18-59.34.1 updated - kmod-29-4.12.1 updated - libcrack2-2.9.7-11.6.1 updated - libdcerpc-binding0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libdcerpc0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libgcc_s1-11.2.1+git610-1.3.9 updated - libkmod2-29-4.12.1 updated - libldb2-2.2.2-3.3.1 updated - libndr-krb5pac0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libndr-nbt0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libndr-standard0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libndr1-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libnetapi0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libopeniscsiusr0_2_0-2.1.5-32.12.1 updated - libruby2_5-2_5-2.5.9-4.20.1 updated - libsamba-credentials0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libsamba-errors0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libsamba-hostconfig0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libsamba-passdb0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libsamba-util0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libsamdb0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libsmbconf0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libsmbldap2-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libstdc++6-11.2.1+git610-1.3.9 updated - libsystemd0-246.16-7.21.1 updated - libtevent-util0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libudev1-246.16-7.21.1 updated - libwbclient0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libzypp-17.28.8-20.1 updated - open-iscsi-2.1.5-32.12.1 updated - python3-ldb-2.2.2-3.3.1 updated - rpm-config-SUSE-1-5.6.1 updated - ruby2.5-stdlib-2.5.9-4.20.1 updated - ruby2.5-2.5.9-4.20.1 updated - samba-libs-python3-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - samba-libs-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - suse-module-tools-15.3.14-3.14.1 updated - systemd-sysvinit-246.16-7.21.1 updated - systemd-246.16-7.21.1 updated - udev-246.16-7.21.1 updated - xfsprogs-4.15.0-4.52.1 updated - zypper-1.14.50-21.1 updated From sle-updates at lists.suse.com Sat Dec 4 07:42:13 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 4 Dec 2021 08:42:13 +0100 (CET) Subject: SUSE-CU-2021:548-1: Security update of suse/sles12sp3 Message-ID: <20211204074213.B0279FC9F@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:548-1 Container Tags : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.332 , suse/sles12sp3:latest Container Release : 24.332 Severity : moderate Type : security References : 1192717 CVE-2021-43618 ----------------------------------------------------------------- The container suse/sles12sp3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3878-1 Released: Thu Dec 2 09:13:51 2021 Summary: Security update for gmp Type: security Severity: moderate References: 1192717,CVE-2021-43618 This update for gmp fixes the following issues: - CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717). The following package changes have been done: - libgmp10-5.1.3-4.3.1 updated From sle-updates at lists.suse.com Sat Dec 4 07:42:23 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 4 Dec 2021 08:42:23 +0100 (CET) Subject: SUSE-CU-2021:549-1: Recommended update of suse/sles12sp3 Message-ID: <20211204074223.B086AFC9F@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:549-1 Container Tags : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.333 , suse/sles12sp3:latest Container Release : 24.333 Severity : low Type : recommended References : 1191648 ----------------------------------------------------------------- The container suse/sles12sp3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3894-1 Released: Fri Dec 3 10:46:06 2021 Summary: Recommended update for bzip2 Type: recommended Severity: low References: 1191648 This update for bzip2 fixes the following issues: - Enables build time tests of bzip2. (bsc#1191648) The following package changes have been done: - libbz2-1-1.0.6-30.14.1 updated From sle-updates at lists.suse.com Sat Dec 4 07:58:11 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 4 Dec 2021 08:58:11 +0100 (CET) Subject: SUSE-CU-2021:551-1: Recommended update of suse/sles12sp4 Message-ID: <20211204075811.96481FC9F@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:551-1 Container Tags : suse/sles12sp4:26.384 , suse/sles12sp4:latest Container Release : 26.384 Severity : low Type : recommended References : 1191648 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3894-1 Released: Fri Dec 3 10:46:06 2021 Summary: Recommended update for bzip2 Type: recommended Severity: low References: 1191648 This update for bzip2 fixes the following issues: - Enables build time tests of bzip2. (bsc#1191648) The following package changes have been done: - base-container-licenses-3.0-1.254 updated - container-suseconnect-2.0.0-1.148 updated - libbz2-1-1.0.6-30.14.1 updated From sle-updates at lists.suse.com Sat Dec 4 08:09:57 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 4 Dec 2021 09:09:57 +0100 (CET) Subject: SUSE-CU-2021:553-1: Recommended update of suse/sles12sp5 Message-ID: <20211204080957.3810EFC9F@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:553-1 Container Tags : suse/sles12sp5:6.5.267 , suse/sles12sp5:latest Container Release : 6.5.267 Severity : moderate Type : recommended References : 1191194 1191648 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3889-1 Released: Fri Dec 3 10:19:22 2021 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1191194 This update for permissions fixes the following issues: Update to version 20170707: * add capability for prometheus-blackbox_exporter (bsc#1191194) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3894-1 Released: Fri Dec 3 10:46:06 2021 Summary: Recommended update for bzip2 Type: recommended Severity: low References: 1191648 This update for bzip2 fixes the following issues: - Enables build time tests of bzip2. (bsc#1191648) The following package changes have been done: - libbz2-1-1.0.6-30.14.1 updated - permissions-20170707-6.7.1 updated From sle-updates at lists.suse.com Sat Dec 4 08:32:43 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 4 Dec 2021 09:32:43 +0100 (CET) Subject: SUSE-CU-2021:555-1: Security update of suse/sle15 Message-ID: <20211204083243.A0A38FD0A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:555-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.484 Container Release : 4.22.484 Severity : moderate Type : security References : 1029961 1113013 1162581 1174504 1187654 1191563 1192248 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3891-1 Released: Fri Dec 3 10:21:49 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1029961,1113013,1187654 This update for keyutils fixes the following issues: - Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654) keyutils was updated to 1.6.3 (jsc#SLE-20016): * Revert the change notifications that were using /dev/watch_queue. * Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE). * Allow 'keyctl supports' to retrieve raw capability data. * Allow 'keyctl id' to turn a symbolic key ID into a numeric ID. * Allow 'keyctl new_session' to name the keyring. * Allow 'keyctl add/padd/etc.' to take hex-encoded data. * Add 'keyctl watch*' to expose kernel change notifications on keys. * Add caps for namespacing and notifications. * Set a default TTL on keys that upcall for name resolution. * Explicitly clear memory after it's held sensitive information. * Various manual page fixes. * Fix C++-related errors. * Add support for keyctl_move(). * Add support for keyctl_capabilities(). * Make key=val list optional for various public-key ops. * Fix system call signature for KEYCTL_PKEY_QUERY. * Fix 'keyctl pkey_query' argument passing. * Use keyctl_read_alloc() in dump_key_tree_aux(). * Various manual page fixes. Updated to 1.6: * Apply various specfile cleanups from Fedora. * request-key: Provide a command line option to suppress helper execution. * request-key: Find least-wildcard match rather than first match. * Remove the dependency on MIT Kerberos. * Fix some error messages * keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes. * Fix doc and comment typos. * Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20). * Add pkg-config support for finding libkeyutils. * upstream isn't offering PGP signatures for the source tarballs anymore Updated to 1.5.11 (bsc#1113013) * Add keyring restriction support. * Add KDF support to the Diffie-Helman function. * DNS: Add support for AFS config files and SRV records ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3899-1 Released: Fri Dec 3 11:27:41 2021 Summary: Security update for aaa_base Type: security Severity: moderate References: 1162581,1174504,1191563,1192248 This update for aaa_base fixes the following issues: - Allowed ping and ICMP commands without CAP_NET_RAW (bsc#1174504). - Add $HOME/.local/bin to PATH, if it exists (bsc#1192248). - Fixed get_kernel_version.c to work also for recent kernels on the s390/X platform (bsc#1191563). - Support xz compressed kernel (bsc#1162581) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.52.1 updated - libkeyutils1-1.6.3-5.6.1 updated From sle-updates at lists.suse.com Sun Dec 5 07:42:50 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 5 Dec 2021 08:42:50 +0100 (CET) Subject: SUSE-CU-2021:557-1: Security update of suse/sle15 Message-ID: <20211205074250.D3729FC9F@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:557-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.540 Container Release : 6.2.540 Severity : moderate Type : security References : 1029961 1113013 1162581 1174504 1187654 1191563 1192248 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3891-1 Released: Fri Dec 3 10:21:49 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1029961,1113013,1187654 This update for keyutils fixes the following issues: - Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654) keyutils was updated to 1.6.3 (jsc#SLE-20016): * Revert the change notifications that were using /dev/watch_queue. * Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE). * Allow 'keyctl supports' to retrieve raw capability data. * Allow 'keyctl id' to turn a symbolic key ID into a numeric ID. * Allow 'keyctl new_session' to name the keyring. * Allow 'keyctl add/padd/etc.' to take hex-encoded data. * Add 'keyctl watch*' to expose kernel change notifications on keys. * Add caps for namespacing and notifications. * Set a default TTL on keys that upcall for name resolution. * Explicitly clear memory after it's held sensitive information. * Various manual page fixes. * Fix C++-related errors. * Add support for keyctl_move(). * Add support for keyctl_capabilities(). * Make key=val list optional for various public-key ops. * Fix system call signature for KEYCTL_PKEY_QUERY. * Fix 'keyctl pkey_query' argument passing. * Use keyctl_read_alloc() in dump_key_tree_aux(). * Various manual page fixes. Updated to 1.6: * Apply various specfile cleanups from Fedora. * request-key: Provide a command line option to suppress helper execution. * request-key: Find least-wildcard match rather than first match. * Remove the dependency on MIT Kerberos. * Fix some error messages * keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes. * Fix doc and comment typos. * Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20). * Add pkg-config support for finding libkeyutils. * upstream isn't offering PGP signatures for the source tarballs anymore Updated to 1.5.11 (bsc#1113013) * Add keyring restriction support. * Add KDF support to the Diffie-Helman function. * DNS: Add support for AFS config files and SRV records ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3899-1 Released: Fri Dec 3 11:27:41 2021 Summary: Security update for aaa_base Type: security Severity: moderate References: 1162581,1174504,1191563,1192248 This update for aaa_base fixes the following issues: - Allowed ping and ICMP commands without CAP_NET_RAW (bsc#1174504). - Add $HOME/.local/bin to PATH, if it exists (bsc#1192248). - Fixed get_kernel_version.c to work also for recent kernels on the s390/X platform (bsc#1191563). - Support xz compressed kernel (bsc#1162581) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.52.1 updated - libkeyutils1-1.6.3-5.6.1 updated From sle-updates at lists.suse.com Sun Dec 5 07:55:52 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 5 Dec 2021 08:55:52 +0100 (CET) Subject: SUSE-CU-2021:559-1: Security update of suse/sle15 Message-ID: <20211205075552.EFBB6FC9F@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:559-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.55 Container Release : 9.5.55 Severity : moderate Type : security References : 1027496 1183085 1190356 1191286 1191324 1191370 1191609 1191736 1192337 1192436 CVE-2016-10228 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3830-1 Released: Wed Dec 1 13:45:46 2021 Summary: Security update for glibc Type: security Severity: moderate References: 1027496,1183085,CVE-2016-10228 This update for glibc fixes the following issues: - libio: do not attempt to free wide buffers of legacy streams (bsc#1183085) - CVE-2016-10228: Rewrite iconv option parsing to fix security issue (bsc#1027496) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3870-1 Released: Thu Dec 2 07:11:50 2021 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1190356,1191286,1191324,1191370,1191609,1192337,1192436 This update for libzypp, zypper fixes the following issues: libzypp: - Check log writer before accessing it (bsc#1192337) - Zypper should keep cached files if transaction is aborted (bsc#1190356) - Require a minimum number of mirrors for multicurl (bsc#1191609) - Fixed slowdowns when rlimit is too high by using procfs to detect niumber of open file descriptors (bsc#1191324) - Fixed zypper incomplete messages when using non English localization (bsc#1191370) - RepoManager: Don't probe for plaindir repository if the URL schema is a plugin (bsc#1191286) - Disable logger in the child process after fork (bsc#1192436) zypper: - Fixed Zypper removing a kernel explicitely pinned that uses uname -r output format as name (openSUSE/zypper#418) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3872-1 Released: Thu Dec 2 07:25:55 2021 Summary: Recommended update for cracklib Type: recommended Severity: moderate References: 1191736 This update for cracklib fixes the following issues: - Enable build time tests (bsc#1191736) The following package changes have been done: - cracklib-dict-small-2.9.7-11.6.1 updated - cracklib-2.9.7-11.6.1 updated - glibc-2.26-13.62.1 updated - libcrack2-2.9.7-11.6.1 updated - libzypp-17.28.8-20.1 updated - zypper-1.14.50-21.1 updated From sle-updates at lists.suse.com Sun Dec 5 07:56:02 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 5 Dec 2021 08:56:02 +0100 (CET) Subject: SUSE-CU-2021:560-1: Security update of suse/sle15 Message-ID: <20211205075602.03C07FC9F@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:560-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.57 Container Release : 9.5.57 Severity : moderate Type : security References : 1029961 1113013 1162581 1174504 1187654 1191563 1192248 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3891-1 Released: Fri Dec 3 10:21:49 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1029961,1113013,1187654 This update for keyutils fixes the following issues: - Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654) keyutils was updated to 1.6.3 (jsc#SLE-20016): * Revert the change notifications that were using /dev/watch_queue. * Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE). * Allow 'keyctl supports' to retrieve raw capability data. * Allow 'keyctl id' to turn a symbolic key ID into a numeric ID. * Allow 'keyctl new_session' to name the keyring. * Allow 'keyctl add/padd/etc.' to take hex-encoded data. * Add 'keyctl watch*' to expose kernel change notifications on keys. * Add caps for namespacing and notifications. * Set a default TTL on keys that upcall for name resolution. * Explicitly clear memory after it's held sensitive information. * Various manual page fixes. * Fix C++-related errors. * Add support for keyctl_move(). * Add support for keyctl_capabilities(). * Make key=val list optional for various public-key ops. * Fix system call signature for KEYCTL_PKEY_QUERY. * Fix 'keyctl pkey_query' argument passing. * Use keyctl_read_alloc() in dump_key_tree_aux(). * Various manual page fixes. Updated to 1.6: * Apply various specfile cleanups from Fedora. * request-key: Provide a command line option to suppress helper execution. * request-key: Find least-wildcard match rather than first match. * Remove the dependency on MIT Kerberos. * Fix some error messages * keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes. * Fix doc and comment typos. * Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20). * Add pkg-config support for finding libkeyutils. * upstream isn't offering PGP signatures for the source tarballs anymore Updated to 1.5.11 (bsc#1113013) * Add keyring restriction support. * Add KDF support to the Diffie-Helman function. * DNS: Add support for AFS config files and SRV records ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3899-1 Released: Fri Dec 3 11:27:41 2021 Summary: Security update for aaa_base Type: security Severity: moderate References: 1162581,1174504,1191563,1192248 This update for aaa_base fixes the following issues: - Allowed ping and ICMP commands without CAP_NET_RAW (bsc#1174504). - Add $HOME/.local/bin to PATH, if it exists (bsc#1192248). - Fixed get_kernel_version.c to work also for recent kernels on the s390/X platform (bsc#1191563). - Support xz compressed kernel (bsc#1162581) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.52.1 updated - libkeyutils1-1.6.3-5.6.1 updated From sle-updates at lists.suse.com Sun Dec 5 07:57:01 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 5 Dec 2021 08:57:01 +0100 (CET) Subject: SUSE-CU-2021:562-1: Security update of bci/golang Message-ID: <20211205075701.84035FC9F@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:562-1 Container Tags : bci/golang:1.16 Container Release : 5.22 Severity : important Type : security References : 1182345 1186071 1187153 1187273 1188623 1190356 1190440 1190984 1191286 1191324 1191370 1191609 1191736 1192160 1192161 1192337 1192377 1192378 1192436 CVE-2021-41771 CVE-2021-41772 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3786-1 Released: Wed Nov 24 05:59:13 2021 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: important References: 1192160 This update for rpm-config-SUSE fixes the following issues: - Add support for the kernel xz-compressed firmware files (bsc#1192160) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3798-1 Released: Wed Nov 24 18:01:36 2021 Summary: Recommended update for gcc7 Type: recommended Severity: moderate References: This update for gcc7 fixes the following issues: - Fixed a build issue when built with recent kernel headers. - Backport the '-fpatchable-function-entry' feature from newer GCC. (jsc#SLE-20049) - do not handle exceptions in std::thread (jsc#CAR-1182) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3799-1 Released: Wed Nov 24 18:07:54 2021 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1187153,1187273,1188623 This update for gcc11 fixes the following issues: The additional GNU compiler collection GCC 11 is provided: To select these compilers install the packages: - gcc11 - gcc-c++11 - and others with 11 prefix. to select them for building: - CC='gcc-11' - CXX='g++-11' The compiler baselibraries (libgcc_s1, libstdc++6 and others) are being replaced by the GCC 11 variants. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3808-1 Released: Fri Nov 26 00:30:54 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186071,1190440,1190984,1192161 This update for systemd fixes the following issues: - Add timestamp to D-Bus events to improve traceability (jsc#SLE-17798) - Fix fd_is_mount_point() when both the parent and directory are network file systems (bsc#1190984) - Support detection for ARM64 Hyper-V guests (bsc#1186071) - Fix systemd-detect-virt not detecting Amazon EC2 Nitro instance (bsc#1190440) - Enable support for Portable Services in openSUSE Leap only (jsc#SLE-21694) - Fix IO scheduler udev rules to address performance issues (jsc#SLE-21032, bsc#1192161) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3834-1 Released: Wed Dec 1 16:05:12 2021 Summary: Security update for go1.16 Type: security Severity: moderate References: 1182345,1192377,1192378,CVE-2021-41771,CVE-2021-41772 This update for go1.16 fixes the following issues: Security update go1.16.10 (released 2021-11-04) (bsc#1182345). - CVE-2021-41771: Fixed invalid dynamic symbol table command that could have caused panic (bsc#1192377). - CVE-2021-41772: Fixed panic on (*Reader).Open (bsc#1192378). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3870-1 Released: Thu Dec 2 07:11:50 2021 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1190356,1191286,1191324,1191370,1191609,1192337,1192436 This update for libzypp, zypper fixes the following issues: libzypp: - Check log writer before accessing it (bsc#1192337) - Zypper should keep cached files if transaction is aborted (bsc#1190356) - Require a minimum number of mirrors for multicurl (bsc#1191609) - Fixed slowdowns when rlimit is too high by using procfs to detect niumber of open file descriptors (bsc#1191324) - Fixed zypper incomplete messages when using non English localization (bsc#1191370) - RepoManager: Don't probe for plaindir repository if the URL schema is a plugin (bsc#1191286) - Disable logger in the child process after fork (bsc#1192436) zypper: - Fixed Zypper removing a kernel explicitely pinned that uses uname -r output format as name (openSUSE/zypper#418) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3872-1 Released: Thu Dec 2 07:25:55 2021 Summary: Recommended update for cracklib Type: recommended Severity: moderate References: 1191736 This update for cracklib fixes the following issues: - Enable build time tests (bsc#1191736) The following package changes have been done: - cpp7-7.5.0+r278197-4.30.1 updated - cracklib-dict-small-2.9.7-11.6.1 updated - cracklib-2.9.7-11.6.1 updated - gcc7-7.5.0+r278197-4.30.1 updated - go1.16-1.16.10-1.32.1 updated - libasan4-7.5.0+r278197-4.30.1 updated - libatomic1-11.2.1+git610-1.3.9 updated - libcilkrts5-7.5.0+r278197-4.30.1 updated - libcrack2-2.9.7-11.6.1 updated - libgcc_s1-11.2.1+git610-1.3.9 updated - libgomp1-11.2.1+git610-1.3.9 updated - libitm1-11.2.1+git610-1.3.9 updated - liblsan0-11.2.1+git610-1.3.9 updated - libstdc++6-11.2.1+git610-1.3.9 updated - libsystemd0-246.16-7.21.1 updated - libtsan0-11.2.1+git610-1.3.9 updated - libubsan0-7.5.0+r278197-4.30.1 updated - libudev1-246.16-7.21.1 updated - libzypp-17.28.8-20.1 updated - rpm-config-SUSE-1-5.6.1 updated - zypper-1.14.50-21.1 updated - container:sles15-image-15.0.0-17.8.39 updated From sle-updates at lists.suse.com Sun Dec 5 07:57:25 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 5 Dec 2021 08:57:25 +0100 (CET) Subject: SUSE-CU-2021:563-1: Security update of bci/golang Message-ID: <20211205075725.68C6CFC9F@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:563-1 Container Tags : bci/golang:1.17 Container Release : 3.21 Severity : important Type : security References : 1186071 1187153 1187273 1188623 1190356 1190440 1190649 1190984 1191286 1191324 1191370 1191609 1191736 1192160 1192161 1192337 1192377 1192378 1192436 CVE-2021-41771 CVE-2021-41772 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3786-1 Released: Wed Nov 24 05:59:13 2021 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: important References: 1192160 This update for rpm-config-SUSE fixes the following issues: - Add support for the kernel xz-compressed firmware files (bsc#1192160) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3798-1 Released: Wed Nov 24 18:01:36 2021 Summary: Recommended update for gcc7 Type: recommended Severity: moderate References: This update for gcc7 fixes the following issues: - Fixed a build issue when built with recent kernel headers. - Backport the '-fpatchable-function-entry' feature from newer GCC. (jsc#SLE-20049) - do not handle exceptions in std::thread (jsc#CAR-1182) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3799-1 Released: Wed Nov 24 18:07:54 2021 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1187153,1187273,1188623 This update for gcc11 fixes the following issues: The additional GNU compiler collection GCC 11 is provided: To select these compilers install the packages: - gcc11 - gcc-c++11 - and others with 11 prefix. to select them for building: - CC='gcc-11' - CXX='g++-11' The compiler baselibraries (libgcc_s1, libstdc++6 and others) are being replaced by the GCC 11 variants. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3808-1 Released: Fri Nov 26 00:30:54 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186071,1190440,1190984,1192161 This update for systemd fixes the following issues: - Add timestamp to D-Bus events to improve traceability (jsc#SLE-17798) - Fix fd_is_mount_point() when both the parent and directory are network file systems (bsc#1190984) - Support detection for ARM64 Hyper-V guests (bsc#1186071) - Fix systemd-detect-virt not detecting Amazon EC2 Nitro instance (bsc#1190440) - Enable support for Portable Services in openSUSE Leap only (jsc#SLE-21694) - Fix IO scheduler udev rules to address performance issues (jsc#SLE-21032, bsc#1192161) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3833-1 Released: Wed Dec 1 16:04:48 2021 Summary: Security update for go1.17 Type: security Severity: moderate References: 1190649,1192377,1192378,CVE-2021-41771,CVE-2021-41772 This update for go1.17 fixes the following issues: Security update go1.17.3 (released 2021-11-04) (bsc#1190649). - CVE-2021-41771: Fixed invalid dynamic symbol table command that could have caused panic (bsc#1192377). - CVE-2021-41772: Fixed panic on (*Reader).Open (bsc#1192378). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3870-1 Released: Thu Dec 2 07:11:50 2021 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1190356,1191286,1191324,1191370,1191609,1192337,1192436 This update for libzypp, zypper fixes the following issues: libzypp: - Check log writer before accessing it (bsc#1192337) - Zypper should keep cached files if transaction is aborted (bsc#1190356) - Require a minimum number of mirrors for multicurl (bsc#1191609) - Fixed slowdowns when rlimit is too high by using procfs to detect niumber of open file descriptors (bsc#1191324) - Fixed zypper incomplete messages when using non English localization (bsc#1191370) - RepoManager: Don't probe for plaindir repository if the URL schema is a plugin (bsc#1191286) - Disable logger in the child process after fork (bsc#1192436) zypper: - Fixed Zypper removing a kernel explicitely pinned that uses uname -r output format as name (openSUSE/zypper#418) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3872-1 Released: Thu Dec 2 07:25:55 2021 Summary: Recommended update for cracklib Type: recommended Severity: moderate References: 1191736 This update for cracklib fixes the following issues: - Enable build time tests (bsc#1191736) The following package changes have been done: - cpp7-7.5.0+r278197-4.30.1 updated - cracklib-dict-small-2.9.7-11.6.1 updated - cracklib-2.9.7-11.6.1 updated - gcc7-7.5.0+r278197-4.30.1 updated - go1.17-1.17.3-1.9.1 updated - libasan4-7.5.0+r278197-4.30.1 updated - libatomic1-11.2.1+git610-1.3.9 updated - libcilkrts5-7.5.0+r278197-4.30.1 updated - libcrack2-2.9.7-11.6.1 updated - libgcc_s1-11.2.1+git610-1.3.9 updated - libgomp1-11.2.1+git610-1.3.9 updated - libitm1-11.2.1+git610-1.3.9 updated - liblsan0-11.2.1+git610-1.3.9 updated - libstdc++6-11.2.1+git610-1.3.9 updated - libsystemd0-246.16-7.21.1 updated - libtsan0-11.2.1+git610-1.3.9 updated - libubsan0-7.5.0+r278197-4.30.1 updated - libudev1-246.16-7.21.1 updated - libzypp-17.28.8-20.1 updated - rpm-config-SUSE-1-5.6.1 updated - zypper-1.14.50-21.1 updated - container:sles15-image-15.0.0-17.8.39 updated From sle-updates at lists.suse.com Sun Dec 5 08:02:57 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 5 Dec 2021 09:02:57 +0100 (CET) Subject: SUSE-CU-2021:564-1: Recommended update of suse/sle15 Message-ID: <20211205080257.D48D4FC9F@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:564-1 Container Tags : suse/sle15:15.3 , suse/sle15:15.3.17.8.38 Container Release : 17.8.38 Severity : moderate Type : recommended References : 1190356 1191286 1191324 1191370 1191609 1191736 1192337 1192436 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3870-1 Released: Thu Dec 2 07:11:50 2021 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1190356,1191286,1191324,1191370,1191609,1192337,1192436 This update for libzypp, zypper fixes the following issues: libzypp: - Check log writer before accessing it (bsc#1192337) - Zypper should keep cached files if transaction is aborted (bsc#1190356) - Require a minimum number of mirrors for multicurl (bsc#1191609) - Fixed slowdowns when rlimit is too high by using procfs to detect niumber of open file descriptors (bsc#1191324) - Fixed zypper incomplete messages when using non English localization (bsc#1191370) - RepoManager: Don't probe for plaindir repository if the URL schema is a plugin (bsc#1191286) - Disable logger in the child process after fork (bsc#1192436) zypper: - Fixed Zypper removing a kernel explicitely pinned that uses uname -r output format as name (openSUSE/zypper#418) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3872-1 Released: Thu Dec 2 07:25:55 2021 Summary: Recommended update for cracklib Type: recommended Severity: moderate References: 1191736 This update for cracklib fixes the following issues: - Enable build time tests (bsc#1191736) The following package changes have been done: - cracklib-dict-small-2.9.7-11.6.1 updated - cracklib-2.9.7-11.6.1 updated - libcrack2-2.9.7-11.6.1 updated - libzypp-17.28.8-20.1 updated - zypper-1.14.50-21.1 updated From sle-updates at lists.suse.com Sun Dec 5 08:03:11 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 5 Dec 2021 09:03:11 +0100 (CET) Subject: SUSE-CU-2021:566-1: Security update of suse/sle15 Message-ID: <20211205080311.C377FFC9F@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:566-1 Container Tags : suse/sle15:15.3 , suse/sle15:15.3.17.8.40 Container Release : 17.8.40 Severity : moderate Type : security References : 1029961 1113013 1162581 1174504 1187654 1191563 1192248 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3891-1 Released: Fri Dec 3 10:21:49 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1029961,1113013,1187654 This update for keyutils fixes the following issues: - Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654) keyutils was updated to 1.6.3 (jsc#SLE-20016): * Revert the change notifications that were using /dev/watch_queue. * Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE). * Allow 'keyctl supports' to retrieve raw capability data. * Allow 'keyctl id' to turn a symbolic key ID into a numeric ID. * Allow 'keyctl new_session' to name the keyring. * Allow 'keyctl add/padd/etc.' to take hex-encoded data. * Add 'keyctl watch*' to expose kernel change notifications on keys. * Add caps for namespacing and notifications. * Set a default TTL on keys that upcall for name resolution. * Explicitly clear memory after it's held sensitive information. * Various manual page fixes. * Fix C++-related errors. * Add support for keyctl_move(). * Add support for keyctl_capabilities(). * Make key=val list optional for various public-key ops. * Fix system call signature for KEYCTL_PKEY_QUERY. * Fix 'keyctl pkey_query' argument passing. * Use keyctl_read_alloc() in dump_key_tree_aux(). * Various manual page fixes. Updated to 1.6: * Apply various specfile cleanups from Fedora. * request-key: Provide a command line option to suppress helper execution. * request-key: Find least-wildcard match rather than first match. * Remove the dependency on MIT Kerberos. * Fix some error messages * keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes. * Fix doc and comment typos. * Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20). * Add pkg-config support for finding libkeyutils. * upstream isn't offering PGP signatures for the source tarballs anymore Updated to 1.5.11 (bsc#1113013) * Add keyring restriction support. * Add KDF support to the Diffie-Helman function. * DNS: Add support for AFS config files and SRV records ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3899-1 Released: Fri Dec 3 11:27:41 2021 Summary: Security update for aaa_base Type: security Severity: moderate References: 1162581,1174504,1191563,1192248 This update for aaa_base fixes the following issues: - Allowed ping and ICMP commands without CAP_NET_RAW (bsc#1174504). - Add $HOME/.local/bin to PATH, if it exists (bsc#1192248). - Fixed get_kernel_version.c to work also for recent kernels on the s390/X platform (bsc#1191563). - Support xz compressed kernel (bsc#1162581) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.52.1 updated - libkeyutils1-1.6.3-5.6.1 updated From sle-updates at lists.suse.com Mon Dec 6 14:18:40 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Dec 2021 15:18:40 +0100 (CET) Subject: SUSE-RU-2021:3930-1: moderate: Recommended update for curl Message-ID: <20211206141840.D548BFC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for curl ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3930-1 Rating: moderate References: #1192790 Affected Products: SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for curl fixes the following issues: - Fix sftp via proxy failure in curl, by preventing libssh from creating socket (bsc#1192790) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-3930=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-3930=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-3930=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-3930=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-3930=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-3930=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-3930=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3930=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3930=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-3930=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): curl-7.60.0-28.1 curl-debuginfo-7.60.0-28.1 curl-debugsource-7.60.0-28.1 libcurl-devel-7.60.0-28.1 libcurl4-7.60.0-28.1 libcurl4-debuginfo-7.60.0-28.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libcurl4-32bit-7.60.0-28.1 libcurl4-32bit-debuginfo-7.60.0-28.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): curl-7.60.0-28.1 curl-debuginfo-7.60.0-28.1 curl-debugsource-7.60.0-28.1 libcurl-devel-7.60.0-28.1 libcurl4-7.60.0-28.1 libcurl4-debuginfo-7.60.0-28.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libcurl4-32bit-7.60.0-28.1 libcurl4-32bit-debuginfo-7.60.0-28.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): curl-7.60.0-28.1 curl-debuginfo-7.60.0-28.1 curl-debugsource-7.60.0-28.1 libcurl-devel-7.60.0-28.1 libcurl4-7.60.0-28.1 libcurl4-debuginfo-7.60.0-28.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libcurl4-32bit-7.60.0-28.1 libcurl4-32bit-debuginfo-7.60.0-28.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): curl-7.60.0-28.1 curl-debuginfo-7.60.0-28.1 curl-debugsource-7.60.0-28.1 libcurl-devel-7.60.0-28.1 libcurl4-32bit-7.60.0-28.1 libcurl4-32bit-debuginfo-7.60.0-28.1 libcurl4-7.60.0-28.1 libcurl4-debuginfo-7.60.0-28.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): curl-7.60.0-28.1 curl-debuginfo-7.60.0-28.1 curl-debugsource-7.60.0-28.1 libcurl-devel-7.60.0-28.1 libcurl4-7.60.0-28.1 libcurl4-debuginfo-7.60.0-28.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): curl-7.60.0-28.1 curl-debuginfo-7.60.0-28.1 curl-debugsource-7.60.0-28.1 libcurl-devel-7.60.0-28.1 libcurl4-7.60.0-28.1 libcurl4-debuginfo-7.60.0-28.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libcurl4-32bit-7.60.0-28.1 libcurl4-32bit-debuginfo-7.60.0-28.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): curl-7.60.0-28.1 curl-debuginfo-7.60.0-28.1 curl-debugsource-7.60.0-28.1 libcurl-devel-7.60.0-28.1 libcurl4-7.60.0-28.1 libcurl4-debuginfo-7.60.0-28.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libcurl4-32bit-7.60.0-28.1 libcurl4-32bit-debuginfo-7.60.0-28.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): curl-7.60.0-28.1 curl-debuginfo-7.60.0-28.1 curl-debugsource-7.60.0-28.1 libcurl-devel-7.60.0-28.1 libcurl4-7.60.0-28.1 libcurl4-debuginfo-7.60.0-28.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libcurl4-32bit-7.60.0-28.1 libcurl4-32bit-debuginfo-7.60.0-28.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): curl-7.60.0-28.1 curl-debuginfo-7.60.0-28.1 curl-debugsource-7.60.0-28.1 libcurl-devel-7.60.0-28.1 libcurl4-7.60.0-28.1 libcurl4-debuginfo-7.60.0-28.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libcurl4-32bit-7.60.0-28.1 libcurl4-32bit-debuginfo-7.60.0-28.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): curl-7.60.0-28.1 curl-debuginfo-7.60.0-28.1 curl-debugsource-7.60.0-28.1 libcurl-devel-7.60.0-28.1 libcurl4-7.60.0-28.1 libcurl4-debuginfo-7.60.0-28.1 - SUSE Enterprise Storage 6 (x86_64): libcurl4-32bit-7.60.0-28.1 libcurl4-32bit-debuginfo-7.60.0-28.1 - SUSE CaaS Platform 4.0 (x86_64): curl-7.60.0-28.1 curl-debuginfo-7.60.0-28.1 curl-debugsource-7.60.0-28.1 libcurl-devel-7.60.0-28.1 libcurl4-32bit-7.60.0-28.1 libcurl4-32bit-debuginfo-7.60.0-28.1 libcurl4-7.60.0-28.1 libcurl4-debuginfo-7.60.0-28.1 References: https://bugzilla.suse.com/1192790 From sle-updates at lists.suse.com Mon Dec 6 14:20:26 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Dec 2021 15:20:26 +0100 (CET) Subject: SUSE-RU-2021:3928-1: critical: Recommended update for rmt-server Message-ID: <20211206142026.BC543FC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for rmt-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3928-1 Rating: critical References: #1188043 #1189805 #951189 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for rmt-server fixes the following issues: PubCloud: - Update the way allowed paths are checked SUMA requested a new feature where it is possible to validate all versions of the same product and arch (that are allowed to that system) PubCloud: - De-register BYOS systems using RMT as a proxy from SCC - De-activate a single product from a BYOS proxy system PubCloud: - Add the handling of the BYOS systems that use RMT as a SCC proxy In order to do that: - New boolean column in systems table in db: proxy_byos - Skip the sync with SCC (using that column) - Registration of the system to SCC (announce system call and then use SCC credentials) - Activation of products - Check subscription is active/valid for a product/repo to be accessed - Version 2.7.0 - Add subscription support in RMT. RMT can now consume registration codes supplied when registering a system. - Add host's login header to API requests to SCC. If the information is available, RMT will send it on requests to attach the registration proxy to a host system in SCC. - Add extra check to product dependency on RMT API. Now, when a system tries to activate a module through RMT, if it requires a root product which is not activated, the activation will fail (bsc#951189). - Load global configuration only if it can be ready by the current process. - Version 2.6.12 - Re-fix broken symlinks: This version fixes the bug-fix deployed with version 2.6.11. Reference bug (bsc#1188043) - Handle special characters in package names (bsc#1189805) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-3928=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2021-3928=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): rmt-server-2.7.0-3.12.1 rmt-server-config-2.7.0-3.12.1 rmt-server-debuginfo-2.7.0-3.12.1 rmt-server-debugsource-2.7.0-3.12.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (aarch64 ppc64le s390x x86_64): rmt-server-debuginfo-2.7.0-3.12.1 rmt-server-debugsource-2.7.0-3.12.1 rmt-server-pubcloud-2.7.0-3.12.1 References: https://bugzilla.suse.com/1188043 https://bugzilla.suse.com/1189805 https://bugzilla.suse.com/951189 From sle-updates at lists.suse.com Mon Dec 6 14:22:02 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Dec 2021 15:22:02 +0100 (CET) Subject: SUSE-SU-2021:3927-1: moderate: Security update for php74 Message-ID: <20211206142202.A09CFFC9F@maintenance.suse.de> SUSE Security Update: Security update for php74 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3927-1 Rating: moderate References: #1193041 Cross-References: CVE-2021-21707 CVSS scores: CVE-2021-21707 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for php74 fixes the following issues: - CVE-2021-21707: Fixed special character breaks path in xml parsing (bsc#1193041). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-3927=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2021-3927=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): php74-debuginfo-7.4.6-1.30.1 php74-debugsource-7.4.6-1.30.1 php74-devel-7.4.6-1.30.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php74-7.4.6-1.30.1 apache2-mod_php74-debuginfo-7.4.6-1.30.1 php74-7.4.6-1.30.1 php74-bcmath-7.4.6-1.30.1 php74-bcmath-debuginfo-7.4.6-1.30.1 php74-bz2-7.4.6-1.30.1 php74-bz2-debuginfo-7.4.6-1.30.1 php74-calendar-7.4.6-1.30.1 php74-calendar-debuginfo-7.4.6-1.30.1 php74-ctype-7.4.6-1.30.1 php74-ctype-debuginfo-7.4.6-1.30.1 php74-curl-7.4.6-1.30.1 php74-curl-debuginfo-7.4.6-1.30.1 php74-dba-7.4.6-1.30.1 php74-dba-debuginfo-7.4.6-1.30.1 php74-debuginfo-7.4.6-1.30.1 php74-debugsource-7.4.6-1.30.1 php74-dom-7.4.6-1.30.1 php74-dom-debuginfo-7.4.6-1.30.1 php74-enchant-7.4.6-1.30.1 php74-enchant-debuginfo-7.4.6-1.30.1 php74-exif-7.4.6-1.30.1 php74-exif-debuginfo-7.4.6-1.30.1 php74-fastcgi-7.4.6-1.30.1 php74-fastcgi-debuginfo-7.4.6-1.30.1 php74-fileinfo-7.4.6-1.30.1 php74-fileinfo-debuginfo-7.4.6-1.30.1 php74-fpm-7.4.6-1.30.1 php74-fpm-debuginfo-7.4.6-1.30.1 php74-ftp-7.4.6-1.30.1 php74-ftp-debuginfo-7.4.6-1.30.1 php74-gd-7.4.6-1.30.1 php74-gd-debuginfo-7.4.6-1.30.1 php74-gettext-7.4.6-1.30.1 php74-gettext-debuginfo-7.4.6-1.30.1 php74-gmp-7.4.6-1.30.1 php74-gmp-debuginfo-7.4.6-1.30.1 php74-iconv-7.4.6-1.30.1 php74-iconv-debuginfo-7.4.6-1.30.1 php74-intl-7.4.6-1.30.1 php74-intl-debuginfo-7.4.6-1.30.1 php74-json-7.4.6-1.30.1 php74-json-debuginfo-7.4.6-1.30.1 php74-ldap-7.4.6-1.30.1 php74-ldap-debuginfo-7.4.6-1.30.1 php74-mbstring-7.4.6-1.30.1 php74-mbstring-debuginfo-7.4.6-1.30.1 php74-mysql-7.4.6-1.30.1 php74-mysql-debuginfo-7.4.6-1.30.1 php74-odbc-7.4.6-1.30.1 php74-odbc-debuginfo-7.4.6-1.30.1 php74-opcache-7.4.6-1.30.1 php74-opcache-debuginfo-7.4.6-1.30.1 php74-openssl-7.4.6-1.30.1 php74-openssl-debuginfo-7.4.6-1.30.1 php74-pcntl-7.4.6-1.30.1 php74-pcntl-debuginfo-7.4.6-1.30.1 php74-pdo-7.4.6-1.30.1 php74-pdo-debuginfo-7.4.6-1.30.1 php74-pgsql-7.4.6-1.30.1 php74-pgsql-debuginfo-7.4.6-1.30.1 php74-phar-7.4.6-1.30.1 php74-phar-debuginfo-7.4.6-1.30.1 php74-posix-7.4.6-1.30.1 php74-posix-debuginfo-7.4.6-1.30.1 php74-readline-7.4.6-1.30.1 php74-readline-debuginfo-7.4.6-1.30.1 php74-shmop-7.4.6-1.30.1 php74-shmop-debuginfo-7.4.6-1.30.1 php74-snmp-7.4.6-1.30.1 php74-snmp-debuginfo-7.4.6-1.30.1 php74-soap-7.4.6-1.30.1 php74-soap-debuginfo-7.4.6-1.30.1 php74-sockets-7.4.6-1.30.1 php74-sockets-debuginfo-7.4.6-1.30.1 php74-sodium-7.4.6-1.30.1 php74-sodium-debuginfo-7.4.6-1.30.1 php74-sqlite-7.4.6-1.30.1 php74-sqlite-debuginfo-7.4.6-1.30.1 php74-sysvmsg-7.4.6-1.30.1 php74-sysvmsg-debuginfo-7.4.6-1.30.1 php74-sysvsem-7.4.6-1.30.1 php74-sysvsem-debuginfo-7.4.6-1.30.1 php74-sysvshm-7.4.6-1.30.1 php74-sysvshm-debuginfo-7.4.6-1.30.1 php74-tidy-7.4.6-1.30.1 php74-tidy-debuginfo-7.4.6-1.30.1 php74-tokenizer-7.4.6-1.30.1 php74-tokenizer-debuginfo-7.4.6-1.30.1 php74-xmlreader-7.4.6-1.30.1 php74-xmlreader-debuginfo-7.4.6-1.30.1 php74-xmlrpc-7.4.6-1.30.1 php74-xmlrpc-debuginfo-7.4.6-1.30.1 php74-xmlwriter-7.4.6-1.30.1 php74-xmlwriter-debuginfo-7.4.6-1.30.1 php74-xsl-7.4.6-1.30.1 php74-xsl-debuginfo-7.4.6-1.30.1 php74-zip-7.4.6-1.30.1 php74-zip-debuginfo-7.4.6-1.30.1 php74-zlib-7.4.6-1.30.1 php74-zlib-debuginfo-7.4.6-1.30.1 References: https://www.suse.com/security/cve/CVE-2021-21707.html https://bugzilla.suse.com/1193041 From sle-updates at lists.suse.com Mon Dec 6 14:23:18 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Dec 2021 15:23:18 +0100 (CET) Subject: SUSE-RU-2021:3932-1: moderate: Recommended update for curl Message-ID: <20211206142318.E9ABEFC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for curl ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3932-1 Rating: moderate References: #1192790 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for curl fixes the following issues: - Fix sftp via proxy failure in curl, by preventing libssh from creating socket (bsc#1192790) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-3932=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-3932=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-3932=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-3932=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): curl-7.60.0-4.33.1 curl-debuginfo-7.60.0-4.33.1 curl-debugsource-7.60.0-4.33.1 libcurl4-32bit-7.60.0-4.33.1 libcurl4-7.60.0-4.33.1 libcurl4-debuginfo-32bit-7.60.0-4.33.1 libcurl4-debuginfo-7.60.0-4.33.1 - SUSE OpenStack Cloud 9 (x86_64): curl-7.60.0-4.33.1 curl-debuginfo-7.60.0-4.33.1 curl-debugsource-7.60.0-4.33.1 libcurl4-32bit-7.60.0-4.33.1 libcurl4-7.60.0-4.33.1 libcurl4-debuginfo-32bit-7.60.0-4.33.1 libcurl4-debuginfo-7.60.0-4.33.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): curl-7.60.0-4.33.1 curl-debuginfo-7.60.0-4.33.1 curl-debugsource-7.60.0-4.33.1 libcurl4-7.60.0-4.33.1 libcurl4-debuginfo-7.60.0-4.33.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libcurl4-32bit-7.60.0-4.33.1 libcurl4-debuginfo-32bit-7.60.0-4.33.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): curl-7.60.0-4.33.1 curl-debuginfo-7.60.0-4.33.1 curl-debugsource-7.60.0-4.33.1 libcurl4-7.60.0-4.33.1 libcurl4-debuginfo-7.60.0-4.33.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libcurl4-32bit-7.60.0-4.33.1 libcurl4-debuginfo-32bit-7.60.0-4.33.1 References: https://bugzilla.suse.com/1192790 From sle-updates at lists.suse.com Mon Dec 6 14:26:00 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Dec 2021 15:26:00 +0100 (CET) Subject: SUSE-RU-2021:3931-1: moderate: Recommended update for curl Message-ID: <20211206142600.BDD92FC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for curl ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3931-1 Rating: moderate References: #1192790 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for curl fixes the following issues: - Fix sftp via proxy failure in curl, by preventing libssh from creating socket (bsc#1192790) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-3931=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3931=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): curl-debuginfo-7.60.0-11.31.1 curl-debugsource-7.60.0-11.31.1 libcurl-devel-7.60.0-11.31.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): curl-7.60.0-11.31.1 curl-debuginfo-7.60.0-11.31.1 curl-debugsource-7.60.0-11.31.1 libcurl4-7.60.0-11.31.1 libcurl4-debuginfo-7.60.0-11.31.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libcurl4-32bit-7.60.0-11.31.1 libcurl4-debuginfo-32bit-7.60.0-11.31.1 References: https://bugzilla.suse.com/1192790 From sle-updates at lists.suse.com Mon Dec 6 14:27:21 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Dec 2021 15:27:21 +0100 (CET) Subject: SUSE-SU-2021:3933-1: important: Security update for the Linux Kernel Message-ID: <20211206142721.0DB39FC9F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3933-1 Rating: important References: #1094840 #1133021 #1152489 #1169263 #1170269 #1188601 #1190523 #1190795 #1191790 #1191851 #1191958 #1191961 #1191980 #1192045 #1192229 #1192273 #1192328 #1192718 #1192740 #1192745 #1192750 #1192753 #1192781 #1192802 #1192896 #1192906 #1192918 SLE-22573 Cross-References: CVE-2021-0941 CVE-2021-20322 CVE-2021-31916 CVE-2021-34981 CVE-2021-37159 CVE-2021-43389 CVSS scores: CVE-2021-0941 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-20322 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2021-31916 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-31916 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-34981 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2021-37159 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-37159 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-43389 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Module for Legacy Software 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that solves 6 vulnerabilities, contains one feature and has 21 fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - Unprivileged BPF has been disabled by default to reduce attack surface as too many security issues have happened in the past (jsc#SLE-22573) You can reenable via systemctl setting /proc/sys/kernel/unprivileged_bpf_disabled to 0. (kernel.unprivileged_bpf_disabled = 0) - CVE-2021-0941: In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192045). - CVE-2021-31916: An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel A bound check failure allowed an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability (bnc#1192781). - CVE-2021-20322: Make the ipv4 and ipv6 ICMP exception caches less predictive to avoid information leaks about UDP ports in use. (bsc#1191790) - CVE-2021-34981: Fixed file refcounting in cmtp when cmtp_attach_device fails (bsc#1191961). - CVE-2021-43389: There was an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958). - CVE-2021-37159: hso_free_net_device in drivers/net/usb/hso.c called unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free (bnc#1188601). The following non-security bugs were fixed: - ABI: sysfs-kernel-slab: Document some stats (git-fixes). - ALSA: hda: Reduce udelay() at SKL+ position reporting (git-fixes). - ALSA: ua101: fix division by zero at probe (git-fixes). - ALSA: usb-audio: Add Audient iD14 to mixer map quirk table (git-fixes). - ALSA: usb-audio: Add Schiit Hel device to mixer map quirk table (git-fixes). - ASoC: cs42l42: Correct some register default values (git-fixes). - ASoC: cs42l42: Defer probe if request_threaded_irq() returns EPROBE_DEFER (git-fixes). - ASoC: cs42l42: Do not set defaults for volatile registers (git-fixes). - ASoC: dt-bindings: cs42l42: Correct description of ts-inv (git-fixes). - ASoC: mediatek: mt8195: Remove unsued irqs_lock (git-fixes). - ASoC: rockchip: Use generic dmaengine code (git-fixes). - ata: sata_mv: Fix the error handling of mv_chip_id() (git-fixes). - ath10k: fix control-message timeout (git-fixes). - ath10k: fix division by zero in send path (git-fixes). - ath10k: fix max antenna gain unit (git-fixes). - ath10k: Fix missing frame timestamp for beacon/probe-resp (git-fixes). - ath6kl: fix control-message timeout (git-fixes). - ath6kl: fix division by zero in send path (git-fixes). - ath9k: Fix potential interrupt storm on queue reset (git-fixes). - auxdisplay: ht16k33: Connect backlight to fbdev (git-fixes). - auxdisplay: ht16k33: Fix frame buffer device blanking (git-fixes). - auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string (git-fixes). - b43: fix a lower bounds test (git-fixes). - b43legacy: fix a lower bounds test (git-fixes). - Bluetooth: btmtkuart: fix a memleak in mtk_hci_wmt_sync (git-fixes). - Bluetooth: fix init and cleanup of sco_conn.timeout_work (git-fixes). - bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22573) - bpf: Disallow unprivileged bpf by default (jsc#SLE-22573). - bpf: Fix potential race in tail call compatibility check (git-fixes). - btrfs: block-group: Rework documentation of check_system_chunk function (bsc#1192896). - btrfs: fix deadlock between chunk allocation and chunk btree modifications (bsc#1192896). - btrfs: fix memory ordering between normal and ordered work functions (git-fixes). - btrfs: update comments for chunk allocation -ENOSPC cases (bsc#1192896). - cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem (git-fixes). - config: disable unprivileged BPF by default (jsc#SLE-22573) - crypto: caam - disable pkc for non-E SoCs (git-fixes). - crypto: qat - detect PFVF collision after ACK (git-fixes). - crypto: qat - disregard spurious PFVF interrupts (git-fixes). - driver core: add a min_align_mask field to struct device_dma_parameters (bsc#1191851). - drm/amdgpu: fix warning for overflow check (git-fixes). - drm/msm: Fix potential NULL dereference in DPU SSPP (git-fixes). - drm: prevent spectre issue in vmw_execbuf_ioctl (bsc#1192802). - drm/sun4i: Fix macros in sun8i_csc.h (git-fixes). - drm/v3d: fix wait for TMU write combiner flush (git-fixes). - EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell (bsc#1152489). - exfat: fix erroneous discard when clear cluster bit (git-fixes). - exfat: handle wrong stream entry size in exfat_readdir() (git-fixes). - exfat: properly set s_time_gran (bsc#1192328). - exfat: truncate atimes to 2s granularity (bsc#1192328). - firmware/psci: fix application of sizeof to pointer (git-fixes). - fuse: fix page stealing (bsc#1192718). - genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP (bsc#1152489). - gpio: mpc8xxx: Use 'devm_gpiochip_add_data()' to simplify the code and avoid a leak (git-fixes). - HID: u2fzero: clarify error check and length calculations (git-fixes). - HID: u2fzero: properly handle timeouts in usb_submit_urb (git-fixes). - hwmon: Fix possible memleak in __hwmon_device_register() (git-fixes). - hwmon: (pmbus/lm25066) Add offset coefficients (git-fixes). - hwmon: (pmbus/lm25066) Let compiler determine outer dimension of lm25066_coeff (git-fixes). - hwrng: mtk - Force runtime pm ops for sleep ops (git-fixes). - ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510). - ibmvnic: delay complete() (bsc#1094840 ltc#167098 git-fixes). - ibmvnic: do not stop queue in xmit (bsc#1192273 ltc#194629). - ibmvnic: Process crqs after enabling interrupts (bsc#1192273 ltc#194629). - iio: dac: ad5446: Fix ad5622_write() return value (git-fixes). - Input: elantench - fix misreporting trackpoint coordinates (bsc#1192918). - Input: i8042 - Add quirk for Fujitsu Lifebook T725 (bsc#1191980). - kABI: Fix kABI after 36950f2da1ea (bsc#1191851). - kernel-*-subpackage: Add dependency on kernel scriptlets (bsc#1192740). - KVM: s390: extend kvm_s390_shadow_fault to return entry pointer (bsc#1133021). - KVM: s390: index kvm->arch.idle_mask by vcpu_idx (bsc#1133021). - KVM: s390: split kvm_s390_logical_to_effective (bsc#1133021). - KVM: s390: VSIE: correctly handle MVPG when in VSIE (bsc#1133021). - libertas: Fix possible memory leak in probe and disconnect (git-fixes). - libertas_tf: Fix possible memory leak in probe and disconnect (git-fixes). - media: cedrus: Fix SUNXI tile size calculation (git-fixes). - media: cx23885: Fix snd_card_free call on null card pointer (git-fixes). - media: cxd2880-spi: Fix a null pointer dereference on error handling path (git-fixes). - media: dvb-frontends: mn88443x: Handle errors of clk_prepare_enable() (git-fixes). - media: dvb-usb: fix ununit-value in az6027_rc_query (git-fixes). - media: em28xx: add missing em28xx_close_extension (git-fixes). - media: em28xx: Do not use ops->suspend if it is NULL (git-fixes). - media: i2c: ths8200 needs V4L2_ASYNC (git-fixes). - media: ite-cir: IR receiver stop working after receive overflow (git-fixes). - media: mtk-vpu: Fix a resource leak in the error handling path of 'mtk_vpu_probe()' (git-fixes). - media: mxl111sf: change mutex_init() location (git-fixes). - media: radio-wl1273: Avoid card name truncation (git-fixes). - media: si470x: Avoid card name truncation (git-fixes). - media: staging/intel-ipu3: css: Fix wrong size comparison imgu_css_fw_init (git-fixes). - media: TDA1997x: handle short reads of hdmi info frame (git-fixes). - media: tm6000: Avoid card name truncation (git-fixes). - media: v4l2-ioctl: Fix check_ext_ctrls (git-fixes). - media: v4l2-ioctl: S_CTRL output the right value (git-fixes). - memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe (git-fixes). - memstick: avoid out-of-range warning (git-fixes). - memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host() (git-fixes). - mmc: mxs-mmc: disable regulator on error and in the remove function (git-fixes). - mmc: sdhci: Map more voltage level to SDHCI_POWER_330 (git-fixes). - mmc: sdhci-omap: Fix NULL pointer exception if regulator is not configured (git-fixes). - mm/hugetlb: initialize hugetlb_usage in mm_init (bsc#1192906). - mt76: mt76x02: fix endianness warnings in mt76x02_mac.c (git-fixes). - mwifiex: fix division by zero in fw download path (git-fixes). - mwifiex: Send DELBA requests according to spec (git-fixes). - net: dsa: felix: re-enable TX flow control in ocelot_port_flush() (git-fixes). - net: mscc: ocelot: fix hardware timestamp dequeue logic. - net: mscc: ocelot: warn when a PTP IRQ is raised for an unknown skb (git-fixes). - nvme-pci: set min_align_mask (bsc#1191851). - ocfs2: do not zero pages beyond i_size (bsc#1190795). - ocfs2: fix data corruption on truncate (bsc#1190795). - PCI: aardvark: Do not clear status bits of masked interrupts (git-fixes). - PCI: aardvark: Do not spam about PIO Response Status (git-fixes). - PCI: aardvark: Do not unmask unused interrupts (git-fixes). - PCI: aardvark: Fix checking for link up via LTSSM state (git-fixes). - PCI: aardvark: Fix reporting Data Link Layer Link Active (git-fixes). - PCI: aardvark: Fix return value of MSI domain .alloc() method (git-fixes). - PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG (git-fixes). - PCI/ACPI: Check for _OSC support in acpi_pci_osc_control_set() (bsc#1169263). - PCI/ACPI: Clarify message about _OSC failure (bsc#1169263). - PCI/ACPI: Move _OSC query checks to separate function (bsc#1169263). - PCI/ACPI: Move supported and control calculations to separate functions (bsc#1169263). - PCI/ACPI: Remove OSC_PCI_SUPPORT_MASKS and OSC_PCI_CONTROL_MASKS (bsc#1169263). - PCI/ACPI: Remove unnecessary osc_lock (bsc#1169263). - PCI: pci-bridge-emul: Fix emulation of W1C bits (git-fixes). - PCI: uniphier: Serialize INTx masking/unmasking and fix the bit operation (git-fixes). - pinctrl: core: fix possible memory leak in pinctrl_enable() (git-fixes). - platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning (git-fixes). - power: supply: bq27xxx: Fix kernel crash on IRQ handler register error (git-fixes). - power: supply: max17042_battery: Prevent int underflow in set_soc_threshold (git-fixes). - power: supply: max17042_battery: use VFSOC for capacity when no rsns (git-fixes). - power: supply: rt5033 battery: Change voltage values to ca 5V (git-fixes). - printk/console: Allow to disable console output by using console="" or console=null (bsc#1192753). - printk: handle blank console arguments passed in (bsc#1192753). - qtnfmac: fix potential Spectre vulnerabilities (bsc#1192802). - r8152: add a helper function about setting EEE (git-fixes). - r8152: Add macpassthru support for ThinkPad Thunderbolt 3 Dock Gen 2 (git-fixes). - r8152: Disable PLA MCU clock speed down (git-fixes). - r8152: disable U2P3 for RTL8153B (git-fixes). - r8152: divide the tx and rx bottom functions (git-fixes). - r8152: do not enable U1U2 with USB_SPEED_HIGH for RTL8153B (git-fixes). - r8152: fix runtime resume for linking change (git-fixes). - r8152: replace array with linking list for rx information (git-fixes). - r8152: reset flow control patch when linking on for RTL8153B (git-fixes). - r8152: saving the settings of EEE (git-fixes). - r8152: separate the rx buffer size (git-fixes). - r8152: use alloc_pages for rx buffer (git-fixes). - regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-dvs-idx property (git-fixes). - regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled (git-fixes). - Revert "ibmvnic: check failover_pending in login response" (bsc#1190523 ltc#194510). - Revert "platform/x86: i2c-multi-instantiate: Do not create platform device for INT3515 ACPI nodes" (git-fixes). - Revert "r8152: adjust the settings about MAC clock speed down for RTL8153" (git-fixes). - Revert "scsi: ufs: fix a missing check of devm_reset_control_get" (git-fixes). - Revert "x86/kvm: fix vcpu-id indexed array sizes" (git-fixes). - rndis_host: set proper input size for OID_GEN_PHYSICAL_MEDIUM request (git-fixes). - rsi: fix control-message timeout (git-fixes). - rsi: Fix module dev_oper_mode parameter description (git-fixes). - rsi: stop thread firstly in rsi_91x_init() error handling (git-fixes). - rtl8187: fix control-message timeouts (git-fixes). - s390/qeth: fix deadlock during failing recovery (git-fixes). - s390/qeth: Fix deadlock in remove_discipline (git-fixes). - s390/qeth: fix NULL deref in qeth_clear_working_pool_list() (git-fixes). - scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe() (git-fixes). - scsi: BusLogic: Fix missing pr_cont() use (git-fixes). - scsi: core: Fix spelling in a source code comment (git-fixes). - scsi: csiostor: Add module softdep on cxgb4 (git-fixes). - scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn() (git-fixes). - scsi: dc395: Fix error case unwinding (git-fixes). - scsi: fdomain: Fix error return code in fdomain_probe() (git-fixes). - scsi: FlashPoint: Rename si_flags field (git-fixes). - scsi: iscsi: Fix iface sysfs attr detection (git-fixes). - scsi: libsas: Use _safe() loop in sas_resume_port() (git-fixes). - scsi: mpt3sas: Fix error return value in _scsih_expander_add() (git-fixes). - scsi: qedf: Add pointer checks in qedf_update_link_speed() (git-fixes). - scsi: qedf: Fix error codes in qedf_alloc_global_queues() (git-fixes). - scsi: qedi: Fix error codes in qedi_alloc_global_queues() (git-fixes). - scsi: qla2xxx: Fix a memory leak in an error path of qla2x00_process_els() (git-fixes). - scsi: qla2xxx: Make sure that aborted commands are freed (git-fixes). - scsi: smartpqi: Fix an error code in pqi_get_raid_map() (git-fixes). - scsi: snic: Fix an error message (git-fixes). - scsi: ufs-pci: Add quirk for broken auto-hibernate for Intel EHL (git-fixes). - scsi: ufs: ufshcd-pltfrm: Fix memory leak due to probe defer (git-fixes). - serial: 8250_dw: Drop wrong use of ACPI_PTR() (git-fixes). - serial: xilinx_uartps: Fix race condition causing stuck TX (git-fixes). - staging: r8712u: fix control-message timeout (git-fixes). - staging: rtl8192u: fix control-message timeouts (git-fixes). - stmmac: platform: Fix signedness bug in stmmac_probe_config_dt() (git-fixes). - swiotlb: add a IO_TLB_SIZE define (bsc#1191851). - swiotlb: clean up swiotlb_tbl_unmap_single (bsc#1191851). - swiotlb: do not modify orig_addr in swiotlb_tbl_sync_single (bsc#1191851). - swiotlb: factor out an io_tlb_offset helper (bsc#1191851). - swiotlb: factor out a nr_slots helper (bsc#1191851). - swiotlb: refactor swiotlb_tbl_map_single (bsc#1191851). - swiotlb: respect min_align_mask (bsc#1191851). - swiotlb: Split size parameter to map/unmap APIs (bsc#1191851). - tpm: Check for integer overflow in tpm2_map_response_body() (git-fixes). - tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker together (bsc#1192745). - Update config files: Add CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set - usb: gadget: hid: fix error code in do_config() (git-fixes). - usb: iowarrior: fix control-message timeouts (git-fixes). - usb: max-3421: Use driver data instead of maintaining a list of bound devices (git-fixes). - usb: musb: Balance list entry in musb_gadget_queue (git-fixes). - usbnet: fix error return code in usbnet_probe() (git-fixes). - usbnet: sanity check for maxpacket (git-fixes). - usb: serial: keyspan: fix memleak on probe errors (git-fixes). - video: fbdev: chipsfb: use memset_io() instead of memset() (git-fixes). - virtio-gpu: fix possible memory allocation failure (git-fixes). - wcn36xx: Add ability for wcn36xx_smd_dump_cmd_req to pass two's complement (git-fixes). - wcn36xx: add proper DMA memory barriers in rx path (git-fixes). - wcn36xx: Fix HT40 capability for 2Ghz band (git-fixes). - x86/ioapic: Force affinity setup before startup (bsc#1152489). - x86/msi: Force affinity setup before startup (bsc#1152489). - x86/sme: Use #define USE_EARLY_PGTABLE_L5 in mem_encrypt_identity.c (bsc#1152489). - x86/xen: Mark cpu_bringup_and_idle() as dead_end_function (git-fixes). - xen: Fix implicit type conversion (git-fixes). - xen-pciback: Fix return in pm_ctrl_init() (git-fixes). - xfs: do not allow log writes if the data device is readonly (bsc#1192229). - zram-avoid-race-between-zram_remove-and-disksize_sto.patch: (bsc#1170269). - zram-don-t-fail-to-remove-zram-during-unloading-modu.patch: (bsc#1170269). - zram-fix-race-between-zram_reset_device-and-disksize.patch: (bsc#1170269). - zram-replace-fsync_bdev-with-sync_blockdev.patch: (bsc#1170269). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-3933=1 - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2021-3933=1 - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2021-3933=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP2: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2021-3933=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-3933=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3933=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-3933=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): kernel-default-5.3.18-24.96.1 kernel-default-base-5.3.18-24.96.1.9.44.1 kernel-default-debuginfo-5.3.18-24.96.1 kernel-default-debugsource-5.3.18-24.96.1 - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): kernel-default-debuginfo-5.3.18-24.96.1 kernel-default-debugsource-5.3.18-24.96.1 kernel-default-extra-5.3.18-24.96.1 kernel-default-extra-debuginfo-5.3.18-24.96.1 kernel-preempt-extra-5.3.18-24.96.1 kernel-preempt-extra-debuginfo-5.3.18-24.96.1 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-24.96.1 kernel-default-debugsource-5.3.18-24.96.1 kernel-default-livepatch-5.3.18-24.96.1 kernel-default-livepatch-devel-5.3.18-24.96.1 kernel-livepatch-5_3_18-24_96-default-1-5.3.1 kernel-livepatch-5_3_18-24_96-default-debuginfo-1-5.3.1 kernel-livepatch-SLE15-SP2_Update_22-debugsource-1-5.3.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP2 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-24.96.1 kernel-default-debugsource-5.3.18-24.96.1 reiserfs-kmp-default-5.3.18-24.96.1 reiserfs-kmp-default-debuginfo-5.3.18-24.96.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): kernel-obs-build-5.3.18-24.96.1 kernel-obs-build-debugsource-5.3.18-24.96.1 kernel-syms-5.3.18-24.96.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 x86_64): kernel-preempt-debuginfo-5.3.18-24.96.1 kernel-preempt-debugsource-5.3.18-24.96.1 kernel-preempt-devel-5.3.18-24.96.1 kernel-preempt-devel-debuginfo-5.3.18-24.96.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch): kernel-docs-5.3.18-24.96.1 kernel-source-5.3.18-24.96.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): kernel-default-5.3.18-24.96.1 kernel-default-base-5.3.18-24.96.1.9.44.1 kernel-default-debuginfo-5.3.18-24.96.1 kernel-default-debugsource-5.3.18-24.96.1 kernel-default-devel-5.3.18-24.96.1 kernel-default-devel-debuginfo-5.3.18-24.96.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 x86_64): kernel-preempt-5.3.18-24.96.1 kernel-preempt-debuginfo-5.3.18-24.96.1 kernel-preempt-debugsource-5.3.18-24.96.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): kernel-devel-5.3.18-24.96.1 kernel-macros-5.3.18-24.96.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-24.96.1 cluster-md-kmp-default-debuginfo-5.3.18-24.96.1 dlm-kmp-default-5.3.18-24.96.1 dlm-kmp-default-debuginfo-5.3.18-24.96.1 gfs2-kmp-default-5.3.18-24.96.1 gfs2-kmp-default-debuginfo-5.3.18-24.96.1 kernel-default-debuginfo-5.3.18-24.96.1 kernel-default-debugsource-5.3.18-24.96.1 ocfs2-kmp-default-5.3.18-24.96.1 ocfs2-kmp-default-debuginfo-5.3.18-24.96.1 References: https://www.suse.com/security/cve/CVE-2021-0941.html https://www.suse.com/security/cve/CVE-2021-20322.html https://www.suse.com/security/cve/CVE-2021-31916.html https://www.suse.com/security/cve/CVE-2021-34981.html https://www.suse.com/security/cve/CVE-2021-37159.html https://www.suse.com/security/cve/CVE-2021-43389.html https://bugzilla.suse.com/1094840 https://bugzilla.suse.com/1133021 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1169263 https://bugzilla.suse.com/1170269 https://bugzilla.suse.com/1188601 https://bugzilla.suse.com/1190523 https://bugzilla.suse.com/1190795 https://bugzilla.suse.com/1191790 https://bugzilla.suse.com/1191851 https://bugzilla.suse.com/1191958 https://bugzilla.suse.com/1191961 https://bugzilla.suse.com/1191980 https://bugzilla.suse.com/1192045 https://bugzilla.suse.com/1192229 https://bugzilla.suse.com/1192273 https://bugzilla.suse.com/1192328 https://bugzilla.suse.com/1192718 https://bugzilla.suse.com/1192740 https://bugzilla.suse.com/1192745 https://bugzilla.suse.com/1192750 https://bugzilla.suse.com/1192753 https://bugzilla.suse.com/1192781 https://bugzilla.suse.com/1192802 https://bugzilla.suse.com/1192896 https://bugzilla.suse.com/1192906 https://bugzilla.suse.com/1192918 From sle-updates at lists.suse.com Mon Dec 6 14:33:41 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Dec 2021 15:33:41 +0100 (CET) Subject: SUSE-SU-2021:3929-1: important: Security update for the Linux Kernel Message-ID: <20211206143341.4A2FAFC9F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3929-1 Rating: important References: #1068032 #1087082 #1098425 #1100416 #1119934 #1129735 #1171217 #1171420 #1173346 #1176724 #1183089 #1184673 #1186109 #1186390 #1188172 #1188325 #1188563 #1188601 #1188838 #1188876 #1188983 #1188985 #1189057 #1189262 #1189291 #1189399 #1189706 #1190023 #1190025 #1190067 #1190117 #1190159 #1190276 #1190349 #1190351 #1190601 #1191193 #1191315 #1191790 #1191958 #1191961 #1192781 #802154 Cross-References: CVE-2017-5753 CVE-2018-13405 CVE-2018-16882 CVE-2020-0429 CVE-2020-12655 CVE-2020-14305 CVE-2020-3702 CVE-2021-20265 CVE-2021-20322 CVE-2021-31916 CVE-2021-33033 CVE-2021-34556 CVE-2021-34981 CVE-2021-3542 CVE-2021-35477 CVE-2021-3640 CVE-2021-3653 CVE-2021-3655 CVE-2021-3659 CVE-2021-3679 CVE-2021-3715 CVE-2021-37159 CVE-2021-3732 CVE-2021-3752 CVE-2021-3753 CVE-2021-37576 CVE-2021-3760 CVE-2021-3772 CVE-2021-38160 CVE-2021-38198 CVE-2021-38204 CVE-2021-3896 CVE-2021-40490 CVE-2021-42008 CVE-2021-42739 CVE-2021-43389 CVSS scores: CVE-2017-5753 (NVD) : 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2017-5753 (SUSE): 7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N CVE-2018-13405 (NVD) : 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2018-13405 (SUSE): 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVE-2018-16882 (NVD) : 8.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2020-0429 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-0429 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-12655 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-12655 (SUSE): 2.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L CVE-2020-14305 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-14305 (SUSE): 4.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2020-3702 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-3702 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-20265 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-20265 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-20322 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2021-31916 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-31916 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-33033 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33033 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-34556 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-34981 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2021-3542 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-35477 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-3640 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3653 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3655 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-3659 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3679 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3715 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-37159 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-37159 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3732 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-3752 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3753 (SUSE): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-37576 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3760 (SUSE): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3772 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-38160 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-38198 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-38204 (SUSE): 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3896 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-40490 (SUSE): 6.1 CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42008 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-42008 (SUSE): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-42739 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-43389 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves 36 vulnerabilities and has 7 fixes is now available. Description: The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - Unprivileged BPF has been disabled by default to reduce attack surface as too many security issues have happened in the past (jsc#SLE-22573) You can reenable via systemctl setting /proc/sys/kernel/unprivileged_bpf_disabled to 0. (kernel.unprivileged_bpf_disabled = 0) - CVE-2017-5753: Systems with microprocessors utilizing speculative execution and branch prediction may have allowed unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1068032). Additional spectrev1 fixes were added to the eBPF code. - CVE-2018-13405: The inode_init_owner function in fs/inode.c allowed local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID (bnc#1087082 bnc#1100416 bnc#1129735). - CVE-2018-16882: A use-after-free issue was found in the way the KVM hypervisor processed posted interrupts when nested(=1) virtualization is enabled. In nested_get_vmcs12_pages(), in case of an error while processing posted interrupt address, it unmaps the 'pi_desc_page' without resetting 'pi_desc' descriptor address, which is later used in pi_test_and_clear_on(). A guest user/process could use this flaw to crash the host kernel resulting in DoS or potentially gain privileged access to a system. Kernel versions and are vulnerable (bnc#1119934). - CVE-2020-0429: In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1176724). - CVE-2020-12655: An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata, aka CID-d0c7feaf8767 (bnc#1171217). - CVE-2020-14305: An out-of-bounds memory write flaw was found in how the Linux kernel’s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allowed an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability (bnc#1173346). - CVE-2020-3702: Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic (bnc#1191193). - CVE-2021-20265: A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the Linux kernel when a signal was pending. This flaw allowed an unprivileged local user to crash the system by exhausting available memory. The highest threat from this vulnerability is to system availability (bnc#1183089). - CVE-2021-31916: An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel A bound check failure allowed an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability (bnc#1192781). - CVE-2021-33033: The Linux kernel has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value (bnc#1186109 bnc#1186390 bnc#1188876). - CVE-2021-34556: In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack (bnc#1188983). - CVE-2021-34981: Fixed file refcounting in cmtp when cmtp_attach_device fails (bsc#1191961). - CVE-2021-3542: Fixed heap buffer overflow in firedtv driver (bsc#1186063). - CVE-2021-35477: In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation did not necessarily occur before a store operation that has an attacker-controlled value (bnc#1188985). - CVE-2021-3640: Fixed a Use-After-Free vulnerability in function sco_sock_sendmsg() in the bluetooth stack (bsc#1188172). - CVE-2021-3653: A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "int_ctl" field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. (bnc#1189399). - CVE-2021-3655: A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may have allowed the kernel to read uninitialized memory (bnc#1188563). - CVE-2021-3659: Fixed a NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (bsc#1188876). - CVE-2021-3679: A lack of CPU resource in the tracing module functionality was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service (bnc#1189057). - CVE-2021-37159: hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free (bnc#1188601). - CVE-2021-3715: Fixed a use-after-free in route4_change() in net/sched/cls_route.c (bsc#1190349). - CVE-2021-3732: Mounting overlayfs inside an unprivileged user namespace can reveal files (bsc#1189706). - CVE-2021-3752: Fixed a use after free vulnerability in the Linux kernel's bluetooth module. (bsc#1190023) - CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling (bsc#1190025). - CVE-2021-37576: arch/powerpc/kvm/book3s_rtas.c on the powerpc platform allowed KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e (bnc#1188838 bnc#1190276). - CVE-2021-3760: Fixed a use-after-free vulnerability with the ndev->rf_conn_info object (bsc#1190067). - CVE-2021-3772: Fixed sctp vtag check in sctp_sf_ootb (bsc#1190351). - CVE-2021-38160: Data corruption or loss could be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190117) - CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computed the access permissions of a shadow page, leading to a missing guest protection page fault (bnc#1189262). - CVE-2021-38204: drivers/usb/host/max3421-hcd.c allowed physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations (bnc#1189291). - CVE-2021-3896: Fixed a array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c (bsc#1191958). - CVE-2021-40490: A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel (bnc#1190159) - CVE-2021-42008: The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access (bnc#1191315). - CVE-2021-42739: The firewire subsystem in the Linux kernel has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bnc#1184673). - CVE-2021-43389: An issue was discovered in the Linux kernel There was an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958). - - ipv4: make exception cache less predictible (bsc#1191790, CVE-2021-20322). The following non-security bugs were fixed: - Update config files: Add CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set - bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22918) - bpf: Disallow unprivileged bpf by default (jsc#SLE-22918). - bpf: properly enforce index mask to prevent out-of-bounds speculation (bsc#1098425). - btrfs: reloc: clear DEAD_RELOC_TREE bit for orphan roots to prevent runaway balance (bsc#1188325). - btrfs: reloc: fix reloc root leak and NULL pointer dereference (bsc#1188325). - btrfs: relocation: fix reloc_root lifespan and access (bsc#1188325). - config: disable unprivileged BPF by default (jsc#SLE-22918) Backport of mainline commit 8a03e56b253e ("bpf: Disallow unprivileged bpf by default") only changes kconfig default, used e.g. for "make oldconfig" when the config option is missing, but does not update our kernel configs used for build. Update also these to make sure unprivileged BPF is really disabled by default. - kABI: protect struct bpf_map (kabi). - s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant (bsc#1190601). - s390/bpf: Fix branch shortening during codegen pass (bsc#1190601). - s390/bpf: Fix optimizing out zero-extensions (bsc#1190601). - s390/bpf: Wrap JIT macro parameter usages in parentheses (bsc#1190601). - s390: bpf: implement jitting of BPF_ALU | BPF_ARSH | BPF_* (bsc#1190601). - scsi: sg: add sg_remove_request in sg_write (bsc#1171420 CVE2020-12770). - sctp: check asoc peer.asconf_capable before processing asconf (bsc#1190351). - sctp: fully initialize v4 addr in some functions (bsc#1188563). - sctp: simplify addr copy (bsc#1188563). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-3929=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): kernel-devel-4.4.121-92.161.1 kernel-macros-4.4.121-92.161.1 kernel-source-4.4.121-92.161.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): kernel-default-4.4.121-92.161.1 kernel-default-base-4.4.121-92.161.1 kernel-default-base-debuginfo-4.4.121-92.161.1 kernel-default-debuginfo-4.4.121-92.161.1 kernel-default-debugsource-4.4.121-92.161.1 kernel-default-devel-4.4.121-92.161.1 kernel-syms-4.4.121-92.161.1 References: https://www.suse.com/security/cve/CVE-2017-5753.html https://www.suse.com/security/cve/CVE-2018-13405.html https://www.suse.com/security/cve/CVE-2018-16882.html https://www.suse.com/security/cve/CVE-2020-0429.html https://www.suse.com/security/cve/CVE-2020-12655.html https://www.suse.com/security/cve/CVE-2020-14305.html https://www.suse.com/security/cve/CVE-2020-3702.html https://www.suse.com/security/cve/CVE-2021-20265.html https://www.suse.com/security/cve/CVE-2021-20322.html https://www.suse.com/security/cve/CVE-2021-31916.html https://www.suse.com/security/cve/CVE-2021-33033.html https://www.suse.com/security/cve/CVE-2021-34556.html https://www.suse.com/security/cve/CVE-2021-34981.html https://www.suse.com/security/cve/CVE-2021-3542.html https://www.suse.com/security/cve/CVE-2021-35477.html https://www.suse.com/security/cve/CVE-2021-3640.html https://www.suse.com/security/cve/CVE-2021-3653.html https://www.suse.com/security/cve/CVE-2021-3655.html https://www.suse.com/security/cve/CVE-2021-3659.html https://www.suse.com/security/cve/CVE-2021-3679.html https://www.suse.com/security/cve/CVE-2021-3715.html https://www.suse.com/security/cve/CVE-2021-37159.html https://www.suse.com/security/cve/CVE-2021-3732.html https://www.suse.com/security/cve/CVE-2021-3752.html https://www.suse.com/security/cve/CVE-2021-3753.html https://www.suse.com/security/cve/CVE-2021-37576.html https://www.suse.com/security/cve/CVE-2021-3760.html https://www.suse.com/security/cve/CVE-2021-3772.html https://www.suse.com/security/cve/CVE-2021-38160.html https://www.suse.com/security/cve/CVE-2021-38198.html https://www.suse.com/security/cve/CVE-2021-38204.html https://www.suse.com/security/cve/CVE-2021-3896.html https://www.suse.com/security/cve/CVE-2021-40490.html https://www.suse.com/security/cve/CVE-2021-42008.html https://www.suse.com/security/cve/CVE-2021-42739.html https://www.suse.com/security/cve/CVE-2021-43389.html https://bugzilla.suse.com/1068032 https://bugzilla.suse.com/1087082 https://bugzilla.suse.com/1098425 https://bugzilla.suse.com/1100416 https://bugzilla.suse.com/1119934 https://bugzilla.suse.com/1129735 https://bugzilla.suse.com/1171217 https://bugzilla.suse.com/1171420 https://bugzilla.suse.com/1173346 https://bugzilla.suse.com/1176724 https://bugzilla.suse.com/1183089 https://bugzilla.suse.com/1184673 https://bugzilla.suse.com/1186109 https://bugzilla.suse.com/1186390 https://bugzilla.suse.com/1188172 https://bugzilla.suse.com/1188325 https://bugzilla.suse.com/1188563 https://bugzilla.suse.com/1188601 https://bugzilla.suse.com/1188838 https://bugzilla.suse.com/1188876 https://bugzilla.suse.com/1188983 https://bugzilla.suse.com/1188985 https://bugzilla.suse.com/1189057 https://bugzilla.suse.com/1189262 https://bugzilla.suse.com/1189291 https://bugzilla.suse.com/1189399 https://bugzilla.suse.com/1189706 https://bugzilla.suse.com/1190023 https://bugzilla.suse.com/1190025 https://bugzilla.suse.com/1190067 https://bugzilla.suse.com/1190117 https://bugzilla.suse.com/1190159 https://bugzilla.suse.com/1190276 https://bugzilla.suse.com/1190349 https://bugzilla.suse.com/1190351 https://bugzilla.suse.com/1190601 https://bugzilla.suse.com/1191193 https://bugzilla.suse.com/1191315 https://bugzilla.suse.com/1191790 https://bugzilla.suse.com/1191958 https://bugzilla.suse.com/1191961 https://bugzilla.suse.com/1192781 https://bugzilla.suse.com/802154 From sle-updates at lists.suse.com Mon Dec 6 17:18:27 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Dec 2021 18:18:27 +0100 (CET) Subject: SUSE-SU-2021:3943-1: moderate: Recommended update for php7 Message-ID: <20211206171827.84574FC9F@maintenance.suse.de> SUSE Security Update: Recommended update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3943-1 Rating: moderate References: #1175508 #1192050 #1193041 Cross-References: CVE-2021-21703 CVE-2021-21707 CVSS scores: CVE-2021-21703 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-21703 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-21707 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: SUSE Linux Enterprise Module for Web Scripting 15-SP3 SUSE Linux Enterprise Module for Web Scripting 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for php7 fixes the following issues: - CVE-2021-21703: Fixed local privilege escalation via PHP-FPM (bsc#1192050). - CVE-2021-21707: Fixed special character breaks path in xml parsing (bsc#1193041). - Added patch to prevent memory access violation in php7 when running test suite (bsc#1175508) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP3: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP3-2021-3943=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP2: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP2-2021-3943=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-3943=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-3943=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.4.6-3.29.1 apache2-mod_php7-debuginfo-7.4.6-3.29.1 php7-7.4.6-3.29.1 php7-bcmath-7.4.6-3.29.1 php7-bcmath-debuginfo-7.4.6-3.29.1 php7-bz2-7.4.6-3.29.1 php7-bz2-debuginfo-7.4.6-3.29.1 php7-calendar-7.4.6-3.29.1 php7-calendar-debuginfo-7.4.6-3.29.1 php7-ctype-7.4.6-3.29.1 php7-ctype-debuginfo-7.4.6-3.29.1 php7-curl-7.4.6-3.29.1 php7-curl-debuginfo-7.4.6-3.29.1 php7-dba-7.4.6-3.29.1 php7-dba-debuginfo-7.4.6-3.29.1 php7-debuginfo-7.4.6-3.29.1 php7-debugsource-7.4.6-3.29.1 php7-devel-7.4.6-3.29.1 php7-dom-7.4.6-3.29.1 php7-dom-debuginfo-7.4.6-3.29.1 php7-enchant-7.4.6-3.29.1 php7-enchant-debuginfo-7.4.6-3.29.1 php7-exif-7.4.6-3.29.1 php7-exif-debuginfo-7.4.6-3.29.1 php7-fastcgi-7.4.6-3.29.1 php7-fastcgi-debuginfo-7.4.6-3.29.1 php7-fileinfo-7.4.6-3.29.1 php7-fileinfo-debuginfo-7.4.6-3.29.1 php7-fpm-7.4.6-3.29.1 php7-fpm-debuginfo-7.4.6-3.29.1 php7-ftp-7.4.6-3.29.1 php7-ftp-debuginfo-7.4.6-3.29.1 php7-gd-7.4.6-3.29.1 php7-gd-debuginfo-7.4.6-3.29.1 php7-gettext-7.4.6-3.29.1 php7-gettext-debuginfo-7.4.6-3.29.1 php7-gmp-7.4.6-3.29.1 php7-gmp-debuginfo-7.4.6-3.29.1 php7-iconv-7.4.6-3.29.1 php7-iconv-debuginfo-7.4.6-3.29.1 php7-intl-7.4.6-3.29.1 php7-intl-debuginfo-7.4.6-3.29.1 php7-json-7.4.6-3.29.1 php7-json-debuginfo-7.4.6-3.29.1 php7-ldap-7.4.6-3.29.1 php7-ldap-debuginfo-7.4.6-3.29.1 php7-mbstring-7.4.6-3.29.1 php7-mbstring-debuginfo-7.4.6-3.29.1 php7-mysql-7.4.6-3.29.1 php7-mysql-debuginfo-7.4.6-3.29.1 php7-odbc-7.4.6-3.29.1 php7-odbc-debuginfo-7.4.6-3.29.1 php7-opcache-7.4.6-3.29.1 php7-opcache-debuginfo-7.4.6-3.29.1 php7-openssl-7.4.6-3.29.1 php7-openssl-debuginfo-7.4.6-3.29.1 php7-pcntl-7.4.6-3.29.1 php7-pcntl-debuginfo-7.4.6-3.29.1 php7-pdo-7.4.6-3.29.1 php7-pdo-debuginfo-7.4.6-3.29.1 php7-pgsql-7.4.6-3.29.1 php7-pgsql-debuginfo-7.4.6-3.29.1 php7-phar-7.4.6-3.29.1 php7-phar-debuginfo-7.4.6-3.29.1 php7-posix-7.4.6-3.29.1 php7-posix-debuginfo-7.4.6-3.29.1 php7-readline-7.4.6-3.29.1 php7-readline-debuginfo-7.4.6-3.29.1 php7-shmop-7.4.6-3.29.1 php7-shmop-debuginfo-7.4.6-3.29.1 php7-snmp-7.4.6-3.29.1 php7-snmp-debuginfo-7.4.6-3.29.1 php7-soap-7.4.6-3.29.1 php7-soap-debuginfo-7.4.6-3.29.1 php7-sockets-7.4.6-3.29.1 php7-sockets-debuginfo-7.4.6-3.29.1 php7-sodium-7.4.6-3.29.1 php7-sodium-debuginfo-7.4.6-3.29.1 php7-sqlite-7.4.6-3.29.1 php7-sqlite-debuginfo-7.4.6-3.29.1 php7-sysvmsg-7.4.6-3.29.1 php7-sysvmsg-debuginfo-7.4.6-3.29.1 php7-sysvsem-7.4.6-3.29.1 php7-sysvsem-debuginfo-7.4.6-3.29.1 php7-sysvshm-7.4.6-3.29.1 php7-sysvshm-debuginfo-7.4.6-3.29.1 php7-tidy-7.4.6-3.29.1 php7-tidy-debuginfo-7.4.6-3.29.1 php7-tokenizer-7.4.6-3.29.1 php7-tokenizer-debuginfo-7.4.6-3.29.1 php7-xmlreader-7.4.6-3.29.1 php7-xmlreader-debuginfo-7.4.6-3.29.1 php7-xmlrpc-7.4.6-3.29.1 php7-xmlrpc-debuginfo-7.4.6-3.29.1 php7-xmlwriter-7.4.6-3.29.1 php7-xmlwriter-debuginfo-7.4.6-3.29.1 php7-xsl-7.4.6-3.29.1 php7-xsl-debuginfo-7.4.6-3.29.1 php7-zip-7.4.6-3.29.1 php7-zip-debuginfo-7.4.6-3.29.1 php7-zlib-7.4.6-3.29.1 php7-zlib-debuginfo-7.4.6-3.29.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP2 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.4.6-3.29.1 apache2-mod_php7-debuginfo-7.4.6-3.29.1 php7-7.4.6-3.29.1 php7-bcmath-7.4.6-3.29.1 php7-bcmath-debuginfo-7.4.6-3.29.1 php7-bz2-7.4.6-3.29.1 php7-bz2-debuginfo-7.4.6-3.29.1 php7-calendar-7.4.6-3.29.1 php7-calendar-debuginfo-7.4.6-3.29.1 php7-ctype-7.4.6-3.29.1 php7-ctype-debuginfo-7.4.6-3.29.1 php7-curl-7.4.6-3.29.1 php7-curl-debuginfo-7.4.6-3.29.1 php7-dba-7.4.6-3.29.1 php7-dba-debuginfo-7.4.6-3.29.1 php7-debuginfo-7.4.6-3.29.1 php7-debugsource-7.4.6-3.29.1 php7-devel-7.4.6-3.29.1 php7-dom-7.4.6-3.29.1 php7-dom-debuginfo-7.4.6-3.29.1 php7-enchant-7.4.6-3.29.1 php7-enchant-debuginfo-7.4.6-3.29.1 php7-exif-7.4.6-3.29.1 php7-exif-debuginfo-7.4.6-3.29.1 php7-fastcgi-7.4.6-3.29.1 php7-fastcgi-debuginfo-7.4.6-3.29.1 php7-fileinfo-7.4.6-3.29.1 php7-fileinfo-debuginfo-7.4.6-3.29.1 php7-fpm-7.4.6-3.29.1 php7-fpm-debuginfo-7.4.6-3.29.1 php7-ftp-7.4.6-3.29.1 php7-ftp-debuginfo-7.4.6-3.29.1 php7-gd-7.4.6-3.29.1 php7-gd-debuginfo-7.4.6-3.29.1 php7-gettext-7.4.6-3.29.1 php7-gettext-debuginfo-7.4.6-3.29.1 php7-gmp-7.4.6-3.29.1 php7-gmp-debuginfo-7.4.6-3.29.1 php7-iconv-7.4.6-3.29.1 php7-iconv-debuginfo-7.4.6-3.29.1 php7-intl-7.4.6-3.29.1 php7-intl-debuginfo-7.4.6-3.29.1 php7-json-7.4.6-3.29.1 php7-json-debuginfo-7.4.6-3.29.1 php7-ldap-7.4.6-3.29.1 php7-ldap-debuginfo-7.4.6-3.29.1 php7-mbstring-7.4.6-3.29.1 php7-mbstring-debuginfo-7.4.6-3.29.1 php7-mysql-7.4.6-3.29.1 php7-mysql-debuginfo-7.4.6-3.29.1 php7-odbc-7.4.6-3.29.1 php7-odbc-debuginfo-7.4.6-3.29.1 php7-opcache-7.4.6-3.29.1 php7-opcache-debuginfo-7.4.6-3.29.1 php7-openssl-7.4.6-3.29.1 php7-openssl-debuginfo-7.4.6-3.29.1 php7-pcntl-7.4.6-3.29.1 php7-pcntl-debuginfo-7.4.6-3.29.1 php7-pdo-7.4.6-3.29.1 php7-pdo-debuginfo-7.4.6-3.29.1 php7-pgsql-7.4.6-3.29.1 php7-pgsql-debuginfo-7.4.6-3.29.1 php7-phar-7.4.6-3.29.1 php7-phar-debuginfo-7.4.6-3.29.1 php7-posix-7.4.6-3.29.1 php7-posix-debuginfo-7.4.6-3.29.1 php7-readline-7.4.6-3.29.1 php7-readline-debuginfo-7.4.6-3.29.1 php7-shmop-7.4.6-3.29.1 php7-shmop-debuginfo-7.4.6-3.29.1 php7-snmp-7.4.6-3.29.1 php7-snmp-debuginfo-7.4.6-3.29.1 php7-soap-7.4.6-3.29.1 php7-soap-debuginfo-7.4.6-3.29.1 php7-sockets-7.4.6-3.29.1 php7-sockets-debuginfo-7.4.6-3.29.1 php7-sodium-7.4.6-3.29.1 php7-sodium-debuginfo-7.4.6-3.29.1 php7-sqlite-7.4.6-3.29.1 php7-sqlite-debuginfo-7.4.6-3.29.1 php7-sysvmsg-7.4.6-3.29.1 php7-sysvmsg-debuginfo-7.4.6-3.29.1 php7-sysvsem-7.4.6-3.29.1 php7-sysvsem-debuginfo-7.4.6-3.29.1 php7-sysvshm-7.4.6-3.29.1 php7-sysvshm-debuginfo-7.4.6-3.29.1 php7-tidy-7.4.6-3.29.1 php7-tidy-debuginfo-7.4.6-3.29.1 php7-tokenizer-7.4.6-3.29.1 php7-tokenizer-debuginfo-7.4.6-3.29.1 php7-xmlreader-7.4.6-3.29.1 php7-xmlreader-debuginfo-7.4.6-3.29.1 php7-xmlrpc-7.4.6-3.29.1 php7-xmlrpc-debuginfo-7.4.6-3.29.1 php7-xmlwriter-7.4.6-3.29.1 php7-xmlwriter-debuginfo-7.4.6-3.29.1 php7-xsl-7.4.6-3.29.1 php7-xsl-debuginfo-7.4.6-3.29.1 php7-zip-7.4.6-3.29.1 php7-zip-debuginfo-7.4.6-3.29.1 php7-zlib-7.4.6-3.29.1 php7-zlib-debuginfo-7.4.6-3.29.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.4.6-3.29.1 php7-debugsource-7.4.6-3.29.1 php7-embed-7.4.6-3.29.1 php7-embed-debuginfo-7.4.6-3.29.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.4.6-3.29.1 php7-debugsource-7.4.6-3.29.1 php7-embed-7.4.6-3.29.1 php7-embed-debuginfo-7.4.6-3.29.1 References: https://www.suse.com/security/cve/CVE-2021-21703.html https://www.suse.com/security/cve/CVE-2021-21707.html https://bugzilla.suse.com/1175508 https://bugzilla.suse.com/1192050 https://bugzilla.suse.com/1193041 From sle-updates at lists.suse.com Mon Dec 6 17:20:07 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Dec 2021 18:20:07 +0100 (CET) Subject: SUSE-SU-2021:3946-1: moderate: Security update for gmp Message-ID: <20211206172007.1CD2FFC9F@maintenance.suse.de> SUSE Security Update: Security update for gmp ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3946-1 Rating: moderate References: #1192717 Cross-References: CVE-2021-43618 CVSS scores: CVE-2021-43618 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-43618 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE MicroOS 5.1 SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gmp fixes the following issues: - CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-3946=1 - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-3946=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-3946=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-3946=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3946=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3946=1 Package List: - SUSE MicroOS 5.1 (aarch64 s390x x86_64): gmp-debugsource-6.1.2-4.9.1 libgmp10-6.1.2-4.9.1 libgmp10-debuginfo-6.1.2-4.9.1 - SUSE MicroOS 5.0 (aarch64 x86_64): gmp-debugsource-6.1.2-4.9.1 libgmp10-6.1.2-4.9.1 libgmp10-debuginfo-6.1.2-4.9.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (x86_64): gmp-debugsource-6.1.2-4.9.1 gmp-devel-32bit-6.1.2-4.9.1 libgmpxx4-32bit-6.1.2-4.9.1 libgmpxx4-32bit-debuginfo-6.1.2-4.9.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (x86_64): gmp-debugsource-6.1.2-4.9.1 gmp-devel-32bit-6.1.2-4.9.1 libgmpxx4-32bit-6.1.2-4.9.1 libgmpxx4-32bit-debuginfo-6.1.2-4.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): gmp-debugsource-6.1.2-4.9.1 gmp-devel-6.1.2-4.9.1 libgmp10-6.1.2-4.9.1 libgmp10-debuginfo-6.1.2-4.9.1 libgmpxx4-6.1.2-4.9.1 libgmpxx4-debuginfo-6.1.2-4.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libgmp10-32bit-6.1.2-4.9.1 libgmp10-32bit-debuginfo-6.1.2-4.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): gmp-debugsource-6.1.2-4.9.1 gmp-devel-6.1.2-4.9.1 libgmp10-6.1.2-4.9.1 libgmp10-debuginfo-6.1.2-4.9.1 libgmpxx4-6.1.2-4.9.1 libgmpxx4-debuginfo-6.1.2-4.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libgmp10-32bit-6.1.2-4.9.1 libgmp10-32bit-debuginfo-6.1.2-4.9.1 References: https://www.suse.com/security/cve/CVE-2021-43618.html https://bugzilla.suse.com/1192717 From sle-updates at lists.suse.com Mon Dec 6 17:23:55 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Dec 2021 18:23:55 +0100 (CET) Subject: SUSE-SU-2021:3939-1: important: Security update for mozilla-nss Message-ID: <20211206172355.35D97FC9F@maintenance.suse.de> SUSE Security Update: Security update for mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3939-1 Rating: important References: #1193170 Cross-References: CVE-2021-43527 CVSS scores: CVE-2021-43527 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for mozilla-nss fixes the following issues: Update to version 3.68.1: - CVE-2021-43527: Fixed a Heap overflow in NSS when verifying DER-encoded DSA or RSA-PSS signatures (bsc#1193170). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-3939=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-3939=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-3939=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-3939=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-3939=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-3939=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-3939=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3939=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-3939=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-3939=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-3939=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-3939=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-3939=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libfreebl3-3.68.1-58.57.1 libfreebl3-32bit-3.68.1-58.57.1 libfreebl3-debuginfo-3.68.1-58.57.1 libfreebl3-debuginfo-32bit-3.68.1-58.57.1 libfreebl3-hmac-3.68.1-58.57.1 libfreebl3-hmac-32bit-3.68.1-58.57.1 libsoftokn3-3.68.1-58.57.1 libsoftokn3-32bit-3.68.1-58.57.1 libsoftokn3-debuginfo-3.68.1-58.57.1 libsoftokn3-debuginfo-32bit-3.68.1-58.57.1 libsoftokn3-hmac-3.68.1-58.57.1 libsoftokn3-hmac-32bit-3.68.1-58.57.1 mozilla-nss-3.68.1-58.57.1 mozilla-nss-32bit-3.68.1-58.57.1 mozilla-nss-certs-3.68.1-58.57.1 mozilla-nss-certs-32bit-3.68.1-58.57.1 mozilla-nss-certs-debuginfo-3.68.1-58.57.1 mozilla-nss-certs-debuginfo-32bit-3.68.1-58.57.1 mozilla-nss-debuginfo-3.68.1-58.57.1 mozilla-nss-debuginfo-32bit-3.68.1-58.57.1 mozilla-nss-debugsource-3.68.1-58.57.1 mozilla-nss-devel-3.68.1-58.57.1 mozilla-nss-sysinit-3.68.1-58.57.1 mozilla-nss-sysinit-32bit-3.68.1-58.57.1 mozilla-nss-sysinit-debuginfo-3.68.1-58.57.1 mozilla-nss-sysinit-debuginfo-32bit-3.68.1-58.57.1 mozilla-nss-tools-3.68.1-58.57.1 mozilla-nss-tools-debuginfo-3.68.1-58.57.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libfreebl3-3.68.1-58.57.1 libfreebl3-32bit-3.68.1-58.57.1 libfreebl3-debuginfo-3.68.1-58.57.1 libfreebl3-debuginfo-32bit-3.68.1-58.57.1 libfreebl3-hmac-3.68.1-58.57.1 libfreebl3-hmac-32bit-3.68.1-58.57.1 libsoftokn3-3.68.1-58.57.1 libsoftokn3-32bit-3.68.1-58.57.1 libsoftokn3-debuginfo-3.68.1-58.57.1 libsoftokn3-debuginfo-32bit-3.68.1-58.57.1 libsoftokn3-hmac-3.68.1-58.57.1 libsoftokn3-hmac-32bit-3.68.1-58.57.1 mozilla-nss-3.68.1-58.57.1 mozilla-nss-32bit-3.68.1-58.57.1 mozilla-nss-certs-3.68.1-58.57.1 mozilla-nss-certs-32bit-3.68.1-58.57.1 mozilla-nss-certs-debuginfo-3.68.1-58.57.1 mozilla-nss-certs-debuginfo-32bit-3.68.1-58.57.1 mozilla-nss-debuginfo-3.68.1-58.57.1 mozilla-nss-debuginfo-32bit-3.68.1-58.57.1 mozilla-nss-debugsource-3.68.1-58.57.1 mozilla-nss-devel-3.68.1-58.57.1 mozilla-nss-sysinit-3.68.1-58.57.1 mozilla-nss-sysinit-32bit-3.68.1-58.57.1 mozilla-nss-sysinit-debuginfo-3.68.1-58.57.1 mozilla-nss-sysinit-debuginfo-32bit-3.68.1-58.57.1 mozilla-nss-tools-3.68.1-58.57.1 mozilla-nss-tools-debuginfo-3.68.1-58.57.1 - SUSE OpenStack Cloud 9 (x86_64): libfreebl3-3.68.1-58.57.1 libfreebl3-32bit-3.68.1-58.57.1 libfreebl3-debuginfo-3.68.1-58.57.1 libfreebl3-debuginfo-32bit-3.68.1-58.57.1 libfreebl3-hmac-3.68.1-58.57.1 libfreebl3-hmac-32bit-3.68.1-58.57.1 libsoftokn3-3.68.1-58.57.1 libsoftokn3-32bit-3.68.1-58.57.1 libsoftokn3-debuginfo-3.68.1-58.57.1 libsoftokn3-debuginfo-32bit-3.68.1-58.57.1 libsoftokn3-hmac-3.68.1-58.57.1 libsoftokn3-hmac-32bit-3.68.1-58.57.1 mozilla-nss-3.68.1-58.57.1 mozilla-nss-32bit-3.68.1-58.57.1 mozilla-nss-certs-3.68.1-58.57.1 mozilla-nss-certs-32bit-3.68.1-58.57.1 mozilla-nss-certs-debuginfo-3.68.1-58.57.1 mozilla-nss-certs-debuginfo-32bit-3.68.1-58.57.1 mozilla-nss-debuginfo-3.68.1-58.57.1 mozilla-nss-debuginfo-32bit-3.68.1-58.57.1 mozilla-nss-debugsource-3.68.1-58.57.1 mozilla-nss-devel-3.68.1-58.57.1 mozilla-nss-sysinit-3.68.1-58.57.1 mozilla-nss-sysinit-32bit-3.68.1-58.57.1 mozilla-nss-sysinit-debuginfo-3.68.1-58.57.1 mozilla-nss-sysinit-debuginfo-32bit-3.68.1-58.57.1 mozilla-nss-tools-3.68.1-58.57.1 mozilla-nss-tools-debuginfo-3.68.1-58.57.1 - SUSE OpenStack Cloud 8 (x86_64): libfreebl3-3.68.1-58.57.1 libfreebl3-32bit-3.68.1-58.57.1 libfreebl3-debuginfo-3.68.1-58.57.1 libfreebl3-debuginfo-32bit-3.68.1-58.57.1 libfreebl3-hmac-3.68.1-58.57.1 libfreebl3-hmac-32bit-3.68.1-58.57.1 libsoftokn3-3.68.1-58.57.1 libsoftokn3-32bit-3.68.1-58.57.1 libsoftokn3-debuginfo-3.68.1-58.57.1 libsoftokn3-debuginfo-32bit-3.68.1-58.57.1 libsoftokn3-hmac-3.68.1-58.57.1 libsoftokn3-hmac-32bit-3.68.1-58.57.1 mozilla-nss-3.68.1-58.57.1 mozilla-nss-32bit-3.68.1-58.57.1 mozilla-nss-certs-3.68.1-58.57.1 mozilla-nss-certs-32bit-3.68.1-58.57.1 mozilla-nss-certs-debuginfo-3.68.1-58.57.1 mozilla-nss-certs-debuginfo-32bit-3.68.1-58.57.1 mozilla-nss-debuginfo-3.68.1-58.57.1 mozilla-nss-debuginfo-32bit-3.68.1-58.57.1 mozilla-nss-debugsource-3.68.1-58.57.1 mozilla-nss-devel-3.68.1-58.57.1 mozilla-nss-sysinit-3.68.1-58.57.1 mozilla-nss-sysinit-32bit-3.68.1-58.57.1 mozilla-nss-sysinit-debuginfo-3.68.1-58.57.1 mozilla-nss-sysinit-debuginfo-32bit-3.68.1-58.57.1 mozilla-nss-tools-3.68.1-58.57.1 mozilla-nss-tools-debuginfo-3.68.1-58.57.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): mozilla-nss-debuginfo-3.68.1-58.57.1 mozilla-nss-debugsource-3.68.1-58.57.1 mozilla-nss-devel-3.68.1-58.57.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libfreebl3-3.68.1-58.57.1 libfreebl3-debuginfo-3.68.1-58.57.1 libfreebl3-hmac-3.68.1-58.57.1 libsoftokn3-3.68.1-58.57.1 libsoftokn3-debuginfo-3.68.1-58.57.1 libsoftokn3-hmac-3.68.1-58.57.1 mozilla-nss-3.68.1-58.57.1 mozilla-nss-certs-3.68.1-58.57.1 mozilla-nss-certs-debuginfo-3.68.1-58.57.1 mozilla-nss-debuginfo-3.68.1-58.57.1 mozilla-nss-debugsource-3.68.1-58.57.1 mozilla-nss-devel-3.68.1-58.57.1 mozilla-nss-sysinit-3.68.1-58.57.1 mozilla-nss-sysinit-debuginfo-3.68.1-58.57.1 mozilla-nss-tools-3.68.1-58.57.1 mozilla-nss-tools-debuginfo-3.68.1-58.57.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libfreebl3-32bit-3.68.1-58.57.1 libfreebl3-debuginfo-32bit-3.68.1-58.57.1 libfreebl3-hmac-32bit-3.68.1-58.57.1 libsoftokn3-32bit-3.68.1-58.57.1 libsoftokn3-debuginfo-32bit-3.68.1-58.57.1 libsoftokn3-hmac-32bit-3.68.1-58.57.1 mozilla-nss-32bit-3.68.1-58.57.1 mozilla-nss-certs-32bit-3.68.1-58.57.1 mozilla-nss-certs-debuginfo-32bit-3.68.1-58.57.1 mozilla-nss-debuginfo-32bit-3.68.1-58.57.1 mozilla-nss-sysinit-32bit-3.68.1-58.57.1 mozilla-nss-sysinit-debuginfo-32bit-3.68.1-58.57.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libfreebl3-3.68.1-58.57.1 libfreebl3-debuginfo-3.68.1-58.57.1 libfreebl3-hmac-3.68.1-58.57.1 libsoftokn3-3.68.1-58.57.1 libsoftokn3-debuginfo-3.68.1-58.57.1 libsoftokn3-hmac-3.68.1-58.57.1 mozilla-nss-3.68.1-58.57.1 mozilla-nss-certs-3.68.1-58.57.1 mozilla-nss-certs-debuginfo-3.68.1-58.57.1 mozilla-nss-debuginfo-3.68.1-58.57.1 mozilla-nss-debugsource-3.68.1-58.57.1 mozilla-nss-devel-3.68.1-58.57.1 mozilla-nss-sysinit-3.68.1-58.57.1 mozilla-nss-sysinit-debuginfo-3.68.1-58.57.1 mozilla-nss-tools-3.68.1-58.57.1 mozilla-nss-tools-debuginfo-3.68.1-58.57.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libfreebl3-32bit-3.68.1-58.57.1 libfreebl3-debuginfo-32bit-3.68.1-58.57.1 libfreebl3-hmac-32bit-3.68.1-58.57.1 libsoftokn3-32bit-3.68.1-58.57.1 libsoftokn3-debuginfo-32bit-3.68.1-58.57.1 libsoftokn3-hmac-32bit-3.68.1-58.57.1 mozilla-nss-32bit-3.68.1-58.57.1 mozilla-nss-certs-32bit-3.68.1-58.57.1 mozilla-nss-certs-debuginfo-32bit-3.68.1-58.57.1 mozilla-nss-debuginfo-32bit-3.68.1-58.57.1 mozilla-nss-sysinit-32bit-3.68.1-58.57.1 mozilla-nss-sysinit-debuginfo-32bit-3.68.1-58.57.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libfreebl3-3.68.1-58.57.1 libfreebl3-debuginfo-3.68.1-58.57.1 libfreebl3-hmac-3.68.1-58.57.1 libsoftokn3-3.68.1-58.57.1 libsoftokn3-debuginfo-3.68.1-58.57.1 libsoftokn3-hmac-3.68.1-58.57.1 mozilla-nss-3.68.1-58.57.1 mozilla-nss-certs-3.68.1-58.57.1 mozilla-nss-certs-debuginfo-3.68.1-58.57.1 mozilla-nss-debuginfo-3.68.1-58.57.1 mozilla-nss-debugsource-3.68.1-58.57.1 mozilla-nss-devel-3.68.1-58.57.1 mozilla-nss-sysinit-3.68.1-58.57.1 mozilla-nss-sysinit-debuginfo-3.68.1-58.57.1 mozilla-nss-tools-3.68.1-58.57.1 mozilla-nss-tools-debuginfo-3.68.1-58.57.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libfreebl3-32bit-3.68.1-58.57.1 libfreebl3-debuginfo-32bit-3.68.1-58.57.1 libfreebl3-hmac-32bit-3.68.1-58.57.1 libsoftokn3-32bit-3.68.1-58.57.1 libsoftokn3-debuginfo-32bit-3.68.1-58.57.1 libsoftokn3-hmac-32bit-3.68.1-58.57.1 mozilla-nss-32bit-3.68.1-58.57.1 mozilla-nss-certs-32bit-3.68.1-58.57.1 mozilla-nss-certs-debuginfo-32bit-3.68.1-58.57.1 mozilla-nss-debuginfo-32bit-3.68.1-58.57.1 mozilla-nss-sysinit-32bit-3.68.1-58.57.1 mozilla-nss-sysinit-debuginfo-32bit-3.68.1-58.57.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libfreebl3-3.68.1-58.57.1 libfreebl3-debuginfo-3.68.1-58.57.1 libfreebl3-hmac-3.68.1-58.57.1 libsoftokn3-3.68.1-58.57.1 libsoftokn3-debuginfo-3.68.1-58.57.1 libsoftokn3-hmac-3.68.1-58.57.1 mozilla-nss-3.68.1-58.57.1 mozilla-nss-certs-3.68.1-58.57.1 mozilla-nss-certs-debuginfo-3.68.1-58.57.1 mozilla-nss-debuginfo-3.68.1-58.57.1 mozilla-nss-debugsource-3.68.1-58.57.1 mozilla-nss-devel-3.68.1-58.57.1 mozilla-nss-sysinit-3.68.1-58.57.1 mozilla-nss-sysinit-debuginfo-3.68.1-58.57.1 mozilla-nss-tools-3.68.1-58.57.1 mozilla-nss-tools-debuginfo-3.68.1-58.57.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libfreebl3-32bit-3.68.1-58.57.1 libfreebl3-debuginfo-32bit-3.68.1-58.57.1 libfreebl3-hmac-32bit-3.68.1-58.57.1 libsoftokn3-32bit-3.68.1-58.57.1 libsoftokn3-debuginfo-32bit-3.68.1-58.57.1 libsoftokn3-hmac-32bit-3.68.1-58.57.1 mozilla-nss-32bit-3.68.1-58.57.1 mozilla-nss-certs-32bit-3.68.1-58.57.1 mozilla-nss-certs-debuginfo-32bit-3.68.1-58.57.1 mozilla-nss-debuginfo-32bit-3.68.1-58.57.1 mozilla-nss-sysinit-32bit-3.68.1-58.57.1 mozilla-nss-sysinit-debuginfo-32bit-3.68.1-58.57.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libfreebl3-3.68.1-58.57.1 libfreebl3-debuginfo-3.68.1-58.57.1 libfreebl3-hmac-3.68.1-58.57.1 libsoftokn3-3.68.1-58.57.1 libsoftokn3-debuginfo-3.68.1-58.57.1 libsoftokn3-hmac-3.68.1-58.57.1 mozilla-nss-3.68.1-58.57.1 mozilla-nss-certs-3.68.1-58.57.1 mozilla-nss-certs-debuginfo-3.68.1-58.57.1 mozilla-nss-debuginfo-3.68.1-58.57.1 mozilla-nss-debugsource-3.68.1-58.57.1 mozilla-nss-devel-3.68.1-58.57.1 mozilla-nss-sysinit-3.68.1-58.57.1 mozilla-nss-sysinit-debuginfo-3.68.1-58.57.1 mozilla-nss-tools-3.68.1-58.57.1 mozilla-nss-tools-debuginfo-3.68.1-58.57.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libfreebl3-32bit-3.68.1-58.57.1 libfreebl3-debuginfo-32bit-3.68.1-58.57.1 libfreebl3-hmac-32bit-3.68.1-58.57.1 libsoftokn3-32bit-3.68.1-58.57.1 libsoftokn3-debuginfo-32bit-3.68.1-58.57.1 libsoftokn3-hmac-32bit-3.68.1-58.57.1 mozilla-nss-32bit-3.68.1-58.57.1 mozilla-nss-certs-32bit-3.68.1-58.57.1 mozilla-nss-certs-debuginfo-32bit-3.68.1-58.57.1 mozilla-nss-debuginfo-32bit-3.68.1-58.57.1 mozilla-nss-sysinit-32bit-3.68.1-58.57.1 mozilla-nss-sysinit-debuginfo-32bit-3.68.1-58.57.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libfreebl3-3.68.1-58.57.1 libfreebl3-32bit-3.68.1-58.57.1 libfreebl3-debuginfo-3.68.1-58.57.1 libfreebl3-debuginfo-32bit-3.68.1-58.57.1 libfreebl3-hmac-3.68.1-58.57.1 libfreebl3-hmac-32bit-3.68.1-58.57.1 libsoftokn3-3.68.1-58.57.1 libsoftokn3-32bit-3.68.1-58.57.1 libsoftokn3-debuginfo-3.68.1-58.57.1 libsoftokn3-debuginfo-32bit-3.68.1-58.57.1 libsoftokn3-hmac-3.68.1-58.57.1 libsoftokn3-hmac-32bit-3.68.1-58.57.1 mozilla-nss-3.68.1-58.57.1 mozilla-nss-32bit-3.68.1-58.57.1 mozilla-nss-certs-3.68.1-58.57.1 mozilla-nss-certs-32bit-3.68.1-58.57.1 mozilla-nss-certs-debuginfo-3.68.1-58.57.1 mozilla-nss-certs-debuginfo-32bit-3.68.1-58.57.1 mozilla-nss-debuginfo-3.68.1-58.57.1 mozilla-nss-debuginfo-32bit-3.68.1-58.57.1 mozilla-nss-debugsource-3.68.1-58.57.1 mozilla-nss-sysinit-3.68.1-58.57.1 mozilla-nss-sysinit-32bit-3.68.1-58.57.1 mozilla-nss-sysinit-debuginfo-3.68.1-58.57.1 mozilla-nss-sysinit-debuginfo-32bit-3.68.1-58.57.1 mozilla-nss-tools-3.68.1-58.57.1 mozilla-nss-tools-debuginfo-3.68.1-58.57.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libfreebl3-3.68.1-58.57.1 libfreebl3-32bit-3.68.1-58.57.1 libfreebl3-debuginfo-3.68.1-58.57.1 libfreebl3-debuginfo-32bit-3.68.1-58.57.1 libfreebl3-hmac-3.68.1-58.57.1 libfreebl3-hmac-32bit-3.68.1-58.57.1 libsoftokn3-3.68.1-58.57.1 libsoftokn3-32bit-3.68.1-58.57.1 libsoftokn3-debuginfo-3.68.1-58.57.1 libsoftokn3-debuginfo-32bit-3.68.1-58.57.1 libsoftokn3-hmac-3.68.1-58.57.1 libsoftokn3-hmac-32bit-3.68.1-58.57.1 mozilla-nss-3.68.1-58.57.1 mozilla-nss-32bit-3.68.1-58.57.1 mozilla-nss-certs-3.68.1-58.57.1 mozilla-nss-certs-32bit-3.68.1-58.57.1 mozilla-nss-certs-debuginfo-3.68.1-58.57.1 mozilla-nss-certs-debuginfo-32bit-3.68.1-58.57.1 mozilla-nss-debuginfo-3.68.1-58.57.1 mozilla-nss-debuginfo-32bit-3.68.1-58.57.1 mozilla-nss-debugsource-3.68.1-58.57.1 mozilla-nss-sysinit-3.68.1-58.57.1 mozilla-nss-sysinit-32bit-3.68.1-58.57.1 mozilla-nss-sysinit-debuginfo-3.68.1-58.57.1 mozilla-nss-sysinit-debuginfo-32bit-3.68.1-58.57.1 mozilla-nss-tools-3.68.1-58.57.1 mozilla-nss-tools-debuginfo-3.68.1-58.57.1 - HPE Helion Openstack 8 (x86_64): libfreebl3-3.68.1-58.57.1 libfreebl3-32bit-3.68.1-58.57.1 libfreebl3-debuginfo-3.68.1-58.57.1 libfreebl3-debuginfo-32bit-3.68.1-58.57.1 libfreebl3-hmac-3.68.1-58.57.1 libfreebl3-hmac-32bit-3.68.1-58.57.1 libsoftokn3-3.68.1-58.57.1 libsoftokn3-32bit-3.68.1-58.57.1 libsoftokn3-debuginfo-3.68.1-58.57.1 libsoftokn3-debuginfo-32bit-3.68.1-58.57.1 libsoftokn3-hmac-3.68.1-58.57.1 libsoftokn3-hmac-32bit-3.68.1-58.57.1 mozilla-nss-3.68.1-58.57.1 mozilla-nss-32bit-3.68.1-58.57.1 mozilla-nss-certs-3.68.1-58.57.1 mozilla-nss-certs-32bit-3.68.1-58.57.1 mozilla-nss-certs-debuginfo-3.68.1-58.57.1 mozilla-nss-certs-debuginfo-32bit-3.68.1-58.57.1 mozilla-nss-debuginfo-3.68.1-58.57.1 mozilla-nss-debuginfo-32bit-3.68.1-58.57.1 mozilla-nss-debugsource-3.68.1-58.57.1 mozilla-nss-devel-3.68.1-58.57.1 mozilla-nss-sysinit-3.68.1-58.57.1 mozilla-nss-sysinit-32bit-3.68.1-58.57.1 mozilla-nss-sysinit-debuginfo-3.68.1-58.57.1 mozilla-nss-sysinit-debuginfo-32bit-3.68.1-58.57.1 mozilla-nss-tools-3.68.1-58.57.1 mozilla-nss-tools-debuginfo-3.68.1-58.57.1 References: https://www.suse.com/security/cve/CVE-2021-43527.html https://bugzilla.suse.com/1193170 From sle-updates at lists.suse.com Mon Dec 6 17:27:48 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Dec 2021 18:27:48 +0100 (CET) Subject: SUSE-SU-2021:3951-1: important: Security update for openssh Message-ID: <20211206172748.81B26FC9F@maintenance.suse.de> SUSE Security Update: Security update for openssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3951-1 Rating: important References: #1190975 Cross-References: CVE-2021-41617 CVSS scores: CVE-2021-41617 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-41617 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssh fixes the following issues: - CVE-2021-41617: Fixed privilege escalation when AuthorizedKeysCommand/AuthorizedPrincipalsCommand are configured (bsc#1190975). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-3951=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-3951=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-3951=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-3951=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-3951=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-3951=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-3951=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): openssh-7.2p2-74.60.1 openssh-askpass-gnome-7.2p2-74.60.1 openssh-askpass-gnome-debuginfo-7.2p2-74.60.1 openssh-debuginfo-7.2p2-74.60.1 openssh-debugsource-7.2p2-74.60.1 openssh-fips-7.2p2-74.60.1 openssh-helpers-7.2p2-74.60.1 openssh-helpers-debuginfo-7.2p2-74.60.1 - SUSE OpenStack Cloud 8 (x86_64): openssh-7.2p2-74.60.1 openssh-askpass-gnome-7.2p2-74.60.1 openssh-askpass-gnome-debuginfo-7.2p2-74.60.1 openssh-debuginfo-7.2p2-74.60.1 openssh-debugsource-7.2p2-74.60.1 openssh-fips-7.2p2-74.60.1 openssh-helpers-7.2p2-74.60.1 openssh-helpers-debuginfo-7.2p2-74.60.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): openssh-7.2p2-74.60.1 openssh-askpass-gnome-7.2p2-74.60.1 openssh-askpass-gnome-debuginfo-7.2p2-74.60.1 openssh-debuginfo-7.2p2-74.60.1 openssh-debugsource-7.2p2-74.60.1 openssh-fips-7.2p2-74.60.1 openssh-helpers-7.2p2-74.60.1 openssh-helpers-debuginfo-7.2p2-74.60.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): openssh-7.2p2-74.60.1 openssh-askpass-gnome-7.2p2-74.60.1 openssh-askpass-gnome-debuginfo-7.2p2-74.60.1 openssh-debuginfo-7.2p2-74.60.1 openssh-debugsource-7.2p2-74.60.1 openssh-fips-7.2p2-74.60.1 openssh-helpers-7.2p2-74.60.1 openssh-helpers-debuginfo-7.2p2-74.60.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): openssh-7.2p2-74.60.1 openssh-askpass-gnome-7.2p2-74.60.1 openssh-askpass-gnome-debuginfo-7.2p2-74.60.1 openssh-debuginfo-7.2p2-74.60.1 openssh-debugsource-7.2p2-74.60.1 openssh-fips-7.2p2-74.60.1 openssh-helpers-7.2p2-74.60.1 openssh-helpers-debuginfo-7.2p2-74.60.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): openssh-7.2p2-74.60.1 openssh-askpass-gnome-7.2p2-74.60.1 openssh-askpass-gnome-debuginfo-7.2p2-74.60.1 openssh-debuginfo-7.2p2-74.60.1 openssh-debugsource-7.2p2-74.60.1 openssh-fips-7.2p2-74.60.1 openssh-helpers-7.2p2-74.60.1 openssh-helpers-debuginfo-7.2p2-74.60.1 - HPE Helion Openstack 8 (x86_64): openssh-7.2p2-74.60.1 openssh-askpass-gnome-7.2p2-74.60.1 openssh-askpass-gnome-debuginfo-7.2p2-74.60.1 openssh-debuginfo-7.2p2-74.60.1 openssh-debugsource-7.2p2-74.60.1 openssh-fips-7.2p2-74.60.1 openssh-helpers-7.2p2-74.60.1 openssh-helpers-debuginfo-7.2p2-74.60.1 References: https://www.suse.com/security/cve/CVE-2021-41617.html https://bugzilla.suse.com/1190975 From sle-updates at lists.suse.com Mon Dec 6 17:29:22 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Dec 2021 18:29:22 +0100 (CET) Subject: SUSE-SU-2021:3942-1: moderate: Security update for brotli Message-ID: <20211206172922.5F445FC9F@maintenance.suse.de> SUSE Security Update: Security update for brotli ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3942-1 Rating: moderate References: #1175825 Cross-References: CVE-2020-8927 CVSS scores: CVE-2020-8927 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L CVE-2020-8927 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for brotli fixes the following issues: - CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3942=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3942=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): brotli-debuginfo-1.0.7-3.3.1 brotli-debugsource-1.0.7-3.3.1 libbrotli-devel-1.0.7-3.3.1 libbrotlicommon1-1.0.7-3.3.1 libbrotlicommon1-debuginfo-1.0.7-3.3.1 libbrotlidec1-1.0.7-3.3.1 libbrotlidec1-debuginfo-1.0.7-3.3.1 libbrotlienc1-1.0.7-3.3.1 libbrotlienc1-debuginfo-1.0.7-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): brotli-debuginfo-1.0.7-3.3.1 brotli-debugsource-1.0.7-3.3.1 libbrotli-devel-1.0.7-3.3.1 libbrotlicommon1-1.0.7-3.3.1 libbrotlicommon1-debuginfo-1.0.7-3.3.1 libbrotlidec1-1.0.7-3.3.1 libbrotlidec1-debuginfo-1.0.7-3.3.1 libbrotlienc1-1.0.7-3.3.1 libbrotlienc1-debuginfo-1.0.7-3.3.1 References: https://www.suse.com/security/cve/CVE-2020-8927.html https://bugzilla.suse.com/1175825 From sle-updates at lists.suse.com Mon Dec 6 17:35:00 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Dec 2021 18:35:00 +0100 (CET) Subject: SUSE-SU-2021:3934-1: important: Security update for mozilla-nss Message-ID: <20211206173500.72214FC9F@maintenance.suse.de> SUSE Security Update: Security update for mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3934-1 Rating: important References: #1193170 Cross-References: CVE-2021-43527 CVSS scores: CVE-2021-43527 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE MicroOS 5.1 SUSE MicroOS 5.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for mozilla-nss fixes the following issues: Update to version 3.68.1: - CVE-2021-43527: Fixed a Heap overflow in NSS when verifying DER-encoded DSA or RSA-PSS signatures (bsc#1193170). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-3934=1 - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-3934=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-3934=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-3934=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-3934=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-3934=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-3934=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-3934=1 - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-3934=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3934=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3934=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-3934=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-3934=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3934=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3934=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-3934=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE MicroOS 5.1 (aarch64 s390x x86_64): libfreebl3-3.68.1-3.61.1 libfreebl3-debuginfo-3.68.1-3.61.1 libfreebl3-hmac-3.68.1-3.61.1 libsoftokn3-3.68.1-3.61.1 libsoftokn3-debuginfo-3.68.1-3.61.1 libsoftokn3-hmac-3.68.1-3.61.1 mozilla-nss-3.68.1-3.61.1 mozilla-nss-certs-3.68.1-3.61.1 mozilla-nss-certs-debuginfo-3.68.1-3.61.1 mozilla-nss-debuginfo-3.68.1-3.61.1 mozilla-nss-debugsource-3.68.1-3.61.1 mozilla-nss-tools-3.68.1-3.61.1 mozilla-nss-tools-debuginfo-3.68.1-3.61.1 - SUSE MicroOS 5.0 (aarch64 x86_64): libfreebl3-3.68.1-3.61.1 libfreebl3-debuginfo-3.68.1-3.61.1 libsoftokn3-3.68.1-3.61.1 libsoftokn3-debuginfo-3.68.1-3.61.1 mozilla-nss-3.68.1-3.61.1 mozilla-nss-certs-3.68.1-3.61.1 mozilla-nss-certs-debuginfo-3.68.1-3.61.1 mozilla-nss-debuginfo-3.68.1-3.61.1 mozilla-nss-debugsource-3.68.1-3.61.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libfreebl3-3.68.1-3.61.1 libfreebl3-debuginfo-3.68.1-3.61.1 libfreebl3-hmac-3.68.1-3.61.1 libsoftokn3-3.68.1-3.61.1 libsoftokn3-debuginfo-3.68.1-3.61.1 libsoftokn3-hmac-3.68.1-3.61.1 mozilla-nss-3.68.1-3.61.1 mozilla-nss-certs-3.68.1-3.61.1 mozilla-nss-certs-debuginfo-3.68.1-3.61.1 mozilla-nss-debuginfo-3.68.1-3.61.1 mozilla-nss-debugsource-3.68.1-3.61.1 mozilla-nss-devel-3.68.1-3.61.1 mozilla-nss-sysinit-3.68.1-3.61.1 mozilla-nss-sysinit-debuginfo-3.68.1-3.61.1 mozilla-nss-tools-3.68.1-3.61.1 mozilla-nss-tools-debuginfo-3.68.1-3.61.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libfreebl3-32bit-3.68.1-3.61.1 libfreebl3-32bit-debuginfo-3.68.1-3.61.1 libfreebl3-hmac-32bit-3.68.1-3.61.1 libsoftokn3-32bit-3.68.1-3.61.1 libsoftokn3-32bit-debuginfo-3.68.1-3.61.1 libsoftokn3-hmac-32bit-3.68.1-3.61.1 mozilla-nss-32bit-3.68.1-3.61.1 mozilla-nss-32bit-debuginfo-3.68.1-3.61.1 mozilla-nss-certs-32bit-3.68.1-3.61.1 mozilla-nss-certs-32bit-debuginfo-3.68.1-3.61.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libfreebl3-3.68.1-3.61.1 libfreebl3-debuginfo-3.68.1-3.61.1 libfreebl3-hmac-3.68.1-3.61.1 libsoftokn3-3.68.1-3.61.1 libsoftokn3-debuginfo-3.68.1-3.61.1 libsoftokn3-hmac-3.68.1-3.61.1 mozilla-nss-3.68.1-3.61.1 mozilla-nss-certs-3.68.1-3.61.1 mozilla-nss-certs-debuginfo-3.68.1-3.61.1 mozilla-nss-debuginfo-3.68.1-3.61.1 mozilla-nss-debugsource-3.68.1-3.61.1 mozilla-nss-devel-3.68.1-3.61.1 mozilla-nss-sysinit-3.68.1-3.61.1 mozilla-nss-sysinit-debuginfo-3.68.1-3.61.1 mozilla-nss-tools-3.68.1-3.61.1 mozilla-nss-tools-debuginfo-3.68.1-3.61.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libfreebl3-32bit-3.68.1-3.61.1 libfreebl3-32bit-debuginfo-3.68.1-3.61.1 libfreebl3-hmac-32bit-3.68.1-3.61.1 libsoftokn3-32bit-3.68.1-3.61.1 libsoftokn3-32bit-debuginfo-3.68.1-3.61.1 libsoftokn3-hmac-32bit-3.68.1-3.61.1 mozilla-nss-32bit-3.68.1-3.61.1 mozilla-nss-32bit-debuginfo-3.68.1-3.61.1 mozilla-nss-certs-32bit-3.68.1-3.61.1 mozilla-nss-certs-32bit-debuginfo-3.68.1-3.61.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libfreebl3-3.68.1-3.61.1 libfreebl3-debuginfo-3.68.1-3.61.1 libfreebl3-hmac-3.68.1-3.61.1 libsoftokn3-3.68.1-3.61.1 libsoftokn3-debuginfo-3.68.1-3.61.1 libsoftokn3-hmac-3.68.1-3.61.1 mozilla-nss-3.68.1-3.61.1 mozilla-nss-certs-3.68.1-3.61.1 mozilla-nss-certs-debuginfo-3.68.1-3.61.1 mozilla-nss-debuginfo-3.68.1-3.61.1 mozilla-nss-debugsource-3.68.1-3.61.1 mozilla-nss-devel-3.68.1-3.61.1 mozilla-nss-sysinit-3.68.1-3.61.1 mozilla-nss-sysinit-debuginfo-3.68.1-3.61.1 mozilla-nss-tools-3.68.1-3.61.1 mozilla-nss-tools-debuginfo-3.68.1-3.61.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libfreebl3-32bit-3.68.1-3.61.1 libfreebl3-32bit-debuginfo-3.68.1-3.61.1 libfreebl3-hmac-32bit-3.68.1-3.61.1 libsoftokn3-32bit-3.68.1-3.61.1 libsoftokn3-32bit-debuginfo-3.68.1-3.61.1 libsoftokn3-hmac-32bit-3.68.1-3.61.1 mozilla-nss-32bit-3.68.1-3.61.1 mozilla-nss-32bit-debuginfo-3.68.1-3.61.1 mozilla-nss-certs-32bit-3.68.1-3.61.1 mozilla-nss-certs-32bit-debuginfo-3.68.1-3.61.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libfreebl3-3.68.1-3.61.1 libfreebl3-32bit-3.68.1-3.61.1 libfreebl3-32bit-debuginfo-3.68.1-3.61.1 libfreebl3-debuginfo-3.68.1-3.61.1 libfreebl3-hmac-3.68.1-3.61.1 libfreebl3-hmac-32bit-3.68.1-3.61.1 libsoftokn3-3.68.1-3.61.1 libsoftokn3-32bit-3.68.1-3.61.1 libsoftokn3-32bit-debuginfo-3.68.1-3.61.1 libsoftokn3-debuginfo-3.68.1-3.61.1 libsoftokn3-hmac-3.68.1-3.61.1 libsoftokn3-hmac-32bit-3.68.1-3.61.1 mozilla-nss-3.68.1-3.61.1 mozilla-nss-32bit-3.68.1-3.61.1 mozilla-nss-32bit-debuginfo-3.68.1-3.61.1 mozilla-nss-certs-3.68.1-3.61.1 mozilla-nss-certs-32bit-3.68.1-3.61.1 mozilla-nss-certs-32bit-debuginfo-3.68.1-3.61.1 mozilla-nss-certs-debuginfo-3.68.1-3.61.1 mozilla-nss-debuginfo-3.68.1-3.61.1 mozilla-nss-debugsource-3.68.1-3.61.1 mozilla-nss-devel-3.68.1-3.61.1 mozilla-nss-sysinit-3.68.1-3.61.1 mozilla-nss-sysinit-debuginfo-3.68.1-3.61.1 mozilla-nss-tools-3.68.1-3.61.1 mozilla-nss-tools-debuginfo-3.68.1-3.61.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libfreebl3-3.68.1-3.61.1 libfreebl3-debuginfo-3.68.1-3.61.1 libfreebl3-hmac-3.68.1-3.61.1 libsoftokn3-3.68.1-3.61.1 libsoftokn3-debuginfo-3.68.1-3.61.1 libsoftokn3-hmac-3.68.1-3.61.1 mozilla-nss-3.68.1-3.61.1 mozilla-nss-certs-3.68.1-3.61.1 mozilla-nss-certs-debuginfo-3.68.1-3.61.1 mozilla-nss-debuginfo-3.68.1-3.61.1 mozilla-nss-debugsource-3.68.1-3.61.1 mozilla-nss-devel-3.68.1-3.61.1 mozilla-nss-sysinit-3.68.1-3.61.1 mozilla-nss-sysinit-debuginfo-3.68.1-3.61.1 mozilla-nss-tools-3.68.1-3.61.1 mozilla-nss-tools-debuginfo-3.68.1-3.61.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libfreebl3-hmac-3.68.1-3.61.1 libsoftokn3-hmac-3.68.1-3.61.1 mozilla-nss-debuginfo-3.68.1-3.61.1 mozilla-nss-debugsource-3.68.1-3.61.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): libfreebl3-hmac-3.68.1-3.61.1 libsoftokn3-hmac-3.68.1-3.61.1 mozilla-nss-debuginfo-3.68.1-3.61.1 mozilla-nss-debugsource-3.68.1-3.61.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libfreebl3-3.68.1-3.61.1 libfreebl3-debuginfo-3.68.1-3.61.1 libfreebl3-hmac-3.68.1-3.61.1 libsoftokn3-3.68.1-3.61.1 libsoftokn3-debuginfo-3.68.1-3.61.1 libsoftokn3-hmac-3.68.1-3.61.1 mozilla-nss-3.68.1-3.61.1 mozilla-nss-certs-3.68.1-3.61.1 mozilla-nss-certs-debuginfo-3.68.1-3.61.1 mozilla-nss-debuginfo-3.68.1-3.61.1 mozilla-nss-debugsource-3.68.1-3.61.1 mozilla-nss-devel-3.68.1-3.61.1 mozilla-nss-sysinit-3.68.1-3.61.1 mozilla-nss-sysinit-debuginfo-3.68.1-3.61.1 mozilla-nss-tools-3.68.1-3.61.1 mozilla-nss-tools-debuginfo-3.68.1-3.61.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libfreebl3-32bit-3.68.1-3.61.1 libfreebl3-32bit-debuginfo-3.68.1-3.61.1 libfreebl3-hmac-32bit-3.68.1-3.61.1 libsoftokn3-32bit-3.68.1-3.61.1 libsoftokn3-32bit-debuginfo-3.68.1-3.61.1 libsoftokn3-hmac-32bit-3.68.1-3.61.1 mozilla-nss-32bit-3.68.1-3.61.1 mozilla-nss-32bit-debuginfo-3.68.1-3.61.1 mozilla-nss-certs-32bit-3.68.1-3.61.1 mozilla-nss-certs-32bit-debuginfo-3.68.1-3.61.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libfreebl3-3.68.1-3.61.1 libfreebl3-debuginfo-3.68.1-3.61.1 libfreebl3-hmac-3.68.1-3.61.1 libsoftokn3-3.68.1-3.61.1 libsoftokn3-debuginfo-3.68.1-3.61.1 libsoftokn3-hmac-3.68.1-3.61.1 mozilla-nss-3.68.1-3.61.1 mozilla-nss-certs-3.68.1-3.61.1 mozilla-nss-certs-debuginfo-3.68.1-3.61.1 mozilla-nss-debuginfo-3.68.1-3.61.1 mozilla-nss-debugsource-3.68.1-3.61.1 mozilla-nss-devel-3.68.1-3.61.1 mozilla-nss-sysinit-3.68.1-3.61.1 mozilla-nss-sysinit-debuginfo-3.68.1-3.61.1 mozilla-nss-tools-3.68.1-3.61.1 mozilla-nss-tools-debuginfo-3.68.1-3.61.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libfreebl3-32bit-3.68.1-3.61.1 libfreebl3-32bit-debuginfo-3.68.1-3.61.1 libfreebl3-hmac-32bit-3.68.1-3.61.1 libsoftokn3-32bit-3.68.1-3.61.1 libsoftokn3-32bit-debuginfo-3.68.1-3.61.1 libsoftokn3-hmac-32bit-3.68.1-3.61.1 mozilla-nss-32bit-3.68.1-3.61.1 mozilla-nss-32bit-debuginfo-3.68.1-3.61.1 mozilla-nss-certs-32bit-3.68.1-3.61.1 mozilla-nss-certs-32bit-debuginfo-3.68.1-3.61.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libfreebl3-3.68.1-3.61.1 libfreebl3-debuginfo-3.68.1-3.61.1 libfreebl3-hmac-3.68.1-3.61.1 libsoftokn3-3.68.1-3.61.1 libsoftokn3-debuginfo-3.68.1-3.61.1 libsoftokn3-hmac-3.68.1-3.61.1 mozilla-nss-3.68.1-3.61.1 mozilla-nss-certs-3.68.1-3.61.1 mozilla-nss-certs-debuginfo-3.68.1-3.61.1 mozilla-nss-debuginfo-3.68.1-3.61.1 mozilla-nss-debugsource-3.68.1-3.61.1 mozilla-nss-devel-3.68.1-3.61.1 mozilla-nss-sysinit-3.68.1-3.61.1 mozilla-nss-sysinit-debuginfo-3.68.1-3.61.1 mozilla-nss-tools-3.68.1-3.61.1 mozilla-nss-tools-debuginfo-3.68.1-3.61.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libfreebl3-32bit-3.68.1-3.61.1 libfreebl3-32bit-debuginfo-3.68.1-3.61.1 libfreebl3-hmac-32bit-3.68.1-3.61.1 libsoftokn3-32bit-3.68.1-3.61.1 libsoftokn3-32bit-debuginfo-3.68.1-3.61.1 libsoftokn3-hmac-32bit-3.68.1-3.61.1 mozilla-nss-32bit-3.68.1-3.61.1 mozilla-nss-32bit-debuginfo-3.68.1-3.61.1 mozilla-nss-certs-32bit-3.68.1-3.61.1 mozilla-nss-certs-32bit-debuginfo-3.68.1-3.61.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libfreebl3-3.68.1-3.61.1 libfreebl3-debuginfo-3.68.1-3.61.1 libfreebl3-hmac-3.68.1-3.61.1 libsoftokn3-3.68.1-3.61.1 libsoftokn3-debuginfo-3.68.1-3.61.1 libsoftokn3-hmac-3.68.1-3.61.1 mozilla-nss-3.68.1-3.61.1 mozilla-nss-certs-3.68.1-3.61.1 mozilla-nss-certs-debuginfo-3.68.1-3.61.1 mozilla-nss-debuginfo-3.68.1-3.61.1 mozilla-nss-debugsource-3.68.1-3.61.1 mozilla-nss-devel-3.68.1-3.61.1 mozilla-nss-sysinit-3.68.1-3.61.1 mozilla-nss-sysinit-debuginfo-3.68.1-3.61.1 mozilla-nss-tools-3.68.1-3.61.1 mozilla-nss-tools-debuginfo-3.68.1-3.61.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libfreebl3-32bit-3.68.1-3.61.1 libfreebl3-32bit-debuginfo-3.68.1-3.61.1 libfreebl3-hmac-32bit-3.68.1-3.61.1 libsoftokn3-32bit-3.68.1-3.61.1 libsoftokn3-32bit-debuginfo-3.68.1-3.61.1 libsoftokn3-hmac-32bit-3.68.1-3.61.1 mozilla-nss-32bit-3.68.1-3.61.1 mozilla-nss-32bit-debuginfo-3.68.1-3.61.1 mozilla-nss-certs-32bit-3.68.1-3.61.1 mozilla-nss-certs-32bit-debuginfo-3.68.1-3.61.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libfreebl3-3.68.1-3.61.1 libfreebl3-debuginfo-3.68.1-3.61.1 libfreebl3-hmac-3.68.1-3.61.1 libsoftokn3-3.68.1-3.61.1 libsoftokn3-debuginfo-3.68.1-3.61.1 libsoftokn3-hmac-3.68.1-3.61.1 mozilla-nss-3.68.1-3.61.1 mozilla-nss-certs-3.68.1-3.61.1 mozilla-nss-certs-debuginfo-3.68.1-3.61.1 mozilla-nss-debuginfo-3.68.1-3.61.1 mozilla-nss-debugsource-3.68.1-3.61.1 mozilla-nss-devel-3.68.1-3.61.1 mozilla-nss-sysinit-3.68.1-3.61.1 mozilla-nss-sysinit-debuginfo-3.68.1-3.61.1 mozilla-nss-tools-3.68.1-3.61.1 mozilla-nss-tools-debuginfo-3.68.1-3.61.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libfreebl3-32bit-3.68.1-3.61.1 libfreebl3-32bit-debuginfo-3.68.1-3.61.1 libfreebl3-hmac-32bit-3.68.1-3.61.1 libsoftokn3-32bit-3.68.1-3.61.1 libsoftokn3-32bit-debuginfo-3.68.1-3.61.1 libsoftokn3-hmac-32bit-3.68.1-3.61.1 mozilla-nss-32bit-3.68.1-3.61.1 mozilla-nss-32bit-debuginfo-3.68.1-3.61.1 mozilla-nss-certs-32bit-3.68.1-3.61.1 mozilla-nss-certs-32bit-debuginfo-3.68.1-3.61.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libfreebl3-3.68.1-3.61.1 libfreebl3-debuginfo-3.68.1-3.61.1 libfreebl3-hmac-3.68.1-3.61.1 libsoftokn3-3.68.1-3.61.1 libsoftokn3-debuginfo-3.68.1-3.61.1 libsoftokn3-hmac-3.68.1-3.61.1 mozilla-nss-3.68.1-3.61.1 mozilla-nss-certs-3.68.1-3.61.1 mozilla-nss-certs-debuginfo-3.68.1-3.61.1 mozilla-nss-debuginfo-3.68.1-3.61.1 mozilla-nss-debugsource-3.68.1-3.61.1 mozilla-nss-devel-3.68.1-3.61.1 mozilla-nss-sysinit-3.68.1-3.61.1 mozilla-nss-sysinit-debuginfo-3.68.1-3.61.1 mozilla-nss-tools-3.68.1-3.61.1 mozilla-nss-tools-debuginfo-3.68.1-3.61.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libfreebl3-32bit-3.68.1-3.61.1 libfreebl3-32bit-debuginfo-3.68.1-3.61.1 libfreebl3-hmac-32bit-3.68.1-3.61.1 libsoftokn3-32bit-3.68.1-3.61.1 libsoftokn3-32bit-debuginfo-3.68.1-3.61.1 libsoftokn3-hmac-32bit-3.68.1-3.61.1 mozilla-nss-32bit-3.68.1-3.61.1 mozilla-nss-32bit-debuginfo-3.68.1-3.61.1 mozilla-nss-certs-32bit-3.68.1-3.61.1 mozilla-nss-certs-32bit-debuginfo-3.68.1-3.61.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libfreebl3-3.68.1-3.61.1 libfreebl3-debuginfo-3.68.1-3.61.1 libfreebl3-hmac-3.68.1-3.61.1 libsoftokn3-3.68.1-3.61.1 libsoftokn3-debuginfo-3.68.1-3.61.1 libsoftokn3-hmac-3.68.1-3.61.1 mozilla-nss-3.68.1-3.61.1 mozilla-nss-certs-3.68.1-3.61.1 mozilla-nss-certs-debuginfo-3.68.1-3.61.1 mozilla-nss-debuginfo-3.68.1-3.61.1 mozilla-nss-debugsource-3.68.1-3.61.1 mozilla-nss-devel-3.68.1-3.61.1 mozilla-nss-sysinit-3.68.1-3.61.1 mozilla-nss-sysinit-debuginfo-3.68.1-3.61.1 mozilla-nss-tools-3.68.1-3.61.1 mozilla-nss-tools-debuginfo-3.68.1-3.61.1 - SUSE Enterprise Storage 6 (x86_64): libfreebl3-32bit-3.68.1-3.61.1 libfreebl3-32bit-debuginfo-3.68.1-3.61.1 libfreebl3-hmac-32bit-3.68.1-3.61.1 libsoftokn3-32bit-3.68.1-3.61.1 libsoftokn3-32bit-debuginfo-3.68.1-3.61.1 libsoftokn3-hmac-32bit-3.68.1-3.61.1 mozilla-nss-32bit-3.68.1-3.61.1 mozilla-nss-32bit-debuginfo-3.68.1-3.61.1 mozilla-nss-certs-32bit-3.68.1-3.61.1 mozilla-nss-certs-32bit-debuginfo-3.68.1-3.61.1 - SUSE CaaS Platform 4.0 (x86_64): libfreebl3-3.68.1-3.61.1 libfreebl3-32bit-3.68.1-3.61.1 libfreebl3-32bit-debuginfo-3.68.1-3.61.1 libfreebl3-debuginfo-3.68.1-3.61.1 libfreebl3-hmac-3.68.1-3.61.1 libfreebl3-hmac-32bit-3.68.1-3.61.1 libsoftokn3-3.68.1-3.61.1 libsoftokn3-32bit-3.68.1-3.61.1 libsoftokn3-32bit-debuginfo-3.68.1-3.61.1 libsoftokn3-debuginfo-3.68.1-3.61.1 libsoftokn3-hmac-3.68.1-3.61.1 libsoftokn3-hmac-32bit-3.68.1-3.61.1 mozilla-nss-3.68.1-3.61.1 mozilla-nss-32bit-3.68.1-3.61.1 mozilla-nss-32bit-debuginfo-3.68.1-3.61.1 mozilla-nss-certs-3.68.1-3.61.1 mozilla-nss-certs-32bit-3.68.1-3.61.1 mozilla-nss-certs-32bit-debuginfo-3.68.1-3.61.1 mozilla-nss-certs-debuginfo-3.68.1-3.61.1 mozilla-nss-debuginfo-3.68.1-3.61.1 mozilla-nss-debugsource-3.68.1-3.61.1 mozilla-nss-devel-3.68.1-3.61.1 mozilla-nss-sysinit-3.68.1-3.61.1 mozilla-nss-sysinit-debuginfo-3.68.1-3.61.1 mozilla-nss-tools-3.68.1-3.61.1 mozilla-nss-tools-debuginfo-3.68.1-3.61.1 References: https://www.suse.com/security/cve/CVE-2021-43527.html https://bugzilla.suse.com/1193170 From sle-updates at lists.suse.com Mon Dec 6 17:36:27 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Dec 2021 18:36:27 +0100 (CET) Subject: SUSE-SU-2021:3944-1: important: Security update for glib-networking Message-ID: <20211206173627.950EEFC9F@maintenance.suse.de> SUSE Security Update: Security update for glib-networking ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3944-1 Rating: important References: #1172460 Cross-References: CVE-2020-13645 CVSS scores: CVE-2020-13645 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2020-13645 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: SUSE MicroOS 5.1 SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for glib-networking fixes the following issues: Update to version 2.62.4: - CVE-2020-13645: Fixed a connection failure when the server identity is unset (bsc#1172460). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-3944=1 - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-3944=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3944=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3944=1 Package List: - SUSE MicroOS 5.1 (aarch64 s390x x86_64): glib-networking-2.62.4-3.3.1 glib-networking-debuginfo-2.62.4-3.3.1 glib-networking-debugsource-2.62.4-3.3.1 - SUSE MicroOS 5.0 (aarch64 x86_64): glib-networking-2.62.4-3.3.1 glib-networking-debuginfo-2.62.4-3.3.1 glib-networking-debugsource-2.62.4-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): glib-networking-2.62.4-3.3.1 glib-networking-debuginfo-2.62.4-3.3.1 glib-networking-debugsource-2.62.4-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): glib-networking-lang-2.62.4-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): glib-networking-2.62.4-3.3.1 glib-networking-debuginfo-2.62.4-3.3.1 glib-networking-debugsource-2.62.4-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): glib-networking-lang-2.62.4-3.3.1 References: https://www.suse.com/security/cve/CVE-2020-13645.html https://bugzilla.suse.com/1172460 From sle-updates at lists.suse.com Mon Dec 6 17:39:08 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Dec 2021 18:39:08 +0100 (CET) Subject: SUSE-SU-2021:3948-1: moderate: Security update for mariadb Message-ID: <20211206173908.758C2FC9F@maintenance.suse.de> SUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3948-1 Rating: moderate References: #1173028 #1186031 #1192497 Cross-References: CVE-2021-35604 CVSS scores: CVE-2021-35604 (NVD) : 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H CVE-2021-35604 (SUSE): 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H Affected Products: SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for mariadb fixes the following issue: - Update to 10.2.41: - CVE-2021-35604: Fixed InnoDB vulnerability that allowed an high privileged attacker with network access via multiple protocols to compromise MySQL (bsc#1192497). - Add missing dependency to liblz4 to enable lz4 compression for INNODB (bsc#1186031). - Add a 'mysql-user.conf' file to let 'systemd' generate mysql user in containers. (bsc#1173028) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-3948=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-3948=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-3948=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-3948=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-3948=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-3948=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-3948=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3948=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3948=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-3948=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libmysqld-devel-10.2.41-3.48.1 libmysqld19-10.2.41-3.48.1 libmysqld19-debuginfo-10.2.41-3.48.1 mariadb-10.2.41-3.48.1 mariadb-client-10.2.41-3.48.1 mariadb-client-debuginfo-10.2.41-3.48.1 mariadb-debuginfo-10.2.41-3.48.1 mariadb-debugsource-10.2.41-3.48.1 mariadb-tools-10.2.41-3.48.1 mariadb-tools-debuginfo-10.2.41-3.48.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): mariadb-errormessages-10.2.41-3.48.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libmysqld-devel-10.2.41-3.48.1 libmysqld19-10.2.41-3.48.1 libmysqld19-debuginfo-10.2.41-3.48.1 mariadb-10.2.41-3.48.1 mariadb-client-10.2.41-3.48.1 mariadb-client-debuginfo-10.2.41-3.48.1 mariadb-debuginfo-10.2.41-3.48.1 mariadb-debugsource-10.2.41-3.48.1 mariadb-tools-10.2.41-3.48.1 mariadb-tools-debuginfo-10.2.41-3.48.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): mariadb-errormessages-10.2.41-3.48.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libmysqld-devel-10.2.41-3.48.1 libmysqld19-10.2.41-3.48.1 libmysqld19-debuginfo-10.2.41-3.48.1 mariadb-10.2.41-3.48.1 mariadb-client-10.2.41-3.48.1 mariadb-client-debuginfo-10.2.41-3.48.1 mariadb-debuginfo-10.2.41-3.48.1 mariadb-debugsource-10.2.41-3.48.1 mariadb-tools-10.2.41-3.48.1 mariadb-tools-debuginfo-10.2.41-3.48.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): mariadb-errormessages-10.2.41-3.48.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libmysqld-devel-10.2.41-3.48.1 libmysqld19-10.2.41-3.48.1 libmysqld19-debuginfo-10.2.41-3.48.1 mariadb-10.2.41-3.48.1 mariadb-client-10.2.41-3.48.1 mariadb-client-debuginfo-10.2.41-3.48.1 mariadb-debuginfo-10.2.41-3.48.1 mariadb-debugsource-10.2.41-3.48.1 mariadb-tools-10.2.41-3.48.1 mariadb-tools-debuginfo-10.2.41-3.48.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): mariadb-errormessages-10.2.41-3.48.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libmysqld-devel-10.2.41-3.48.1 libmysqld19-10.2.41-3.48.1 libmysqld19-debuginfo-10.2.41-3.48.1 mariadb-10.2.41-3.48.1 mariadb-client-10.2.41-3.48.1 mariadb-client-debuginfo-10.2.41-3.48.1 mariadb-debuginfo-10.2.41-3.48.1 mariadb-debugsource-10.2.41-3.48.1 mariadb-tools-10.2.41-3.48.1 mariadb-tools-debuginfo-10.2.41-3.48.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): mariadb-errormessages-10.2.41-3.48.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libmysqld-devel-10.2.41-3.48.1 libmysqld19-10.2.41-3.48.1 libmysqld19-debuginfo-10.2.41-3.48.1 mariadb-10.2.41-3.48.1 mariadb-client-10.2.41-3.48.1 mariadb-client-debuginfo-10.2.41-3.48.1 mariadb-debuginfo-10.2.41-3.48.1 mariadb-debugsource-10.2.41-3.48.1 mariadb-tools-10.2.41-3.48.1 mariadb-tools-debuginfo-10.2.41-3.48.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): mariadb-errormessages-10.2.41-3.48.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libmysqld-devel-10.2.41-3.48.1 libmysqld19-10.2.41-3.48.1 libmysqld19-debuginfo-10.2.41-3.48.1 mariadb-10.2.41-3.48.1 mariadb-client-10.2.41-3.48.1 mariadb-client-debuginfo-10.2.41-3.48.1 mariadb-debuginfo-10.2.41-3.48.1 mariadb-debugsource-10.2.41-3.48.1 mariadb-tools-10.2.41-3.48.1 mariadb-tools-debuginfo-10.2.41-3.48.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): mariadb-errormessages-10.2.41-3.48.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libmysqld-devel-10.2.41-3.48.1 libmysqld19-10.2.41-3.48.1 libmysqld19-debuginfo-10.2.41-3.48.1 mariadb-10.2.41-3.48.1 mariadb-client-10.2.41-3.48.1 mariadb-client-debuginfo-10.2.41-3.48.1 mariadb-debuginfo-10.2.41-3.48.1 mariadb-debugsource-10.2.41-3.48.1 mariadb-tools-10.2.41-3.48.1 mariadb-tools-debuginfo-10.2.41-3.48.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): mariadb-errormessages-10.2.41-3.48.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libmysqld-devel-10.2.41-3.48.1 libmysqld19-10.2.41-3.48.1 libmysqld19-debuginfo-10.2.41-3.48.1 mariadb-10.2.41-3.48.1 mariadb-client-10.2.41-3.48.1 mariadb-client-debuginfo-10.2.41-3.48.1 mariadb-debuginfo-10.2.41-3.48.1 mariadb-debugsource-10.2.41-3.48.1 mariadb-tools-10.2.41-3.48.1 mariadb-tools-debuginfo-10.2.41-3.48.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): mariadb-errormessages-10.2.41-3.48.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libmysqld-devel-10.2.41-3.48.1 libmysqld19-10.2.41-3.48.1 libmysqld19-debuginfo-10.2.41-3.48.1 mariadb-10.2.41-3.48.1 mariadb-client-10.2.41-3.48.1 mariadb-client-debuginfo-10.2.41-3.48.1 mariadb-debuginfo-10.2.41-3.48.1 mariadb-debugsource-10.2.41-3.48.1 mariadb-tools-10.2.41-3.48.1 mariadb-tools-debuginfo-10.2.41-3.48.1 - SUSE Enterprise Storage 6 (noarch): mariadb-errormessages-10.2.41-3.48.1 - SUSE CaaS Platform 4.0 (noarch): mariadb-errormessages-10.2.41-3.48.1 - SUSE CaaS Platform 4.0 (x86_64): libmysqld-devel-10.2.41-3.48.1 libmysqld19-10.2.41-3.48.1 libmysqld19-debuginfo-10.2.41-3.48.1 mariadb-10.2.41-3.48.1 mariadb-client-10.2.41-3.48.1 mariadb-client-debuginfo-10.2.41-3.48.1 mariadb-debuginfo-10.2.41-3.48.1 mariadb-debugsource-10.2.41-3.48.1 mariadb-tools-10.2.41-3.48.1 mariadb-tools-debuginfo-10.2.41-3.48.1 References: https://www.suse.com/security/cve/CVE-2021-35604.html https://bugzilla.suse.com/1173028 https://bugzilla.suse.com/1186031 https://bugzilla.suse.com/1192497 From sle-updates at lists.suse.com Mon Dec 6 17:40:43 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Dec 2021 18:40:43 +0100 (CET) Subject: SUSE-SU-2021:3940-1: important: Security update for nodejs12 Message-ID: <20211206174043.3312CFD0A@maintenance.suse.de> SUSE Security Update: Security update for nodejs12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3940-1 Rating: important References: #1190053 #1190054 #1190055 #1190056 #1190057 #1191601 #1191602 Cross-References: CVE-2021-22959 CVE-2021-22960 CVE-2021-37701 CVE-2021-37712 CVE-2021-37713 CVE-2021-39134 CVE-2021-39135 CVSS scores: CVE-2021-22959 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2021-22959 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-22960 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-37701 (NVD) : 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N CVE-2021-37701 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-37712 (NVD) : 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N CVE-2021-37712 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-39134 (NVD) : 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N CVE-2021-39134 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-39135 (NVD) : 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise Module for Web Scripting 15-SP3 SUSE Linux Enterprise Module for Web Scripting 15-SP2 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for nodejs12 fixes the following issues: - CVE-2021-22959: Fixed HTTP Request Smuggling due to spaced in headers (bsc#1191601). - CVE-2021-22960: Fixed HTTP Request Smuggling when parsing the body (bsc#1191602). - CVE-2021-37701: Fixed arbitrary file creation and overwrite in nodejs-tar (bsc#1190057). - CVE-2021-37712: Fixed arbitrary file creation and overwrite in nodejs-tar (bsc#1190056). - CVE-2021-37713: Fixed arbitrary code execution and file creation and overwrite in nodejs-tar (bsc#1190055). - CVE-2021-39134: Fixed symling following vulnerability in nodejs-arborist (bsc#1190054). - CVE-2021-39135: Fixed symling following vulnerability in nodejs-arborist (bsc#1190053). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP3: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP3-2021-3940=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP2: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP2-2021-3940=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (aarch64 ppc64le s390x x86_64): nodejs12-12.22.7-4.22.1 nodejs12-debuginfo-12.22.7-4.22.1 nodejs12-debugsource-12.22.7-4.22.1 nodejs12-devel-12.22.7-4.22.1 npm12-12.22.7-4.22.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (noarch): nodejs12-docs-12.22.7-4.22.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP2 (aarch64 ppc64le s390x x86_64): nodejs12-12.22.7-4.22.1 nodejs12-debuginfo-12.22.7-4.22.1 nodejs12-debugsource-12.22.7-4.22.1 nodejs12-devel-12.22.7-4.22.1 npm12-12.22.7-4.22.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP2 (noarch): nodejs12-docs-12.22.7-4.22.1 References: https://www.suse.com/security/cve/CVE-2021-22959.html https://www.suse.com/security/cve/CVE-2021-22960.html https://www.suse.com/security/cve/CVE-2021-37701.html https://www.suse.com/security/cve/CVE-2021-37712.html https://www.suse.com/security/cve/CVE-2021-37713.html https://www.suse.com/security/cve/CVE-2021-39134.html https://www.suse.com/security/cve/CVE-2021-39135.html https://bugzilla.suse.com/1190053 https://bugzilla.suse.com/1190054 https://bugzilla.suse.com/1190055 https://bugzilla.suse.com/1190056 https://bugzilla.suse.com/1190057 https://bugzilla.suse.com/1191601 https://bugzilla.suse.com/1191602 From sle-updates at lists.suse.com Mon Dec 6 17:55:18 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Dec 2021 18:55:18 +0100 (CET) Subject: SUSE-SU-2021:3947-1: important: Security update for openssh Message-ID: <20211206175518.A8414FC9F@maintenance.suse.de> SUSE Security Update: Security update for openssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3947-1 Rating: important References: #1190975 Cross-References: CVE-2021-41617 CVSS scores: CVE-2021-41617 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-41617 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssh fixes the following issues: - CVE-2021-41617: Fixed privilege escalation when AuthorizedKeysCommand/AuthorizedPrincipalsCommand are configured (bsc#1190975). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-3947=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-3947=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-3947=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-3947=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-3947=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-3947=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): openssh-7.9p1-6.28.1 openssh-askpass-gnome-7.9p1-6.28.1 openssh-askpass-gnome-debuginfo-7.9p1-6.28.1 openssh-askpass-gnome-debugsource-7.9p1-6.28.1 openssh-debuginfo-7.9p1-6.28.1 openssh-debugsource-7.9p1-6.28.1 openssh-fips-7.9p1-6.28.1 openssh-helpers-7.9p1-6.28.1 openssh-helpers-debuginfo-7.9p1-6.28.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): openssh-7.9p1-6.28.1 openssh-askpass-gnome-7.9p1-6.28.1 openssh-askpass-gnome-debuginfo-7.9p1-6.28.1 openssh-askpass-gnome-debugsource-7.9p1-6.28.1 openssh-debuginfo-7.9p1-6.28.1 openssh-debugsource-7.9p1-6.28.1 openssh-fips-7.9p1-6.28.1 openssh-helpers-7.9p1-6.28.1 openssh-helpers-debuginfo-7.9p1-6.28.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): openssh-7.9p1-6.28.1 openssh-askpass-gnome-7.9p1-6.28.1 openssh-askpass-gnome-debuginfo-7.9p1-6.28.1 openssh-askpass-gnome-debugsource-7.9p1-6.28.1 openssh-debuginfo-7.9p1-6.28.1 openssh-debugsource-7.9p1-6.28.1 openssh-fips-7.9p1-6.28.1 openssh-helpers-7.9p1-6.28.1 openssh-helpers-debuginfo-7.9p1-6.28.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): openssh-7.9p1-6.28.1 openssh-askpass-gnome-7.9p1-6.28.1 openssh-askpass-gnome-debuginfo-7.9p1-6.28.1 openssh-askpass-gnome-debugsource-7.9p1-6.28.1 openssh-debuginfo-7.9p1-6.28.1 openssh-debugsource-7.9p1-6.28.1 openssh-fips-7.9p1-6.28.1 openssh-helpers-7.9p1-6.28.1 openssh-helpers-debuginfo-7.9p1-6.28.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): openssh-7.9p1-6.28.1 openssh-askpass-gnome-7.9p1-6.28.1 openssh-askpass-gnome-debuginfo-7.9p1-6.28.1 openssh-askpass-gnome-debugsource-7.9p1-6.28.1 openssh-debuginfo-7.9p1-6.28.1 openssh-debugsource-7.9p1-6.28.1 openssh-fips-7.9p1-6.28.1 openssh-helpers-7.9p1-6.28.1 openssh-helpers-debuginfo-7.9p1-6.28.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): openssh-7.9p1-6.28.1 openssh-askpass-gnome-7.9p1-6.28.1 openssh-askpass-gnome-debuginfo-7.9p1-6.28.1 openssh-askpass-gnome-debugsource-7.9p1-6.28.1 openssh-debuginfo-7.9p1-6.28.1 openssh-debugsource-7.9p1-6.28.1 openssh-fips-7.9p1-6.28.1 openssh-helpers-7.9p1-6.28.1 openssh-helpers-debuginfo-7.9p1-6.28.1 - SUSE CaaS Platform 4.0 (x86_64): openssh-7.9p1-6.28.1 openssh-askpass-gnome-7.9p1-6.28.1 openssh-askpass-gnome-debuginfo-7.9p1-6.28.1 openssh-askpass-gnome-debugsource-7.9p1-6.28.1 openssh-debuginfo-7.9p1-6.28.1 openssh-debugsource-7.9p1-6.28.1 openssh-fips-7.9p1-6.28.1 openssh-helpers-7.9p1-6.28.1 openssh-helpers-debuginfo-7.9p1-6.28.1 References: https://www.suse.com/security/cve/CVE-2021-41617.html https://bugzilla.suse.com/1190975 From sle-updates at lists.suse.com Mon Dec 6 17:58:02 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Dec 2021 18:58:02 +0100 (CET) Subject: SUSE-SU-2021:3941-1: important: Security update for the Linux Kernel Message-ID: <20211206175802.34A40FC9F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3941-1 Rating: important References: #1152489 #1169263 #1170269 #1184924 #1190523 #1190795 #1191790 #1191961 #1192045 #1192217 #1192273 #1192328 #1192375 #1192473 #1192718 #1192740 #1192745 #1192750 #1192753 #1192758 #1192781 #1192802 #1192896 #1192906 #1192918 SLE-22573 Cross-References: CVE-2021-0941 CVE-2021-20322 CVE-2021-31916 CVE-2021-34981 CVSS scores: CVE-2021-0941 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-20322 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2021-31916 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-31916 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-34981 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Affected Products: SUSE MicroOS 5.1 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise High Availability 15-SP3 ______________________________________________________________________________ An update that solves four vulnerabilities, contains one feature and has 21 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - Unprivileged BPF has been disabled by default to reduce attack surface as too many security issues have happened in the past (jsc#SLE-22573) You can reenable via systemctl setting /proc/sys/kernel/unprivileged_bpf_disabled to 0. (kernel.unprivileged_bpf_disabled = 0) - CVE-2021-0941: In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192045 ). - CVE-2021-31916: An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel A bound check failure allowed an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability (bnc#1192781). - CVE-2021-20322: Make the ipv4 and ipv6 ICMP exception caches less predictive to avoid information leaks about UDP ports in use. (bsc#1191790) - CVE-2021-34981: Fixed file refcounting in cmtp when cmtp_attach_device fails (bsc#1191961). The following non-security bugs were fixed: - ABI: sysfs-kernel-slab: Document some stats (git-fixes). - ALSA: hda: fix general protection fault in azx_runtime_idle (git-fixes). - ALSA: hda: Free card instance properly at probe errors (git-fixes). - ALSA: usb-audio: Add Audient iD14 to mixer map quirk table (git-fixes). - ALSA: usb-audio: Add minimal-mute notion in dB mapping table (bsc#1192375). - ALSA: usb-audio: Add Schiit Hel device to mixer map quirk table (git-fixes). - ALSA: usb-audio: Fix dB level of Bose Revolve+ SoundLink (bsc#1192375). - ALSA: usb-audio: Use int for dB map values (bsc#1192375). - ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE (bsc#1192473). - auxdisplay: ht16k33: Connect backlight to fbdev (git-fixes). - auxdisplay: ht16k33: Fix frame buffer device blanking (git-fixes). - auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string (git-fixes). - bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22573) - bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22574) - bpf: Disallow unprivileged bpf by default (jsc#SLE-22573). - bpf: Disallow unprivileged bpf by default (jsc#SLE-22574). - bpf: Fix BPF_JIT kconfig symbol dependency (git-fixes jsc#SLE-22574). - bpf: Fix potential race in tail call compatibility check (git-fixes). - bpf, kconfig: Add consolidated menu entry for bpf with core options (jsc#SLE-22574). - btrfs: block-group: Rework documentation of check_system_chunk function (bsc#1192896). - btrfs: fix deadlock between chunk allocation and chunk btree modifications (bsc#1192896). - btrfs: fix memory ordering between normal and ordered work functions (git-fixes). - btrfs: update comments for chunk allocation -ENOSPC cases (bsc#1192896). - cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem (git-fixes). - config: disable unprivileged BPF by default (jsc#SLE-22573) Backport of mainline commit 8a03e56b253e ("bpf: Disallow unprivileged bpf by default") only changes kconfig default, used e.g. for "make oldconfig" when the config option is missing, but does not update our kernel configs used for build. Update also these to make sure unprivileged BPF is really disabled by default. - crypto: caam - disable pkc for non-E SoCs (git-fixes). - crypto: qat - detect PFVF collision after ACK (git-fixes). - crypto: qat - disregard spurious PFVF interrupts (git-fixes). - drm/i915: Introduce intel_hpd_hotplug_irqs() (bsc#1192758). - drm: prevent spectre issue in vmw_execbuf_ioctl (bsc#1192802). - EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell (bsc#1152489). - Eradicate Patch-mainline: No The pre-commit check can reject this deprecated tag then. - exfat: fix erroneous discard when clear cluster bit (git-fixes). - exfat: handle wrong stream entry size in exfat_readdir() (git-fixes). - exfat: properly set s_time_gran (bsc#1192328). - exfat: truncate atimes to 2s granularity (bsc#1192328). - Fix problem with missing installkernel on Tumbleweed. - fuse: fix page stealing (bsc#1192718). - gpio: mpc8xxx: Use 'devm_gpiochip_add_data()' to simplify the code and avoid a leak (git-fixes). - gpio/rockchip: add driver for rockchip gpio (bsc#1192217). - gpio/rockchip: drop irq_gc_lock/irq_gc_unlock for irq set type (bsc#1192217). - gpio/rockchip: extended debounce support is only available on v2 (bsc#1192217). - gpio/rockchip: fetch deferred output settings on probe (bsc#1192217). - gpio/rockchip: fix get_direction value handling (bsc#1192217). - gpio/rockchip: support next version gpio controller (bsc#1192217). - gpio/rockchip: use struct rockchip_gpio_regs for gpio controller (bsc#1192217). - HID: u2fzero: clarify error check and length calculations (git-fixes). - HID: u2fzero: properly handle timeouts in usb_submit_urb (git-fixes). - ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510). - ibmvnic: do not stop queue in xmit (bsc#1192273 ltc#194629). - ibmvnic: Process crqs after enabling interrupts (bsc#1192273 ltc#194629). - iio: dac: ad5446: Fix ad5622_write() return value (git-fixes). - Input: elantench - fix misreporting trackpoint coordinates (bsc#1192918). - kernel-*-subpackage: Add dependency on kernel scriptlets (bsc#1192740). - mm/hugetlb: initialize hugetlb_usage in mm_init (bsc#1192906). - Move upstreamed sound fix into sorted section - net: dsa: felix: re-enable TX flow control in ocelot_port_flush() (git-fixes). - net: mscc: ocelot: fix hardware timestamp dequeue logic. - net: mscc: ocelot: warn when a PTP IRQ is raised for an unknown skb (git-fixes). - net/smc: Correct smc link connection counter in case of smc client (git-fixes). - net/smc: fix 'workqueue leaked lock' in smc_conn_abort_work (git-fixes). - ocfs2: do not zero pages beyond i_size (bsc#1190795). - ocfs2: fix data corruption on truncate (bsc#1190795). - PCI: aardvark: Do not clear status bits of masked interrupts (git-fixes). - PCI: aardvark: Do not spam about PIO Response Status (git-fixes). - PCI: aardvark: Do not unmask unused interrupts (git-fixes). - PCI: aardvark: Fix checking for link up via LTSSM state (git-fixes). - PCI: aardvark: Fix reporting Data Link Layer Link Active (git-fixes). - PCI: aardvark: Fix return value of MSI domain .alloc() method (git-fixes). - PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG (git-fixes). - PCI/ACPI: Check for _OSC support in acpi_pci_osc_control_set() (bsc#1169263). - PCI/ACPI: Clarify message about _OSC failure (bsc#1169263). - PCI/ACPI: Move _OSC query checks to separate function (bsc#1169263). - PCI/ACPI: Move supported and control calculations to separate functions (bsc#1169263). - PCI/ACPI: Remove OSC_PCI_SUPPORT_MASKS and OSC_PCI_CONTROL_MASKS (bsc#1169263). - PCI/ACPI: Remove unnecessary osc_lock (bsc#1169263). - PCI: pci-bridge-emul: Fix emulation of W1C bits (git-fixes). - PCI: uniphier: Serialize INTx masking/unmasking and fix the bit operation (git-fixes). - pinctrl: core: fix possible memory leak in pinctrl_enable() (git-fixes). - pinctrl: pinctrl-rockchip: Fix a bunch of kerneldoc misdemeanours (bsc#1192217). - pinctrl/rockchip: add a queue for deferred pin output settings on probe (bsc#1192217). - pinctrl/rockchip: add pinctrl device to gpio bank struct (bsc#1192217). - pinctrl: rockchip: add rk3308 SoC support (bsc#1192217). - pinctrl: rockchip: add support for rk3568 (bsc#1192217). - pinctrl/rockchip: always enable clock for gpio controller (bsc#1192217). - pinctrl: rockchip: clear int status when driver probed (bsc#1192217). - pinctrl: rockchip: create irq mapping in gpio_to_irq (bsc#1192217). - pinctrl: rockchip: do coding style for mux route struct (bsc#1192217). - pinctrl/rockchip: drop the gpio related codes (bsc#1192217). - pinctrl: rockchip: enable gpio pclk for rockchip_gpio_to_irq (bsc#1192217). - pinctrl: rockchip: make driver be tristate module (bsc#1192217). - pinctrl: rockchip: Replace HTTP links with HTTPS ones (bsc#1192217). - pinctrl: rockchip: return ENOMEM instead of EINVAL if allocation fails (bsc#1192217). - pinctrl/rockchip: separate struct rockchip_pin_bank to a head file (bsc#1192217). - power: supply: bq27xxx: Fix kernel crash on IRQ handler register error (git-fixes). - power: supply: max17042_battery: Prevent int underflow in set_soc_threshold (git-fixes). - power: supply: max17042_battery: use VFSOC for capacity when no rsns (git-fixes). - power: supply: rt5033-battery: Change voltage values to 5V (git-fixes). - printk/console: Allow to disable console output by using console="" or console=null (bsc#1192753). - printk: handle blank console arguments passed in (bsc#1192753). - qtnfmac: fix potential Spectre vulnerabilities (bsc#1192802). - r8152: add a helper function about setting EEE (git-fixes). - r8152: Add macpassthru support for ThinkPad Thunderbolt 3 Dock Gen 2 (git-fixes). - r8152: Disable PLA MCU clock speed down (git-fixes). - r8152: disable U2P3 for RTL8153B (git-fixes). - r8152: divide the tx and rx bottom functions (git-fixes). - r8152: do not enable U1U2 with USB_SPEED_HIGH for RTL8153B (git-fixes). - r8152: fix runtime resume for linking change (git-fixes). - r8152: replace array with linking list for rx information (git-fixes). - r8152: reset flow control patch when linking on for RTL8153B (git-fixes). - r8152: saving the settings of EEE (git-fixes). - r8152: separate the rx buffer size (git-fixes). - r8152: use alloc_pages for rx buffer (git-fixes). - random: fix crash on multiple early calls to add_bootloader_randomness() (bsc#1184924) - Revert "ibmvnic: check failover_pending in login response" (bsc#1190523 ltc#194510). - Revert "platform/x86: i2c-multi-instantiate: Do not create platform device for INT3515 ACPI nodes" (git-fixes). - Revert "r8152: adjust the settings about MAC clock speed down for RTL8153" (git-fixes). - Revert "scsi: ufs: fix a missing check of devm_reset_control_get" (git-fixes). - Revert "x86/kvm: fix vcpu-id indexed array sizes" (git-fixes). - rndis_host: set proper input size for OID_GEN_PHYSICAL_MEDIUM request (git-fixes). - s390/dasd: fix use after free in dasd path handling (git-fixes). - s390/pci: fix use after free of zpci_dev (git-fixes). - s390/pci: fix zpci_zdev_put() on reserve (git-fixes). - s390/qeth: fix deadlock during failing recovery (git-fixes). - s390/qeth: Fix deadlock in remove_discipline (git-fixes). - s390/qeth: fix NULL deref in qeth_clear_working_pool_list() (git-fixes). - s390/topology: clear thread/group maps for offline cpus (git-fixes). - scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe() (git-fixes). - scsi: BusLogic: Fix missing pr_cont() use (git-fixes). - scsi: core: Fix spelling in a source code comment (git-fixes). - scsi: csiostor: Add module softdep on cxgb4 (git-fixes). - scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn() (git-fixes). - scsi: dc395: Fix error case unwinding (git-fixes). - scsi: fdomain: Fix error return code in fdomain_probe() (git-fixes). - scsi: FlashPoint: Rename si_flags field (git-fixes). - scsi: iscsi: Fix iface sysfs attr detection (git-fixes). - scsi: libsas: Use _safe() loop in sas_resume_port() (git-fixes). - scsi: mpt3sas: Fix error return value in _scsih_expander_add() (git-fixes). - scsi: qedf: Add pointer checks in qedf_update_link_speed() (git-fixes). - scsi: qedf: Fix error codes in qedf_alloc_global_queues() (git-fixes). - scsi: qedi: Fix error codes in qedi_alloc_global_queues() (git-fixes). - scsi: qla2xxx: Fix a memory leak in an error path of qla2x00_process_els() (git-fixes). - scsi: qla2xxx: Make sure that aborted commands are freed (git-fixes). - scsi: smartpqi: Fix an error code in pqi_get_raid_map() (git-fixes). - scsi: snic: Fix an error message (git-fixes). - scsi: ufs-pci: Add quirk for broken auto-hibernate for Intel EHL (git-fixes). - scsi: ufs: ufshcd-pltfrm: Fix memory leak due to probe defer (git-fixes). - serial: 8250_dw: Drop wrong use of ACPI_PTR() (git-fixes). - serial: xilinx_uartps: Fix race condition causing stuck TX (git-fixes). - staging: r8712u: fix control-message timeout (git-fixes). - staging: rtl8192u: fix control-message timeouts (git-fixes). - stmmac: platform: Fix signedness bug in stmmac_probe_config_dt() (git-fixes). - tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker together (bsc#1192745). - Update config files: Add CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set - Update config files: pull BPF configs together - usb: gadget: hid: fix error code in do_config() (git-fixes). - USB: iowarrior: fix control-message timeouts (git-fixes). - usb: max-3421: Use driver data instead of maintaining a list of bound devices (git-fixes). - usb: musb: Balance list entry in musb_gadget_queue (git-fixes). - USB: serial: keyspan: fix memleak on probe errors (git-fixes). - video: fbdev: chipsfb: use memset_io() instead of memset() (git-fixes). - x86/sme: Use #define USE_EARLY_PGTABLE_L5 in mem_encrypt_identity.c (bsc#1152489). - x86/xen: Mark cpu_bringup_and_idle() as dead_end_function (git-fixes). - xen-pciback: Fix return in pm_ctrl_init() (git-fixes). - xen: Fix implicit type conversion (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-3941=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2021-3941=1 - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2021-3941=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2021-3941=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-3941=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3941=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2021-3941=1 Package List: - SUSE MicroOS 5.1 (aarch64 s390x x86_64): kernel-default-5.3.18-59.37.2 kernel-default-base-5.3.18-59.37.2.18.23.3 kernel-default-debuginfo-5.3.18-59.37.2 kernel-default-debugsource-5.3.18-59.37.2 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): kernel-default-debuginfo-5.3.18-59.37.2 kernel-default-debugsource-5.3.18-59.37.2 kernel-default-extra-5.3.18-59.37.2 kernel-default-extra-debuginfo-5.3.18-59.37.2 kernel-preempt-debuginfo-5.3.18-59.37.2 kernel-preempt-debugsource-5.3.18-59.37.2 kernel-preempt-extra-5.3.18-59.37.2 kernel-preempt-extra-debuginfo-5.3.18-59.37.2 - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-59.37.2 kernel-default-debugsource-5.3.18-59.37.2 kernel-default-livepatch-5.3.18-59.37.2 kernel-default-livepatch-devel-5.3.18-59.37.2 kernel-livepatch-5_3_18-59_37-default-1-7.3.2 kernel-livepatch-5_3_18-59_37-default-debuginfo-1-7.3.2 kernel-livepatch-SLE15-SP3_Update_10-debugsource-1-7.3.2 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-59.37.2 kernel-default-debugsource-5.3.18-59.37.2 reiserfs-kmp-default-5.3.18-59.37.2 reiserfs-kmp-default-debuginfo-5.3.18-59.37.2 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): kernel-obs-build-5.3.18-59.37.3 kernel-obs-build-debugsource-5.3.18-59.37.3 kernel-syms-5.3.18-59.37.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64): kernel-preempt-debuginfo-5.3.18-59.37.2 kernel-preempt-debugsource-5.3.18-59.37.2 kernel-preempt-devel-5.3.18-59.37.2 kernel-preempt-devel-debuginfo-5.3.18-59.37.2 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): kernel-docs-5.3.18-59.37.2 kernel-source-5.3.18-59.37.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): kernel-default-5.3.18-59.37.2 kernel-default-base-5.3.18-59.37.2.18.23.3 kernel-default-debuginfo-5.3.18-59.37.2 kernel-default-debugsource-5.3.18-59.37.2 kernel-default-devel-5.3.18-59.37.2 kernel-default-devel-debuginfo-5.3.18-59.37.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 x86_64): kernel-preempt-5.3.18-59.37.2 kernel-preempt-debuginfo-5.3.18-59.37.2 kernel-preempt-debugsource-5.3.18-59.37.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64): kernel-64kb-5.3.18-59.37.2 kernel-64kb-debuginfo-5.3.18-59.37.2 kernel-64kb-debugsource-5.3.18-59.37.2 kernel-64kb-devel-5.3.18-59.37.2 kernel-64kb-devel-debuginfo-5.3.18-59.37.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): kernel-devel-5.3.18-59.37.2 kernel-macros-5.3.18-59.37.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (s390x): kernel-zfcpdump-5.3.18-59.37.2 kernel-zfcpdump-debuginfo-5.3.18-59.37.2 kernel-zfcpdump-debugsource-5.3.18-59.37.2 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-59.37.2 cluster-md-kmp-default-debuginfo-5.3.18-59.37.2 dlm-kmp-default-5.3.18-59.37.2 dlm-kmp-default-debuginfo-5.3.18-59.37.2 gfs2-kmp-default-5.3.18-59.37.2 gfs2-kmp-default-debuginfo-5.3.18-59.37.2 kernel-default-debuginfo-5.3.18-59.37.2 kernel-default-debugsource-5.3.18-59.37.2 ocfs2-kmp-default-5.3.18-59.37.2 ocfs2-kmp-default-debuginfo-5.3.18-59.37.2 References: https://www.suse.com/security/cve/CVE-2021-0941.html https://www.suse.com/security/cve/CVE-2021-20322.html https://www.suse.com/security/cve/CVE-2021-31916.html https://www.suse.com/security/cve/CVE-2021-34981.html https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1169263 https://bugzilla.suse.com/1170269 https://bugzilla.suse.com/1184924 https://bugzilla.suse.com/1190523 https://bugzilla.suse.com/1190795 https://bugzilla.suse.com/1191790 https://bugzilla.suse.com/1191961 https://bugzilla.suse.com/1192045 https://bugzilla.suse.com/1192217 https://bugzilla.suse.com/1192273 https://bugzilla.suse.com/1192328 https://bugzilla.suse.com/1192375 https://bugzilla.suse.com/1192473 https://bugzilla.suse.com/1192718 https://bugzilla.suse.com/1192740 https://bugzilla.suse.com/1192745 https://bugzilla.suse.com/1192750 https://bugzilla.suse.com/1192753 https://bugzilla.suse.com/1192758 https://bugzilla.suse.com/1192781 https://bugzilla.suse.com/1192802 https://bugzilla.suse.com/1192896 https://bugzilla.suse.com/1192906 https://bugzilla.suse.com/1192918 From sle-updates at lists.suse.com Mon Dec 6 18:08:50 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Dec 2021 19:08:50 +0100 (CET) Subject: SUSE-SU-2021:3935-1: important: Security update for the Linux Kernel Message-ID: <20211206180850.C5767FC9F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3935-1 Rating: important References: #1073928 #1098425 #1100416 #1119934 #1129735 #1171217 #1171420 #1173346 #1176724 #1177666 #1181158 #1181854 #1181855 #1183089 #1184673 #1185726 #1185727 #1185758 #1185973 #1186109 #1186390 #1188172 #1188563 #1188601 #1188838 #1188876 #1188983 #1188985 #1189057 #1189262 #1189278 #1189291 #1189399 #1189420 #1189706 #1190022 #1190023 #1190025 #1190067 #1190117 #1190159 #1190194 #1190349 #1190351 #1190601 #1190717 #1191193 #1191315 #1191790 #1191801 #1191958 #1191961 #1192267 #1192400 #1192775 #1192781 Cross-References: CVE-2017-17862 CVE-2017-17864 CVE-2018-13405 CVE-2018-16882 CVE-2020-0429 CVE-2020-12655 CVE-2020-14305 CVE-2020-3702 CVE-2020-4788 CVE-2021-20265 CVE-2021-20322 CVE-2021-31916 CVE-2021-33033 CVE-2021-34556 CVE-2021-34981 CVE-2021-3542 CVE-2021-35477 CVE-2021-3640 CVE-2021-3653 CVE-2021-3655 CVE-2021-3659 CVE-2021-3679 CVE-2021-3715 CVE-2021-37159 CVE-2021-3732 CVE-2021-3752 CVE-2021-3753 CVE-2021-37576 CVE-2021-3760 CVE-2021-3772 CVE-2021-38160 CVE-2021-38198 CVE-2021-38204 CVE-2021-3896 CVE-2021-40490 CVE-2021-42008 CVE-2021-42739 CVE-2021-43389 CVSS scores: CVE-2017-17862 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2017-17864 (NVD) : 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2018-13405 (NVD) : 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2018-13405 (SUSE): 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVE-2018-16882 (NVD) : 8.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2020-0429 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-0429 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-12655 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-12655 (SUSE): 2.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L CVE-2020-14305 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-14305 (SUSE): 4.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2020-3702 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-3702 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-4788 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-20265 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-20265 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-20322 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2021-31916 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-31916 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-33033 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33033 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-34556 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-34981 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2021-3542 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-35477 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-3640 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3653 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3655 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-3659 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3679 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3715 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-37159 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-37159 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3732 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-3752 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3753 (SUSE): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-37576 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3760 (SUSE): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3772 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-38160 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-38198 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-38204 (SUSE): 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3896 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-40490 (SUSE): 6.1 CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42008 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-42008 (SUSE): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-42739 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-43389 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise High Availability 12-SP3 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves 38 vulnerabilities and has 18 fixes is now available. Description: The SUSE Linux Enterprise 12 SP3 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - Unprivileged BPF has been disabled by default to reduce attack surface as too many security issues have happened in the past (jsc#SLE-22573) You can reenable via systemctl setting /proc/sys/kernel/unprivileged_bpf_disabled to 0. (kernel.unprivileged_bpf_disabled = 0) - CVE-2021-31916: An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel A bound check failure allowed an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability (bnc#1192781). - CVE-2021-20322: Make the ipv4 and ipv6 ICMP exception caches less predictive to avoid information leaks about UDP ports in use. (bsc#1191790) - CVE-2021-34981: Fixed file refcounting in cmtp when cmtp_attach_device fails (bsc#1191961). - CVE-2020-12655: An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c. Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata, aka CID-d0c7feaf8767 (bnc#1171217). - CVE-2021-43389: There was an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958). - CVE-2021-37159: hso_free_net_device in drivers/net/usb/hso.c called unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free (bnc#1188601). - CVE-2021-34556: An unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack (bnc#1188983). - CVE-2021-35477: An unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation did not necessarily occur before a store operation that has an attacker-controlled value (bnc#1188985). - CVE-2017-17862: kernel/bpf/verifier.c in the Linux kernel ignores unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning logic issue, could possibly be used by local users for denial of service (bnc#1073928). - CVE-2017-17864: kernel/bpf/verifier.c in the Linux kernel mishandled states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which allowed local users to obtain potentially sensitive address information, aka a "pointer leak (bnc#1073928). - CVE-2021-20265: A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the Linux kernel when a signal was pending. This flaw allowed an unprivileged local user to crash the system by exhausting available memory. The highest threat from this vulnerability is to system availability (bnc#1183089). - CVE-2021-3772: Fixed sctp vtag check in sctp_sf_ootb (bsc#1190351). - CVE-2021-3655: Missing size validations on inbound SCTP packets may have allowed the kernel to read uninitialized memory (bnc#1188563). - CVE-2018-13405: The inode_init_owner function in fs/inode.c in the Linux kernel allowed local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID (bnc#1100416 bnc#1129735). - CVE-2021-3760: Fixed a use-after-free vulnerability with the ndev->rf_conn_info object (bsc#1190067). - CVE-2021-42739: The firewire subsystem in the Linux kernel has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bnc#1184673). - CVE-2021-3542: Fixed heap buffer overflow in firedtv driver (bsc#1186063). - CVE-2021-33033: The Linux kernel has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value (bnc#1186109 bnc#1186390 bnc#1188876). - CVE-2020-14305: An out-of-bounds memory write flaw was found in how the Linux kernel’s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allowed an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability (bnc#1173346). - CVE-2021-3715: Fixed a use-after-free in route4_change() in net/sched/cls_route.c (bsc#1190349). - CVE-2021-3896: Fixed a array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c (bsc#1191958). - CVE-2021-42008: The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access (bnc#1191315). - CVE-2020-3702: Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic (bnc#1191193). - CVE-2021-3752: Fixed a use after free vulnerability in the Linux kernel's bluetooth module. (bsc#1190023) - CVE-2021-40490: A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel (bnc#1190159 bnc#1192775) - CVE-2021-3640: Fixed a Use-After-Free vulnerability in function sco_sock_sendmsg() in the bluetooth stack (bsc#1188172). - CVE-2021-38160: Data corruption or loss could be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190117) - CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling (bsc#1190025). - CVE-2021-3732: Mounting overlayfs inside an unprivileged user namespace can reveal files (bsc#1189706). - CVE-2021-3653: A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "int_ctl" field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. This flaw affects Linux kernel versions prior to 5.14-rc7 (bnc#1189399 bnc#1189420). - CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h in the Linux kernel incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault (bnc#1189262 bnc#1189278). - CVE-2021-38204: drivers/usb/host/max3421-hcd.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations (bnc#1189291). - CVE-2021-3679: A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service (bnc#1189057). - CVE-2018-16882: A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted interrupts when nested(=1) virtualization is enabled. In nested_get_vmcs12_pages(), in case of an error while processing posted interrupt address, it unmaps the 'pi_desc_page' without resetting 'pi_desc' descriptor address, which is later used in pi_test_and_clear_on(). A guest user/process could use this flaw to crash the host kernel resulting in DoS or potentially gain privileged access to a system. Kernel versions and are vulnerable (bnc#1119934). - CVE-2020-0429: In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1176724). - CVE-2020-4788: IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296 (bnc#1177666 bnc#1181158). - CVE-2021-3659: Fixed a NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (bsc#1188876). - CVE-2021-37576: arch/powerpc/kvm/book3s_rtas.c in the Linux kernel on the powerpc platform allowed KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e (bnc#1188838). The following non-security bugs were fixed: - PCI: hv: Use expected affinity when unmasking IRQ (bsc#1185973). - SUNRPC: improve error response to over-size gss credential (bsc#1190022). - Update config files: Add CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set - blacklist.conf: Drop a line that was added by mistake - bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22918) - bpf: Disallow unprivileged bpf by default (jsc#SLE-22918). - bpf: properly enforce index mask to prevent out-of-bounds speculation (bsc#1098425). - config: disable unprivileged BPF by default (jsc#SLE-22918) - cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode (bsc#1185758,bsc#1192400). - ftrace: Fix scripts/recordmcount.pl due to new binutils (bsc#1192267). - hv: mana: adjust mana_select_queue to old API (jsc#SLE-18779, bsc#1185727). - hv: mana: declare vzalloc (jsc#SLE-18779, bsc#1185726). - hv: mana: fake bitmap API (jsc#SLE-18779, bsc#1185726). - hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#1185727). - kABI: protect struct bpf_map (kabi). - mm: replace open coded page to virt conversion with page_to_virt() (jsc#SLE-18779, bsc#1185727). - net/mlx4_en: Avoid scheduling restart task if it is already running (bsc#1181854 bsc#1181855). - net/mlx4_en: Handle TX error CQE (bsc#1181854 bsc#1181855). - net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779, bsc#1185727). - net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#SLE-18779, bsc#1185727). - net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185727). - net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779, bsc#1185727). - net: mana: Fix error handling in mana_create_rxq() (git-fixes, bsc#1191801). - net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185727). - net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#SLE-18779, bsc#1185727). - net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185727). - net: mana: remove redundant initialization of variable err (jsc#SLE-18779, bsc#1185727). - net: sched: sch_teql: fix null-pointer dereference (bsc#1190717). - s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant (bsc#1190601). - s390/bpf: Fix branch shortening during codegen pass (bsc#1190601). - s390/bpf: Fix optimizing out zero-extensions (bsc#1190601). - s390/bpf: Wrap JIT macro parameter usages in parentheses (bsc#1190601). - s390: bpf: implement jitting of BPF_ALU | BPF_ARSH | BPF_* (bsc#1190601). - scsi: sg: add sg_remove_request in sg_write (bsc#1171420 CVE2020-12770). - sctp: check asoc peer.asconf_capable before processing asconf (bsc#1190351). - sctp: fully initialize v4 addr in some functions (bsc#1188563). - sctp: simplify addr copy (bsc#1188563). - x86/CPU: Add more Icelake model numbers (bsc#1185758,bsc#1192400). - x86/tlb: Flush global mappings when KAISER is disabled (bsc#1190194). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-3935=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-3935=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-3935=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-3935=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-3935=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2021-3935=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-3935=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): kernel-default-4.4.180-94.150.1 kernel-default-base-4.4.180-94.150.1 kernel-default-base-debuginfo-4.4.180-94.150.1 kernel-default-debuginfo-4.4.180-94.150.1 kernel-default-debugsource-4.4.180-94.150.1 kernel-default-devel-4.4.180-94.150.1 kernel-default-kgraft-4.4.180-94.150.1 kernel-syms-4.4.180-94.150.1 kgraft-patch-4_4_180-94_150-default-1-4.3.1 kgraft-patch-4_4_180-94_150-default-debuginfo-1-4.3.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): kernel-devel-4.4.180-94.150.1 kernel-macros-4.4.180-94.150.1 kernel-source-4.4.180-94.150.1 - SUSE OpenStack Cloud 8 (noarch): kernel-devel-4.4.180-94.150.1 kernel-macros-4.4.180-94.150.1 kernel-source-4.4.180-94.150.1 - SUSE OpenStack Cloud 8 (x86_64): kernel-default-4.4.180-94.150.1 kernel-default-base-4.4.180-94.150.1 kernel-default-base-debuginfo-4.4.180-94.150.1 kernel-default-debuginfo-4.4.180-94.150.1 kernel-default-debugsource-4.4.180-94.150.1 kernel-default-devel-4.4.180-94.150.1 kernel-default-kgraft-4.4.180-94.150.1 kernel-syms-4.4.180-94.150.1 kgraft-patch-4_4_180-94_150-default-1-4.3.1 kgraft-patch-4_4_180-94_150-default-debuginfo-1-4.3.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): kernel-default-4.4.180-94.150.1 kernel-default-base-4.4.180-94.150.1 kernel-default-base-debuginfo-4.4.180-94.150.1 kernel-default-debuginfo-4.4.180-94.150.1 kernel-default-debugsource-4.4.180-94.150.1 kernel-default-devel-4.4.180-94.150.1 kernel-default-kgraft-4.4.180-94.150.1 kernel-syms-4.4.180-94.150.1 kgraft-patch-4_4_180-94_150-default-1-4.3.1 kgraft-patch-4_4_180-94_150-default-debuginfo-1-4.3.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): kernel-devel-4.4.180-94.150.1 kernel-macros-4.4.180-94.150.1 kernel-source-4.4.180-94.150.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): kernel-default-4.4.180-94.150.1 kernel-default-base-4.4.180-94.150.1 kernel-default-base-debuginfo-4.4.180-94.150.1 kernel-default-debuginfo-4.4.180-94.150.1 kernel-default-debugsource-4.4.180-94.150.1 kernel-default-devel-4.4.180-94.150.1 kernel-syms-4.4.180-94.150.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64): kernel-default-kgraft-4.4.180-94.150.1 kgraft-patch-4_4_180-94_150-default-1-4.3.1 kgraft-patch-4_4_180-94_150-default-debuginfo-1-4.3.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): kernel-devel-4.4.180-94.150.1 kernel-macros-4.4.180-94.150.1 kernel-source-4.4.180-94.150.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x): kernel-default-man-4.4.180-94.150.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): kernel-default-4.4.180-94.150.1 kernel-default-base-4.4.180-94.150.1 kernel-default-base-debuginfo-4.4.180-94.150.1 kernel-default-debuginfo-4.4.180-94.150.1 kernel-default-debugsource-4.4.180-94.150.1 kernel-default-devel-4.4.180-94.150.1 kernel-syms-4.4.180-94.150.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): kernel-devel-4.4.180-94.150.1 kernel-macros-4.4.180-94.150.1 kernel-source-4.4.180-94.150.1 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.180-94.150.1 cluster-md-kmp-default-debuginfo-4.4.180-94.150.1 dlm-kmp-default-4.4.180-94.150.1 dlm-kmp-default-debuginfo-4.4.180-94.150.1 gfs2-kmp-default-4.4.180-94.150.1 gfs2-kmp-default-debuginfo-4.4.180-94.150.1 kernel-default-debuginfo-4.4.180-94.150.1 kernel-default-debugsource-4.4.180-94.150.1 ocfs2-kmp-default-4.4.180-94.150.1 ocfs2-kmp-default-debuginfo-4.4.180-94.150.1 - HPE Helion Openstack 8 (noarch): kernel-devel-4.4.180-94.150.1 kernel-macros-4.4.180-94.150.1 kernel-source-4.4.180-94.150.1 - HPE Helion Openstack 8 (x86_64): kernel-default-4.4.180-94.150.1 kernel-default-base-4.4.180-94.150.1 kernel-default-base-debuginfo-4.4.180-94.150.1 kernel-default-debuginfo-4.4.180-94.150.1 kernel-default-debugsource-4.4.180-94.150.1 kernel-default-devel-4.4.180-94.150.1 kernel-default-kgraft-4.4.180-94.150.1 kernel-syms-4.4.180-94.150.1 kgraft-patch-4_4_180-94_150-default-1-4.3.1 kgraft-patch-4_4_180-94_150-default-debuginfo-1-4.3.1 References: https://www.suse.com/security/cve/CVE-2017-17862.html https://www.suse.com/security/cve/CVE-2017-17864.html https://www.suse.com/security/cve/CVE-2018-13405.html https://www.suse.com/security/cve/CVE-2018-16882.html https://www.suse.com/security/cve/CVE-2020-0429.html https://www.suse.com/security/cve/CVE-2020-12655.html https://www.suse.com/security/cve/CVE-2020-14305.html https://www.suse.com/security/cve/CVE-2020-3702.html https://www.suse.com/security/cve/CVE-2020-4788.html https://www.suse.com/security/cve/CVE-2021-20265.html https://www.suse.com/security/cve/CVE-2021-20322.html https://www.suse.com/security/cve/CVE-2021-31916.html https://www.suse.com/security/cve/CVE-2021-33033.html https://www.suse.com/security/cve/CVE-2021-34556.html https://www.suse.com/security/cve/CVE-2021-34981.html https://www.suse.com/security/cve/CVE-2021-3542.html https://www.suse.com/security/cve/CVE-2021-35477.html https://www.suse.com/security/cve/CVE-2021-3640.html https://www.suse.com/security/cve/CVE-2021-3653.html https://www.suse.com/security/cve/CVE-2021-3655.html https://www.suse.com/security/cve/CVE-2021-3659.html https://www.suse.com/security/cve/CVE-2021-3679.html https://www.suse.com/security/cve/CVE-2021-3715.html https://www.suse.com/security/cve/CVE-2021-37159.html https://www.suse.com/security/cve/CVE-2021-3732.html https://www.suse.com/security/cve/CVE-2021-3752.html https://www.suse.com/security/cve/CVE-2021-3753.html https://www.suse.com/security/cve/CVE-2021-37576.html https://www.suse.com/security/cve/CVE-2021-3760.html https://www.suse.com/security/cve/CVE-2021-3772.html https://www.suse.com/security/cve/CVE-2021-38160.html https://www.suse.com/security/cve/CVE-2021-38198.html https://www.suse.com/security/cve/CVE-2021-38204.html https://www.suse.com/security/cve/CVE-2021-3896.html https://www.suse.com/security/cve/CVE-2021-40490.html https://www.suse.com/security/cve/CVE-2021-42008.html https://www.suse.com/security/cve/CVE-2021-42739.html https://www.suse.com/security/cve/CVE-2021-43389.html https://bugzilla.suse.com/1073928 https://bugzilla.suse.com/1098425 https://bugzilla.suse.com/1100416 https://bugzilla.suse.com/1119934 https://bugzilla.suse.com/1129735 https://bugzilla.suse.com/1171217 https://bugzilla.suse.com/1171420 https://bugzilla.suse.com/1173346 https://bugzilla.suse.com/1176724 https://bugzilla.suse.com/1177666 https://bugzilla.suse.com/1181158 https://bugzilla.suse.com/1181854 https://bugzilla.suse.com/1181855 https://bugzilla.suse.com/1183089 https://bugzilla.suse.com/1184673 https://bugzilla.suse.com/1185726 https://bugzilla.suse.com/1185727 https://bugzilla.suse.com/1185758 https://bugzilla.suse.com/1185973 https://bugzilla.suse.com/1186109 https://bugzilla.suse.com/1186390 https://bugzilla.suse.com/1188172 https://bugzilla.suse.com/1188563 https://bugzilla.suse.com/1188601 https://bugzilla.suse.com/1188838 https://bugzilla.suse.com/1188876 https://bugzilla.suse.com/1188983 https://bugzilla.suse.com/1188985 https://bugzilla.suse.com/1189057 https://bugzilla.suse.com/1189262 https://bugzilla.suse.com/1189278 https://bugzilla.suse.com/1189291 https://bugzilla.suse.com/1189399 https://bugzilla.suse.com/1189420 https://bugzilla.suse.com/1189706 https://bugzilla.suse.com/1190022 https://bugzilla.suse.com/1190023 https://bugzilla.suse.com/1190025 https://bugzilla.suse.com/1190067 https://bugzilla.suse.com/1190117 https://bugzilla.suse.com/1190159 https://bugzilla.suse.com/1190194 https://bugzilla.suse.com/1190349 https://bugzilla.suse.com/1190351 https://bugzilla.suse.com/1190601 https://bugzilla.suse.com/1190717 https://bugzilla.suse.com/1191193 https://bugzilla.suse.com/1191315 https://bugzilla.suse.com/1191790 https://bugzilla.suse.com/1191801 https://bugzilla.suse.com/1191958 https://bugzilla.suse.com/1191961 https://bugzilla.suse.com/1192267 https://bugzilla.suse.com/1192400 https://bugzilla.suse.com/1192775 https://bugzilla.suse.com/1192781 From sle-updates at lists.suse.com Mon Dec 6 18:21:43 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Dec 2021 19:21:43 +0100 (CET) Subject: SUSE-SU-2021:3950-1: important: Security update for openssh Message-ID: <20211206182143.7A28FFC9F@maintenance.suse.de> SUSE Security Update: Security update for openssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3950-1 Rating: important References: #1190975 Cross-References: CVE-2021-41617 CVSS scores: CVE-2021-41617 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-41617 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE MicroOS 5.1 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssh fixes the following issues: - CVE-2021-41617: Fixed privilege escalation when AuthorizedKeysCommand/AuthorizedPrincipalsCommand are configured (bsc#1190975). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-3950=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-3950=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-3950=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3950=1 Package List: - SUSE MicroOS 5.1 (aarch64 s390x x86_64): openssh-8.4p1-3.6.1 openssh-clients-8.4p1-3.6.1 openssh-clients-debuginfo-8.4p1-3.6.1 openssh-common-8.4p1-3.6.1 openssh-common-debuginfo-8.4p1-3.6.1 openssh-debuginfo-8.4p1-3.6.1 openssh-debugsource-8.4p1-3.6.1 openssh-fips-8.4p1-3.6.1 openssh-server-8.4p1-3.6.1 openssh-server-debuginfo-8.4p1-3.6.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): openssh-debuginfo-8.4p1-3.6.1 openssh-debugsource-8.4p1-3.6.1 openssh-fips-8.4p1-3.6.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): openssh-askpass-gnome-8.4p1-3.6.1 openssh-askpass-gnome-debuginfo-8.4p1-3.6.1 openssh-askpass-gnome-debugsource-8.4p1-3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): openssh-8.4p1-3.6.1 openssh-clients-8.4p1-3.6.1 openssh-clients-debuginfo-8.4p1-3.6.1 openssh-common-8.4p1-3.6.1 openssh-common-debuginfo-8.4p1-3.6.1 openssh-debuginfo-8.4p1-3.6.1 openssh-debugsource-8.4p1-3.6.1 openssh-fips-8.4p1-3.6.1 openssh-helpers-8.4p1-3.6.1 openssh-helpers-debuginfo-8.4p1-3.6.1 openssh-server-8.4p1-3.6.1 openssh-server-debuginfo-8.4p1-3.6.1 References: https://www.suse.com/security/cve/CVE-2021-41617.html https://bugzilla.suse.com/1190975 From sle-updates at lists.suse.com Mon Dec 6 18:24:15 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Dec 2021 19:24:15 +0100 (CET) Subject: SUSE-RU-2021:3937-1: moderate: Recommended update for rmt-server Message-ID: <20211206182415.94D27FC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for rmt-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3937-1 Rating: moderate References: #1176628 #1180018 #1184814 #1186798 #1188043 #1189805 #951189 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for rmt-server fixes the following issues: - Update to Version 2.7.0 - Allow to validate all versions when they are of the same product and arch. - De-register BYOS systems using RMT as a proxy from SCC. - De-activate a single product from a BYOS proxy system. - Add the handling of the BYOS systems that use RMT as a SCC proxy. - Add subscription support in RMT. RMT can now consume registration codes supplied when registering a system. - Add host's login header to API requests to SCC. If the information is available, RMT will send it on requests to attach the registration proxy to a host system in SCC. - Add extra check to product dependency on RMT API. Now, when a system tries to activate a module through RMT, if it requires a root product which is not activated, the activation will fail (bsc#951189). - Load global configuration only if it can be ready by the current process. - Fix: Don't append slash to custom repository urls . - Add enabled attribute to syncing process to fix wrong marked repositories when syncing. (bsc#1184814) - Enable 'Installer-Updates' repositories when enabling a product, so they can get used by the installer to patch the installation system itself. (bsc#1184814) - Do not raise an exception when mirroring. (bsc#1180018) - Handle special characters in package names (bsc#1189805) - Set 'cloud_povider' info when registering the instance. - Fix for Rails 6.1 Zeitwerk autoloading errors. (bsc#1186798) - Add release_stage to all api endpoints to allow external programm determine product stage. (bsc#1176628) - Fix broken links (bsc#1188043) - Additional debug output for mirroring subcommand with '--debug' flag. - Update translations. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-3937=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-3937=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3937=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3937=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): rmt-server-2.7.0-3.52.1 rmt-server-config-2.7.0-3.52.1 rmt-server-debuginfo-2.7.0-3.52.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): rmt-server-2.7.0-3.52.1 rmt-server-config-2.7.0-3.52.1 rmt-server-debuginfo-2.7.0-3.52.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): rmt-server-2.7.0-3.52.1 rmt-server-config-2.7.0-3.52.1 rmt-server-debuginfo-2.7.0-3.52.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): rmt-server-2.7.0-3.52.1 rmt-server-config-2.7.0-3.52.1 rmt-server-debuginfo-2.7.0-3.52.1 References: https://bugzilla.suse.com/1176628 https://bugzilla.suse.com/1180018 https://bugzilla.suse.com/1184814 https://bugzilla.suse.com/1186798 https://bugzilla.suse.com/1188043 https://bugzilla.suse.com/1189805 https://bugzilla.suse.com/951189 From sle-updates at lists.suse.com Mon Dec 6 18:27:35 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Dec 2021 19:27:35 +0100 (CET) Subject: SUSE-RU-2021:3936-1: moderate: Recommended update for rust1.55 Message-ID: <20211206182735.6CC13FC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for rust1.55 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3936-1 Rating: moderate References: #1192067 SLE-19210 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP3 ______________________________________________________________________________ An update that has one recommended fix and contains one feature can now be installed. Description: This update for rust1.55 fixes the following issues: - Implement rust version 1.55.0 on SLE 15 SP3. (jsc#SLE-19210) - Add BuildRequire: 'llvm12-devel' on Tumbleweed. (bsc#1192067) - Change 'llvm_bundling' to be required on 'x86_64', 'aarch64' and 'ppc64le' on 15.3, too. Otherwise cargo segfaults when building MozillaFirefox-93.0. - Swap to internal 'libgit' due to issue in current platform 'libgit2'. - Remove un-needed compiler docs. - Remove conflicting shell completions. - Remove developer tools in favour of rustup. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-3936=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): cargo-1.55.0-21.9.1 cargo1.55-1.55.0-7.3.1 cargo1.55-debuginfo-1.55.0-7.3.1 rust-1.55.0-21.9.1 rust1.55-1.55.0-7.3.1 rust1.55-debuginfo-1.55.0-7.3.1 References: https://bugzilla.suse.com/1192067 From sle-updates at lists.suse.com Mon Dec 6 18:28:55 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Dec 2021 19:28:55 +0100 (CET) Subject: SUSE-SU-2021:3945-1: important: Security update for python-Babel Message-ID: <20211206182855.73712FC9F@maintenance.suse.de> SUSE Security Update: Security update for python-Babel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3945-1 Rating: important References: #1185768 Cross-References: CVE-2021-42771 CVSS scores: CVE-2021-42771 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE MicroOS 5.1 SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Python2 15-SP3 SUSE Linux Enterprise Module for Python2 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Babel fixes the following issues: - CVE-2021-42771: Fixed relative path traversal that may lead to arbitrary locale files loading and arbitrary code execution (bsc#1185768). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-3945=1 - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-3945=1 - SUSE Linux Enterprise Module for Python2 15-SP3: zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2021-3945=1 - SUSE Linux Enterprise Module for Python2 15-SP2: zypper in -t patch SUSE-SLE-Module-Python2-15-SP2-2021-3945=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3945=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3945=1 Package List: - SUSE MicroOS 5.1 (noarch): python3-Babel-2.8.0-3.3.1 - SUSE MicroOS 5.0 (noarch): python3-Babel-2.8.0-3.3.1 - SUSE Linux Enterprise Module for Python2 15-SP3 (noarch): python2-Babel-2.8.0-3.3.1 - SUSE Linux Enterprise Module for Python2 15-SP2 (noarch): python2-Babel-2.8.0-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): python3-Babel-2.8.0-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): python3-Babel-2.8.0-3.3.1 References: https://www.suse.com/security/cve/CVE-2021-42771.html https://bugzilla.suse.com/1185768 From sle-updates at lists.suse.com Mon Dec 6 18:30:22 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Dec 2021 19:30:22 +0100 (CET) Subject: SUSE-SU-2021:3949-1: moderate: Security update for clamav Message-ID: <20211206183022.86A56FC9F@maintenance.suse.de> SUSE Security Update: Security update for clamav ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3949-1 Rating: moderate References: #1188284 #1192346 Affected Products: SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for clamav fixes the following issues: - Update to 0.103.4 (bsc#1192346). - Update to 0.103.3 (bsc#1188284). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-3949=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-3949=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-3949=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-3949=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-3949=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3949=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3949=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-3949=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-3949=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3949=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3949=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-3949=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): clamav-0.103.4-3.32.1 clamav-debuginfo-0.103.4-3.32.1 clamav-debugsource-0.103.4-3.32.1 clamav-devel-0.103.4-3.32.1 libclamav9-0.103.4-3.32.1 libclamav9-debuginfo-0.103.4-3.32.1 libfreshclam2-0.103.4-3.32.1 libfreshclam2-debuginfo-0.103.4-3.32.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): clamav-0.103.4-3.32.1 clamav-debuginfo-0.103.4-3.32.1 clamav-debugsource-0.103.4-3.32.1 clamav-devel-0.103.4-3.32.1 libclamav9-0.103.4-3.32.1 libclamav9-debuginfo-0.103.4-3.32.1 libfreshclam2-0.103.4-3.32.1 libfreshclam2-debuginfo-0.103.4-3.32.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): clamav-0.103.4-3.32.1 clamav-debuginfo-0.103.4-3.32.1 clamav-debugsource-0.103.4-3.32.1 clamav-devel-0.103.4-3.32.1 libclamav9-0.103.4-3.32.1 libclamav9-debuginfo-0.103.4-3.32.1 libfreshclam2-0.103.4-3.32.1 libfreshclam2-debuginfo-0.103.4-3.32.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): clamav-0.103.4-3.32.1 clamav-debuginfo-0.103.4-3.32.1 clamav-debugsource-0.103.4-3.32.1 clamav-devel-0.103.4-3.32.1 libclamav9-0.103.4-3.32.1 libclamav9-debuginfo-0.103.4-3.32.1 libfreshclam2-0.103.4-3.32.1 libfreshclam2-debuginfo-0.103.4-3.32.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): clamav-0.103.4-3.32.1 clamav-debuginfo-0.103.4-3.32.1 clamav-debugsource-0.103.4-3.32.1 clamav-devel-0.103.4-3.32.1 libclamav9-0.103.4-3.32.1 libclamav9-debuginfo-0.103.4-3.32.1 libfreshclam2-0.103.4-3.32.1 libfreshclam2-debuginfo-0.103.4-3.32.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): clamav-0.103.4-3.32.1 clamav-debuginfo-0.103.4-3.32.1 clamav-debugsource-0.103.4-3.32.1 clamav-devel-0.103.4-3.32.1 libclamav9-0.103.4-3.32.1 libclamav9-debuginfo-0.103.4-3.32.1 libfreshclam2-0.103.4-3.32.1 libfreshclam2-debuginfo-0.103.4-3.32.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): clamav-0.103.4-3.32.1 clamav-debuginfo-0.103.4-3.32.1 clamav-debugsource-0.103.4-3.32.1 clamav-devel-0.103.4-3.32.1 libclamav9-0.103.4-3.32.1 libclamav9-debuginfo-0.103.4-3.32.1 libfreshclam2-0.103.4-3.32.1 libfreshclam2-debuginfo-0.103.4-3.32.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): clamav-0.103.4-3.32.1 clamav-debuginfo-0.103.4-3.32.1 clamav-debugsource-0.103.4-3.32.1 clamav-devel-0.103.4-3.32.1 libclamav9-0.103.4-3.32.1 libclamav9-debuginfo-0.103.4-3.32.1 libfreshclam2-0.103.4-3.32.1 libfreshclam2-debuginfo-0.103.4-3.32.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): clamav-0.103.4-3.32.1 clamav-debuginfo-0.103.4-3.32.1 clamav-debugsource-0.103.4-3.32.1 clamav-devel-0.103.4-3.32.1 libclamav9-0.103.4-3.32.1 libclamav9-debuginfo-0.103.4-3.32.1 libfreshclam2-0.103.4-3.32.1 libfreshclam2-debuginfo-0.103.4-3.32.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): clamav-0.103.4-3.32.1 clamav-debuginfo-0.103.4-3.32.1 clamav-debugsource-0.103.4-3.32.1 clamav-devel-0.103.4-3.32.1 libclamav9-0.103.4-3.32.1 libclamav9-debuginfo-0.103.4-3.32.1 libfreshclam2-0.103.4-3.32.1 libfreshclam2-debuginfo-0.103.4-3.32.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): clamav-0.103.4-3.32.1 clamav-debuginfo-0.103.4-3.32.1 clamav-debugsource-0.103.4-3.32.1 clamav-devel-0.103.4-3.32.1 libclamav9-0.103.4-3.32.1 libclamav9-debuginfo-0.103.4-3.32.1 libfreshclam2-0.103.4-3.32.1 libfreshclam2-debuginfo-0.103.4-3.32.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): clamav-0.103.4-3.32.1 clamav-debuginfo-0.103.4-3.32.1 clamav-debugsource-0.103.4-3.32.1 clamav-devel-0.103.4-3.32.1 libclamav9-0.103.4-3.32.1 libclamav9-debuginfo-0.103.4-3.32.1 libfreshclam2-0.103.4-3.32.1 libfreshclam2-debuginfo-0.103.4-3.32.1 - SUSE CaaS Platform 4.0 (x86_64): clamav-0.103.4-3.32.1 clamav-debuginfo-0.103.4-3.32.1 clamav-debugsource-0.103.4-3.32.1 clamav-devel-0.103.4-3.32.1 libclamav9-0.103.4-3.32.1 libclamav9-debuginfo-0.103.4-3.32.1 libfreshclam2-0.103.4-3.32.1 libfreshclam2-debuginfo-0.103.4-3.32.1 References: https://bugzilla.suse.com/1188284 https://bugzilla.suse.com/1192346 From sle-updates at lists.suse.com Mon Dec 6 18:33:32 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Dec 2021 19:33:32 +0100 (CET) Subject: SUSE-SU-2021:3938-1: moderate: Security update for wireshark Message-ID: <20211206183332.B20ADFC9F@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3938-1 Rating: moderate References: #1192830 Cross-References: CVE-2021-39920 CVE-2021-39921 CVE-2021-39922 CVE-2021-39924 CVE-2021-39925 CVE-2021-39926 CVE-2021-39928 CVE-2021-39929 CVSS scores: CVE-2021-39920 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-39921 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-39922 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-39924 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-39924 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-39925 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-39925 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2021-39926 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-39926 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-39928 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-39929 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-39929 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for wireshark fixes the following issues: - Update to Wireshark 3.4.10: - CVE-2021-39920: IPPUSB dissector crash (bsc#1192830). - CVE-2021-39921: Modbus dissector crash (bsc#1192830). - CVE-2021-39922: C12.22 dissector crash (bsc#1192830). - CVE-2021-39924: Bluetooth DHT dissector large loop (bsc#1192830). - CVE-2021-39925: Bluetooth SDP dissector crash (bsc#1192830). - CVE-2021-39926: Bluetooth HCI_ISO dissector crash (bsc#1192830). - CVE-2021-39928: IEEE 802.11 dissector crash (bsc#1192830). - CVE-2021-39929: Bluetooth DHT dissector crash (bsc#1192830). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-3938=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-3938=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3938=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3938=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): wireshark-debuginfo-3.4.10-3.62.1 wireshark-debugsource-3.4.10-3.62.1 wireshark-devel-3.4.10-3.62.1 wireshark-ui-qt-3.4.10-3.62.1 wireshark-ui-qt-debuginfo-3.4.10-3.62.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): wireshark-debuginfo-3.4.10-3.62.1 wireshark-debugsource-3.4.10-3.62.1 wireshark-devel-3.4.10-3.62.1 wireshark-ui-qt-3.4.10-3.62.1 wireshark-ui-qt-debuginfo-3.4.10-3.62.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libwireshark14-3.4.10-3.62.1 libwireshark14-debuginfo-3.4.10-3.62.1 libwiretap11-3.4.10-3.62.1 libwiretap11-debuginfo-3.4.10-3.62.1 libwsutil12-3.4.10-3.62.1 libwsutil12-debuginfo-3.4.10-3.62.1 wireshark-3.4.10-3.62.1 wireshark-debuginfo-3.4.10-3.62.1 wireshark-debugsource-3.4.10-3.62.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libwireshark14-3.4.10-3.62.1 libwireshark14-debuginfo-3.4.10-3.62.1 libwiretap11-3.4.10-3.62.1 libwiretap11-debuginfo-3.4.10-3.62.1 libwsutil12-3.4.10-3.62.1 libwsutil12-debuginfo-3.4.10-3.62.1 wireshark-3.4.10-3.62.1 wireshark-debuginfo-3.4.10-3.62.1 wireshark-debugsource-3.4.10-3.62.1 References: https://www.suse.com/security/cve/CVE-2021-39920.html https://www.suse.com/security/cve/CVE-2021-39921.html https://www.suse.com/security/cve/CVE-2021-39922.html https://www.suse.com/security/cve/CVE-2021-39924.html https://www.suse.com/security/cve/CVE-2021-39925.html https://www.suse.com/security/cve/CVE-2021-39926.html https://www.suse.com/security/cve/CVE-2021-39928.html https://www.suse.com/security/cve/CVE-2021-39929.html https://bugzilla.suse.com/1192830 From sle-updates at lists.suse.com Mon Dec 6 20:17:10 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Dec 2021 21:17:10 +0100 (CET) Subject: SUSE-RU-2021:3953-1: moderate: Recommended update for nvme-cli Message-ID: <20211206201710.24C13FC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for nvme-cli ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3953-1 Rating: moderate References: #1182591 #1191935 #1192348 Affected Products: SUSE MicroOS 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for nvme-cli fixes the following issues: - Allow -1 as ctrl_loss_tmo value (bsc#1192348) - Fix segfauls while discovering (bsc#1191935) - Adding missing hunk (bsc#1182591) - Use pkg-config for libuuid dependency setup Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-3953=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3953=1 Package List: - SUSE MicroOS 5.1 (aarch64 s390x x86_64): nvme-cli-1.13-3.10.1 nvme-cli-debuginfo-1.13-3.10.1 nvme-cli-debugsource-1.13-3.10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): nvme-cli-1.13-3.10.1 nvme-cli-debuginfo-1.13-3.10.1 nvme-cli-debugsource-1.13-3.10.1 References: https://bugzilla.suse.com/1182591 https://bugzilla.suse.com/1191935 https://bugzilla.suse.com/1192348 From sle-updates at lists.suse.com Mon Dec 6 20:19:40 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Dec 2021 21:19:40 +0100 (CET) Subject: SUSE-SU-2021:14858-1: important: Security update for mozilla-nss Message-ID: <20211206201940.EFDD8FC9F@maintenance.suse.de> SUSE Security Update: Security update for mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14858-1 Rating: important References: #1193170 Cross-References: CVE-2021-43527 CVSS scores: CVE-2021-43527 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for mozilla-nss fixes the following issues: Update to version 3.68.1: - CVE-2021-43527: Fixed a Heap overflow in NSS when verifying DER-encoded DSA or RSA-PSS signatures (bsc#1193170). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-mozilla-nss-14858=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-mozilla-nss-14858=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-mozilla-nss-14858=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-mozilla-nss-14858=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): libfreebl3-3.68.1-47.19.1 libsoftokn3-3.68.1-47.19.1 mozilla-nss-3.68.1-47.19.1 mozilla-nss-certs-3.68.1-47.19.1 mozilla-nss-devel-3.68.1-47.19.1 mozilla-nss-tools-3.68.1-47.19.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): libfreebl3-32bit-3.68.1-47.19.1 libsoftokn3-32bit-3.68.1-47.19.1 mozilla-nss-32bit-3.68.1-47.19.1 mozilla-nss-certs-32bit-3.68.1-47.19.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libfreebl3-3.68.1-47.19.1 libsoftokn3-3.68.1-47.19.1 mozilla-nss-3.68.1-47.19.1 mozilla-nss-certs-3.68.1-47.19.1 mozilla-nss-tools-3.68.1-47.19.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): mozilla-nss-debuginfo-3.68.1-47.19.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): mozilla-nss-debuginfo-3.68.1-47.19.1 References: https://www.suse.com/security/cve/CVE-2021-43527.html https://bugzilla.suse.com/1193170 From sle-updates at lists.suse.com Mon Dec 6 20:20:59 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 6 Dec 2021 21:20:59 +0100 (CET) Subject: SUSE-RU-2021:3954-1: moderate: Recommended update for nvme-cli Message-ID: <20211206202059.2C93EFC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for nvme-cli ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3954-1 Rating: moderate References: #1177737 #1191935 #1192348 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for nvme-cli fixes the following issues: - Fix smart log read out (bsc#1177737) - Allow -1 as ctrl_loss_tmo value (bsc#1192348) - Fix segfauls while discovering (bsc#1191935) - Use pkg-config for libuuid dependency setup Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-3954=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3954=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): nvme-cli-1.10-4.18.1 nvme-cli-debuginfo-1.10-4.18.1 nvme-cli-debugsource-1.10-4.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): nvme-cli-1.10-4.18.1 nvme-cli-debuginfo-1.10-4.18.1 nvme-cli-debugsource-1.10-4.18.1 References: https://bugzilla.suse.com/1177737 https://bugzilla.suse.com/1191935 https://bugzilla.suse.com/1192348 From sle-updates at lists.suse.com Mon Dec 6 23:19:30 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Dec 2021 00:19:30 +0100 (CET) Subject: SUSE-RU-2021:3958-1: moderate: Recommended update for aide Message-ID: <20211206231930.B3CD0FC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for aide ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3958-1 Rating: moderate References: #1191422 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for aide fixes the following issues: - Fix issue with Libgcrypt FIPS mode and AIDE by disabling MD5 in FIPS mode (bsc#1191422) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3958=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): aide-0.16-20.12.1 aide-debuginfo-0.16-20.12.1 aide-debugsource-0.16-20.12.1 References: https://bugzilla.suse.com/1191422 From sle-updates at lists.suse.com Mon Dec 6 23:20:40 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Dec 2021 00:20:40 +0100 (CET) Subject: SUSE-RU-2021:3957-1: moderate: Recommended update for yast2-packager Message-ID: <20211206232040.DF2EDFC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-packager ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3957-1 Rating: moderate References: #1184935 #1187270 #1191652 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Installer 15-SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for yast2-packager fixes the following issues: - When editing a repository display the repository alias as a fallback if the repository name is not set, do not display empty name (bsc#1184935) - Fix the tooltip in the control center is properly translated (bsc#1187270) - Use consistent names for the Full medium repositories (bsc#1191652) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3957=1 - SUSE Linux Enterprise Installer 15-SP3: zypper in -t patch SUSE-SLE-INSTALLER-15-SP3-2021-3957=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): yast2-packager-4.3.25-3.8.1 - SUSE Linux Enterprise Installer 15-SP3 (aarch64 ppc64le s390x x86_64): yast2-packager-4.3.25-3.8.1 References: https://bugzilla.suse.com/1184935 https://bugzilla.suse.com/1187270 https://bugzilla.suse.com/1191652 From sle-updates at lists.suse.com Mon Dec 6 23:22:11 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Dec 2021 00:22:11 +0100 (CET) Subject: SUSE-RU-2021:3962-1: moderate: Recommended update for corosync Message-ID: <20211206232211.B16F7FC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for corosync ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3962-1 Rating: moderate References: #1189680 #1191419 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise High Availability 12-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for corosync fixes the following issues: - Fix cancel_token_hold_on_retransmit configuration being ignored (bsc#1191419, bsc#11896) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-3962=1 - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2021-3962=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2021-3962=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2021-3962=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): corosync-debuginfo-2.3.6-9.22.1 corosync-debugsource-2.3.6-9.22.1 libcorosync-devel-2.3.6-9.22.1 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): corosync-2.3.6-9.22.1 corosync-debuginfo-2.3.6-9.22.1 corosync-debugsource-2.3.6-9.22.1 libcorosync4-2.3.6-9.22.1 libcorosync4-debuginfo-2.3.6-9.22.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): corosync-2.3.6-9.22.1 corosync-debuginfo-2.3.6-9.22.1 corosync-debugsource-2.3.6-9.22.1 libcorosync4-2.3.6-9.22.1 libcorosync4-debuginfo-2.3.6-9.22.1 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): corosync-2.3.6-9.22.1 corosync-debuginfo-2.3.6-9.22.1 corosync-debugsource-2.3.6-9.22.1 libcorosync4-2.3.6-9.22.1 libcorosync4-debuginfo-2.3.6-9.22.1 References: https://bugzilla.suse.com/1189680 https://bugzilla.suse.com/1191419 From sle-updates at lists.suse.com Mon Dec 6 23:24:11 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Dec 2021 00:24:11 +0100 (CET) Subject: SUSE-RU-2021:3959-1: moderate: Recommended update for aide Message-ID: <20211206232411.01B9DFC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for aide ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3959-1 Rating: moderate References: #1191422 Affected Products: SUSE MicroOS 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for aide fixes the following issues: - Fix issue with Libgcrypt FIPS mode and AIDE by disabling MD5 in FIPS mode (bsc#1191422) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-3959=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3959=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3959=1 Package List: - SUSE MicroOS 5.1 (aarch64 s390x x86_64): aide-0.16-3.9.1 aide-debuginfo-0.16-3.9.1 aide-debugsource-0.16-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): aide-0.16-3.9.1 aide-debuginfo-0.16-3.9.1 aide-debugsource-0.16-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): aide-0.16-3.9.1 aide-debuginfo-0.16-3.9.1 aide-debugsource-0.16-3.9.1 References: https://bugzilla.suse.com/1191422 From sle-updates at lists.suse.com Mon Dec 6 23:27:19 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Dec 2021 00:27:19 +0100 (CET) Subject: SUSE-SU-2021:3454-2: moderate: Security update for krb5 Message-ID: <20211206232719.F1F6EFC9F@maintenance.suse.de> SUSE Security Update: Security update for krb5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3454-2 Rating: moderate References: #1189929 Cross-References: CVE-2021-37750 CVSS scores: CVE-2021-37750 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE MicroOS 5.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for krb5 fixes the following issues: - CVE-2021-37750: Fixed KDC null pointer dereference via a FAST inner body that lacks a server field (bsc#1189929). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-3454=1 Package List: - SUSE MicroOS 5.1 (s390x x86_64): krb5-1.16.3-3.24.1 krb5-debuginfo-1.16.3-3.24.1 krb5-debugsource-1.16.3-3.24.1 References: https://www.suse.com/security/cve/CVE-2021-37750.html https://bugzilla.suse.com/1189929 From sle-updates at lists.suse.com Mon Dec 6 23:30:52 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Dec 2021 00:30:52 +0100 (CET) Subject: SUSE-RU-2021:3963-1: moderate: Recommended update for system-users Message-ID: <20211206233052.DEA9FFC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for system-users ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3963-1 Rating: moderate References: #1190401 Affected Products: SUSE MicroOS 5.1 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for system-users fixes the following issues: - system-user-tss.conf: Removed group entry because it's not needed and contained syntax errors (bsc#1190401) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-3963=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-3963=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-3963=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2021-3963=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3963=1 Package List: - SUSE MicroOS 5.1 (noarch): system-group-hardware-20170617-17.3.1 system-group-kvm-20170617-17.3.1 system-group-libvirt-20170617-17.3.1 system-group-wheel-20170617-17.3.1 system-user-daemon-20170617-17.3.1 system-user-nobody-20170617-17.3.1 system-user-qemu-20170617-17.3.1 system-user-tss-20170617-17.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): system-group-libvirt-20170617-17.3.1 system-user-ftp-20170617-17.3.1 system-user-qemu-20170617-17.3.1 system-user-tss-20170617-17.3.1 system-user-upsd-20170617-17.3.1 system-user-uuidd-20170617-17.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch): system-user-games-20170617-17.3.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (noarch): system-group-obsolete-20170617-17.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): system-group-hardware-20170617-17.3.1 system-group-kvm-20170617-17.3.1 system-group-wheel-20170617-17.3.1 system-user-bin-20170617-17.3.1 system-user-daemon-20170617-17.3.1 system-user-lp-20170617-17.3.1 system-user-mail-20170617-17.3.1 system-user-man-20170617-17.3.1 system-user-news-20170617-17.3.1 system-user-nobody-20170617-17.3.1 system-user-uucp-20170617-17.3.1 system-user-wwwrun-20170617-17.3.1 References: https://bugzilla.suse.com/1190401 From sle-updates at lists.suse.com Mon Dec 6 23:32:08 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Dec 2021 00:32:08 +0100 (CET) Subject: SUSE-RU-2021:3961-1: moderate: Recommended update for dnsmasq Message-ID: <20211206233208.504F8FC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for dnsmasq ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3961-1 Rating: moderate References: #1192529 Affected Products: SUSE MicroOS 5.1 SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for dnsmasq fixes the following issues: - Fix a segfault when re-reading an empty resolv.conf (bsc#1192529) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-3961=1 - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-3961=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3961=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3961=1 Package List: - SUSE MicroOS 5.1 (aarch64 s390x x86_64): dnsmasq-2.86-7.17.1 dnsmasq-debuginfo-2.86-7.17.1 dnsmasq-debugsource-2.86-7.17.1 - SUSE MicroOS 5.0 (aarch64 x86_64): dnsmasq-2.86-7.17.1 dnsmasq-debuginfo-2.86-7.17.1 dnsmasq-debugsource-2.86-7.17.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): dnsmasq-2.86-7.17.1 dnsmasq-debuginfo-2.86-7.17.1 dnsmasq-debugsource-2.86-7.17.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): dnsmasq-2.86-7.17.1 dnsmasq-debuginfo-2.86-7.17.1 dnsmasq-debugsource-2.86-7.17.1 References: https://bugzilla.suse.com/1192529 From sle-updates at lists.suse.com Mon Dec 6 23:33:20 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Dec 2021 00:33:20 +0100 (CET) Subject: SUSE-FU-2021:3956-1: moderate: Feature update for fdo-client Message-ID: <20211206233320.D8E59FC9F@maintenance.suse.de> SUSE Feature Update: Feature update for fdo-client ______________________________________________________________________________ Announcement ID: SUSE-FU-2021:3956-1 Rating: moderate References: SLE-22946 SLE-22947 Affected Products: SUSE MicroOS 5.1 ______________________________________________________________________________ An update that has 0 feature fixes and contains two features can now be installed. Description: This feature update for fdo-client fixes the following issues: - This is a new FIDO client implemenation and the successor of sdo-client (jsc#SLE-22946, jsc#SLE-22947) Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-3956=1 Package List: - SUSE MicroOS 5.1 (aarch64 s390x x86_64): fdo-client-1.0.0+git20210816.baa09b5-1.3.1 fdo-client-debuginfo-1.0.0+git20210816.baa09b5-1.3.1 fdo-client-debugsource-1.0.0+git20210816.baa09b5-1.3.1 fdo-client-devel-1.0.0+git20210816.baa09b5-1.3.1 References: From sle-updates at lists.suse.com Mon Dec 6 23:34:23 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Dec 2021 00:34:23 +0100 (CET) Subject: SUSE-RU-2021:3960-1: important: Recommended update for container-selinux Message-ID: <20211206233423.ECE84FC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for container-selinux ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3960-1 Rating: important References: Affected Products: SUSE MicroOS 5.1 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for container-selinux fixes the following issues: - Update to version 2.171.0 * Define kubernetes_file_t as a config_type * Allow containers to be socket activated by user domains and by systemd. * Allow iptables to use fifo files of a container runtime * Allow container_runtime create all tmpfs content as container_runtime_tmpfs_t * Allow containers to create lnk_file on tmpfs_t directories. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-3960=1 Package List: - SUSE MicroOS 5.1 (noarch): container-selinux-2.171.0-3.3.1 References: From sle-updates at lists.suse.com Tue Dec 7 07:42:04 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Dec 2021 08:42:04 +0100 (CET) Subject: SUSE-CU-2021:567-1: Recommended update of suse/sles12sp4 Message-ID: <20211207074204.5A51EFC9F@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:567-1 Container Tags : suse/sles12sp4:26.385 , suse/sles12sp4:latest Container Release : 26.385 Severity : moderate Type : recommended References : 1192790 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3932-1 Released: Mon Dec 6 11:17:27 2021 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1192790 This update for curl fixes the following issues: - Fix sftp via proxy failure in curl, by preventing libssh from creating socket (bsc#1192790) The following package changes have been done: - base-container-licenses-3.0-1.255 updated - container-suseconnect-2.0.0-1.149 updated - libcurl4-7.60.0-4.33.1 updated From sle-updates at lists.suse.com Tue Dec 7 08:01:01 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Dec 2021 09:01:01 +0100 (CET) Subject: SUSE-CU-2021:568-1: Security update of suse/sle15 Message-ID: <20211207080101.F0D99FD0A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:568-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.542 Container Release : 6.2.542 Severity : moderate Type : security References : 1192717 1192790 CVE-2021-43618 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3930-1 Released: Mon Dec 6 11:16:10 2021 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1192790 This update for curl fixes the following issues: - Fix sftp via proxy failure in curl, by preventing libssh from creating socket (bsc#1192790) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3946-1 Released: Mon Dec 6 14:57:42 2021 Summary: Security update for gmp Type: security Severity: moderate References: 1192717,CVE-2021-43618 This update for gmp fixes the following issues: - CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717). The following package changes have been done: - libcurl4-7.60.0-28.1 updated - libgmp10-6.1.2-4.9.1 updated From sle-updates at lists.suse.com Tue Dec 7 08:14:53 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Dec 2021 09:14:53 +0100 (CET) Subject: SUSE-CU-2021:569-1: Security update of suse/sle15 Message-ID: <20211207081453.3546DFC9F@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:569-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.58 Container Release : 9.5.58 Severity : moderate Type : security References : 1192717 CVE-2021-43618 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3946-1 Released: Mon Dec 6 14:57:42 2021 Summary: Security update for gmp Type: security Severity: moderate References: 1192717,CVE-2021-43618 This update for gmp fixes the following issues: - CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717). The following package changes have been done: - libgmp10-6.1.2-4.9.1 updated From sle-updates at lists.suse.com Tue Dec 7 08:15:31 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Dec 2021 09:15:31 +0100 (CET) Subject: SUSE-CU-2021:570-1: Security update of bci/init Message-ID: <20211207081531.5FB83FC9F@maintenance.suse.de> SUSE Container Update Advisory: bci/init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:570-1 Container Tags : bci/init:15.3 , bci/init:15.3.3.66 , bci/init:latest Container Release : 3.66 Severity : important Type : security References : 1029961 1113013 1162581 1172973 1172974 1174504 1177127 1178236 1185016 1185524 1186071 1186503 1186602 1186910 1187153 1187224 1187270 1187273 1187425 1187466 1187512 1187654 1187738 1187760 1188156 1188344 1188435 1188623 1188921 1189031 1190052 1190059 1190199 1190356 1190440 1190465 1190645 1190712 1190739 1190793 1190815 1190850 1190915 1190933 1190984 1191200 1191260 1191286 1191324 1191370 1191480 1191563 1191609 1191690 1191736 1191804 1191804 1191922 1191987 1192104 1192160 1192161 1192248 1192337 1192436 CVE-2019-20838 CVE-2020-14155 CVE-2021-37600 CVE-2021-39537 ----------------------------------------------------------------- The container bci/init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-OU-2020:3026-1 Released: Fri Oct 23 15:35:49 2020 Summary: Optional update for the Public Cloud Module Type: optional Severity: moderate References: This update adds the Google Cloud Storage packages to the Public Cloud module (jsc#ECO-2398). The following packages were included: - python3-grpcio - python3-protobuf - python3-google-api-core - python3-google-cloud-core - python3-google-cloud-storage - python3-google-resumable-media - python3-googleapis-common-protos - python3-grpcio-gcp - python3-mock (updated to version 3.0.5) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:294-1 Released: Wed Feb 3 12:54:28 2021 Summary: Recommended update for libprotobuf Type: recommended Severity: moderate References: libprotobuf was updated to fix: - ship the libprotobuf-lite15 on the basesystem module and the INSTALLER channel. (jsc#ECO-2911) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:656-1 Released: Mon Mar 1 09:34:21 2021 Summary: Recommended update for protobuf Type: recommended Severity: moderate References: 1177127 This update for protobuf fixes the following issues: - Add missing dependency of python subpackages on python-six. (bsc#1177127) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3474-1 Released: Wed Oct 20 08:41:31 2021 Summary: Security update for util-linux Type: security Severity: moderate References: 1178236,1188921,CVE-2021-37600 This update for util-linux fixes the following issues: - CVE-2021-37600: Fixed an integer overflow which could lead to a buffer overflow in get_sem_elements() in sys-utils/ipcutils.c. (bsc#1188921) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3480-1 Released: Wed Oct 20 11:24:10 2021 Summary: Recommended update for yast2-network Type: recommended Severity: moderate References: 1185016,1185524,1186910,1187270,1187512,1188344,1190645,1190739,1190915,1190933 This update for yast2-network fixes the following issues: - Don't crash when the interfaces table contains a not configured one (bnc#1190645, bsc#1190915). - Fix the shown description using the interface friendly name when it is empty (bsc#1190933). - Consider aliases sections as case insensitive (bsc#1190739). - Display user defined device name in the devices overview (bnc#1190645). - Don't crash when defined aliases in AutoYaST profile are not defined as a map (bsc#1188344). - Support 'boot' and 'on' as aliases for the 'auto' startmode (bsc#1186910). - Fix desktop file so the control center tooltip is translated (bsc#1187270). - Use the linuxrc proxy settings for the HTTPS and FTP proxies (bsc#1185016). - Don't crash at the end of installation when storing wifi configuration for NetworkManager (bsc#1185524, bsc#1187512). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3490-1 Released: Wed Oct 20 16:31:55 2021 Summary: Security update for ncurses Type: security Severity: moderate References: 1190793,CVE-2021-39537 This update for ncurses fixes the following issues: - CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3494-1 Released: Wed Oct 20 16:48:46 2021 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1190052 This update for pam fixes the following issues: - Added pam_faillock to the set of available PAM modules. (jsc#SLE-20638) - Added new file macros.pam on request of systemd. (bsc#1190052) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3501-1 Released: Fri Oct 22 10:42:46 2021 Summary: Recommended update for libzypp, zypper, libsolv, protobuf Type: recommended Severity: moderate References: 1186503,1186602,1187224,1187425,1187466,1187738,1187760,1188156,1188435,1189031,1190059,1190199,1190465,1190712,1190815 This update for libzypp, zypper, libsolv and protobuf fixes the following issues: - Choice rules: treat orphaned packages as newest (bsc#1190465) - Avoid calling 'su' to detect a too restrictive sudo user umask (bsc#1186602) - Do not check of signatures and keys two times(redundant) (bsc#1190059) - Rephrase vendor conflict message in case 2 packages are involved (bsc#1187760) - Show key fpr from signature when signature check fails (bsc#1187224) - Fix solver jobs for PTFs (bsc#1186503) - Fix purge-kernels fails (bsc#1187738) - Fix obs:// platform guessing for Leap (bsc#1187425) - Make sure to keep states alives while transitioning. (bsc#1190199) - Manpage: Improve description about patch updates(bsc#1187466) - Manpage: Recommend the needs-rebooting command to test whether a system reboot is suggested. - Fix kernel-*-livepatch removal in purge-kernels. (bsc#1190815) - Fix crashes in logging code when shutting down (bsc#1189031) - Do not download full files even if the checkExistsOnly flag is set. (bsc#1190712) - Add need reboot/restart hint to XML install summary (bsc#1188435) - Prompt: choose exact match if prompt options are not prefix free (bsc#1188156) - Include libprotobuf-lite20 in products to enable parallel downloads. (jsc#ECO-2911, jsc#SLE-16862) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3509-1 Released: Tue Oct 26 09:47:40 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: important References: 1191200,1191260,1191480,1191804,1191922 This update for suse-module-tools fixes the following issues: Update to version 15.3.13: - Fix bad exit status in openQA. (bsc#1191922) - Ignore kernel keyring for kernel certificates. (bsc#1191480) - Deal with existing certificates that should be de-enrolled. (bsc#1191804) - Don't pass existing files to weak-modules2. (bsc#1191200) - Skip certificate scriptlet on non-UEFI systems. (bsc#1191260) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3510-1 Released: Tue Oct 26 11:22:15 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1191987 This update for pam fixes the following issues: - Fixed a bad directive file which resulted in the 'securetty' file to be installed as 'macros.pam'. (bsc#1191987) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3529-1 Released: Wed Oct 27 09:23:32 2021 Summary: Security update for pcre Type: security Severity: moderate References: 1172973,1172974,CVE-2019-20838,CVE-2020-14155 This update for pcre fixes the following issues: Update pcre to version 8.45: - CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974). - CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3564-1 Released: Wed Oct 27 16:12:08 2021 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: moderate References: 1190850 This update for rpm-config-SUSE fixes the following issues: - Support ZSTD compressed kernel modules. (bsc#1190850) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3589-1 Released: Mon Nov 1 19:27:52 2021 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1191690 This update for apparmor fixes the following issues: - Fixed an issue when apparmor provides python2 and python3 libraries with the same name. (bsc#1191690) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3663-1 Released: Mon Nov 15 19:14:32 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1191804 This update for suse-module-tools fixes the following issues: - Update to version 15.3.14: * more fixes for updates under secure boot * cert-script: Deal with existing $cert.delete file (bsc#1191804). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3786-1 Released: Wed Nov 24 05:59:13 2021 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: important References: 1192160 This update for rpm-config-SUSE fixes the following issues: - Add support for the kernel xz-compressed firmware files (bsc#1192160) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3792-1 Released: Wed Nov 24 06:12:09 2021 Summary: Recommended update for kmod Type: recommended Severity: moderate References: 1192104 This update for kmod fixes the following issues: - Enable ZSTD compression (bsc#1192104)(jsc#SLE-21256) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3799-1 Released: Wed Nov 24 18:07:54 2021 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1187153,1187273,1188623 This update for gcc11 fixes the following issues: The additional GNU compiler collection GCC 11 is provided: To select these compilers install the packages: - gcc11 - gcc-c++11 - and others with 11 prefix. to select them for building: - CC='gcc-11' - CXX='g++-11' The compiler baselibraries (libgcc_s1, libstdc++6 and others) are being replaced by the GCC 11 variants. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3808-1 Released: Fri Nov 26 00:30:54 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186071,1190440,1190984,1192161 This update for systemd fixes the following issues: - Add timestamp to D-Bus events to improve traceability (jsc#SLE-17798) - Fix fd_is_mount_point() when both the parent and directory are network file systems (bsc#1190984) - Support detection for ARM64 Hyper-V guests (bsc#1186071) - Fix systemd-detect-virt not detecting Amazon EC2 Nitro instance (bsc#1190440) - Enable support for Portable Services in openSUSE Leap only (jsc#SLE-21694) - Fix IO scheduler udev rules to address performance issues (jsc#SLE-21032, bsc#1192161) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3870-1 Released: Thu Dec 2 07:11:50 2021 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1190356,1191286,1191324,1191370,1191609,1192337,1192436 This update for libzypp, zypper fixes the following issues: libzypp: - Check log writer before accessing it (bsc#1192337) - Zypper should keep cached files if transaction is aborted (bsc#1190356) - Require a minimum number of mirrors for multicurl (bsc#1191609) - Fixed slowdowns when rlimit is too high by using procfs to detect niumber of open file descriptors (bsc#1191324) - Fixed zypper incomplete messages when using non English localization (bsc#1191370) - RepoManager: Don't probe for plaindir repository if the URL schema is a plugin (bsc#1191286) - Disable logger in the child process after fork (bsc#1192436) zypper: - Fixed Zypper removing a kernel explicitely pinned that uses uname -r output format as name (openSUSE/zypper#418) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3872-1 Released: Thu Dec 2 07:25:55 2021 Summary: Recommended update for cracklib Type: recommended Severity: moderate References: 1191736 This update for cracklib fixes the following issues: - Enable build time tests (bsc#1191736) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3891-1 Released: Fri Dec 3 10:21:49 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1029961,1113013,1187654 This update for keyutils fixes the following issues: - Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654) keyutils was updated to 1.6.3 (jsc#SLE-20016): * Revert the change notifications that were using /dev/watch_queue. * Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE). * Allow 'keyctl supports' to retrieve raw capability data. * Allow 'keyctl id' to turn a symbolic key ID into a numeric ID. * Allow 'keyctl new_session' to name the keyring. * Allow 'keyctl add/padd/etc.' to take hex-encoded data. * Add 'keyctl watch*' to expose kernel change notifications on keys. * Add caps for namespacing and notifications. * Set a default TTL on keys that upcall for name resolution. * Explicitly clear memory after it's held sensitive information. * Various manual page fixes. * Fix C++-related errors. * Add support for keyctl_move(). * Add support for keyctl_capabilities(). * Make key=val list optional for various public-key ops. * Fix system call signature for KEYCTL_PKEY_QUERY. * Fix 'keyctl pkey_query' argument passing. * Use keyctl_read_alloc() in dump_key_tree_aux(). * Various manual page fixes. Updated to 1.6: * Apply various specfile cleanups from Fedora. * request-key: Provide a command line option to suppress helper execution. * request-key: Find least-wildcard match rather than first match. * Remove the dependency on MIT Kerberos. * Fix some error messages * keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes. * Fix doc and comment typos. * Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20). * Add pkg-config support for finding libkeyutils. * upstream isn't offering PGP signatures for the source tarballs anymore Updated to 1.5.11 (bsc#1113013) * Add keyring restriction support. * Add KDF support to the Diffie-Helman function. * DNS: Add support for AFS config files and SRV records ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3899-1 Released: Fri Dec 3 11:27:41 2021 Summary: Security update for aaa_base Type: security Severity: moderate References: 1162581,1174504,1191563,1192248 This update for aaa_base fixes the following issues: - Allowed ping and ICMP commands without CAP_NET_RAW (bsc#1174504). - Add $HOME/.local/bin to PATH, if it exists (bsc#1192248). - Fixed get_kernel_version.c to work also for recent kernels on the s390/X platform (bsc#1191563). - Support xz compressed kernel (bsc#1162581) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.52.1 updated - cracklib-dict-small-2.9.7-11.6.1 updated - cracklib-2.9.7-11.6.1 updated - kmod-29-4.12.1 updated - libapparmor1-2.13.6-3.3.1 updated - libaugeas0-1.10.1-3.3.1 updated - libblkid1-2.36.2-4.5.1 updated - libcrack2-2.9.7-11.6.1 updated - libfdisk1-2.36.2-4.5.1 updated - libgcc_s1-11.2.1+git610-1.3.9 updated - libkeyutils1-1.6.3-5.6.1 updated - libkmod2-29-4.12.1 updated - libmount1-2.36.2-4.5.1 updated - libncurses6-6.1-5.9.1 updated - libpcre1-8.45-20.10.1 updated - libprotobuf-lite20-3.9.2-4.9.1 added - libsmartcols1-2.36.2-4.5.1 updated - libsolv-tools-0.7.20-9.2 updated - libstdc++6-11.2.1+git610-1.3.9 updated - libsystemd0-246.16-7.21.1 updated - libudev1-246.16-7.21.1 updated - libuuid1-2.36.2-4.5.1 updated - libzypp-17.28.8-20.1 updated - ncurses-utils-6.1-5.9.1 updated - pam-1.3.0-6.50.1 updated - rpm-config-SUSE-1-5.6.1 updated - suse-module-tools-15.3.14-3.14.1 updated - systemd-246.16-7.21.1 updated - terminfo-base-6.1-5.9.1 updated - udev-246.16-7.21.1 updated - util-linux-2.36.2-4.5.1 updated - zypper-1.14.50-21.1 updated - container:sles15-image-15.0.0-17.8.39 updated From sle-updates at lists.suse.com Tue Dec 7 08:15:41 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Dec 2021 09:15:41 +0100 (CET) Subject: SUSE-CU-2021:571-1: Security update of bci/micro Message-ID: <20211207081541.89398FC9F@maintenance.suse.de> SUSE Container Update Advisory: bci/micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:571-1 Container Tags : bci/micro:15.3 , bci/micro:15.3.3.27 , bci/micro:latest Container Release : 3.27 Severity : moderate Type : security References : 1172973 1172974 1187153 1187273 1188623 1190793 CVE-2019-20838 CVE-2020-14155 CVE-2021-39537 ----------------------------------------------------------------- The container bci/micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3490-1 Released: Wed Oct 20 16:31:55 2021 Summary: Security update for ncurses Type: security Severity: moderate References: 1190793,CVE-2021-39537 This update for ncurses fixes the following issues: - CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3529-1 Released: Wed Oct 27 09:23:32 2021 Summary: Security update for pcre Type: security Severity: moderate References: 1172973,1172974,CVE-2019-20838,CVE-2020-14155 This update for pcre fixes the following issues: Update pcre to version 8.45: - CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974). - CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3799-1 Released: Wed Nov 24 18:07:54 2021 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1187153,1187273,1188623 This update for gcc11 fixes the following issues: The additional GNU compiler collection GCC 11 is provided: To select these compilers install the packages: - gcc11 - gcc-c++11 - and others with 11 prefix. to select them for building: - CC='gcc-11' - CXX='g++-11' The compiler baselibraries (libgcc_s1, libstdc++6 and others) are being replaced by the GCC 11 variants. The following package changes have been done: - libgcc_s1-11.2.1+git610-1.3.9 updated - libncurses6-6.1-5.9.1 updated - libpcre1-8.45-20.10.1 updated - libstdc++6-11.2.1+git610-1.3.9 updated - terminfo-base-6.1-5.9.1 updated From sle-updates at lists.suse.com Tue Dec 7 08:15:53 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Dec 2021 09:15:53 +0100 (CET) Subject: SUSE-CU-2021:572-1: Security update of bci/minimal Message-ID: <20211207081553.4E6CEFC9F@maintenance.suse.de> SUSE Container Update Advisory: bci/minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:572-1 Container Tags : bci/minimal:15.3 , bci/minimal:15.3.13.53 , bci/minimal:latest Container Release : 13.53 Severity : important Type : security References : 1172973 1172974 1187153 1187273 1188623 1190793 1190850 1192160 CVE-2019-20838 CVE-2020-14155 CVE-2021-39537 ----------------------------------------------------------------- The container bci/minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3490-1 Released: Wed Oct 20 16:31:55 2021 Summary: Security update for ncurses Type: security Severity: moderate References: 1190793,CVE-2021-39537 This update for ncurses fixes the following issues: - CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3529-1 Released: Wed Oct 27 09:23:32 2021 Summary: Security update for pcre Type: security Severity: moderate References: 1172973,1172974,CVE-2019-20838,CVE-2020-14155 This update for pcre fixes the following issues: Update pcre to version 8.45: - CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974). - CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3564-1 Released: Wed Oct 27 16:12:08 2021 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: moderate References: 1190850 This update for rpm-config-SUSE fixes the following issues: - Support ZSTD compressed kernel modules. (bsc#1190850) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3786-1 Released: Wed Nov 24 05:59:13 2021 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: important References: 1192160 This update for rpm-config-SUSE fixes the following issues: - Add support for the kernel xz-compressed firmware files (bsc#1192160) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3799-1 Released: Wed Nov 24 18:07:54 2021 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1187153,1187273,1188623 This update for gcc11 fixes the following issues: The additional GNU compiler collection GCC 11 is provided: To select these compilers install the packages: - gcc11 - gcc-c++11 - and others with 11 prefix. to select them for building: - CC='gcc-11' - CXX='g++-11' The compiler baselibraries (libgcc_s1, libstdc++6 and others) are being replaced by the GCC 11 variants. The following package changes have been done: - libgcc_s1-11.2.1+git610-1.3.9 updated - libncurses6-6.1-5.9.1 updated - libpcre1-8.45-20.10.1 updated - libstdc++6-11.2.1+git610-1.3.9 updated - rpm-config-SUSE-1-5.6.1 updated - terminfo-base-6.1-5.9.1 updated - container:micro-image-15.3.0-3.27 updated - ca-certificates-mozilla-prebuilt-2.44-21.1 removed From sle-updates at lists.suse.com Tue Dec 7 08:21:49 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Dec 2021 09:21:49 +0100 (CET) Subject: SUSE-CU-2021:573-1: Security update of suse/sle15 Message-ID: <20211207082149.EDF7FFC9F@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:573-1 Container Tags : suse/sle15:15.3 , suse/sle15:15.3.17.8.41 Container Release : 17.8.41 Severity : moderate Type : security References : 1192717 CVE-2021-43618 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3946-1 Released: Mon Dec 6 14:57:42 2021 Summary: Security update for gmp Type: security Severity: moderate References: 1192717,CVE-2021-43618 This update for gmp fixes the following issues: - CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717). The following package changes have been done: - libgmp10-6.1.2-4.9.1 updated From sle-updates at lists.suse.com Tue Dec 7 08:21:57 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Dec 2021 09:21:57 +0100 (CET) Subject: SUSE-CU-2021:574-1: Recommended update of suse/sle15 Message-ID: <20211207082157.A2DBDFC9F@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:574-1 Container Tags : suse/sle15:15.3 , suse/sle15:15.3.17.8.42 Container Release : 17.8.42 Severity : moderate Type : recommended References : 1190401 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3963-1 Released: Mon Dec 6 19:57:39 2021 Summary: Recommended update for system-users Type: recommended Severity: moderate References: 1190401 This update for system-users fixes the following issues: - system-user-tss.conf: Removed group entry because it's not needed and contained syntax errors (bsc#1190401) The following package changes have been done: - system-group-hardware-20170617-17.3.1 updated From sle-updates at lists.suse.com Tue Dec 7 11:18:37 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Dec 2021 12:18:37 +0100 (CET) Subject: SUSE-SU-2021:3964-1: important: Security update for nodejs14 Message-ID: <20211207111837.9EEA8FC9F@maintenance.suse.de> SUSE Security Update: Security update for nodejs14 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3964-1 Rating: important References: #1190053 #1190054 #1190055 #1190056 #1190057 #1191601 #1191602 Cross-References: CVE-2021-22959 CVE-2021-22960 CVE-2021-37701 CVE-2021-37712 CVE-2021-37713 CVE-2021-39134 CVE-2021-39135 CVSS scores: CVE-2021-22959 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2021-22959 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-22960 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-37701 (NVD) : 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N CVE-2021-37701 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-37712 (NVD) : 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N CVE-2021-37712 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-39134 (NVD) : 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N CVE-2021-39134 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-39135 (NVD) : 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise Module for Web Scripting 15-SP3 SUSE Linux Enterprise Module for Web Scripting 15-SP2 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for nodejs14 fixes the following issues: nodejs14 was updated to 14.18.1: * deps: update llhttp to 2.1.4 - HTTP Request Smuggling due to spaced in headers (bsc#1191601, CVE-2021-22959) - HTTP Request Smuggling when parsing the body (bsc#1191602, CVE-2021-22960) Changes in 14.18.0: * buffer: + introduce Blob + add base64url encoding option * child_process: + allow options.cwd receive a URL + add timeout to spawn and fork + allow promisified exec to be cancel + add 'overlapped' stdio flag * dns: add "tries" option to Resolve options * fs: + allow empty string for temp directory prefix + allow no-params fsPromises fileHandle read + add support for async iterators to fsPromises.writeFile * http2: add support for sensitive headers * process: add 'worker' event * tls: allow reading data into a static buffer * worker: add setEnvironmentData/getEnvironmentData Changes in 14.17.6 * deps: upgrade npm to 6.14.15 which fixes a number of security issues (bsc#1190057, CVE-2021-37701, bsc#1190056, CVE-2021-37712, bsc#1190055, CVE-2021-37713, bsc#1190054, CVE-2021-39134, bsc#1190053, CVE-2021-39135) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP3: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP3-2021-3964=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP2: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP2-2021-3964=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (aarch64 ppc64le s390x x86_64): nodejs14-14.18.1-15.21.2 nodejs14-debuginfo-14.18.1-15.21.2 nodejs14-debugsource-14.18.1-15.21.2 nodejs14-devel-14.18.1-15.21.2 npm14-14.18.1-15.21.2 - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (noarch): nodejs14-docs-14.18.1-15.21.2 - SUSE Linux Enterprise Module for Web Scripting 15-SP2 (aarch64 ppc64le s390x x86_64): nodejs14-14.18.1-15.21.2 nodejs14-debuginfo-14.18.1-15.21.2 nodejs14-debugsource-14.18.1-15.21.2 nodejs14-devel-14.18.1-15.21.2 npm14-14.18.1-15.21.2 - SUSE Linux Enterprise Module for Web Scripting 15-SP2 (noarch): nodejs14-docs-14.18.1-15.21.2 References: https://www.suse.com/security/cve/CVE-2021-22959.html https://www.suse.com/security/cve/CVE-2021-22960.html https://www.suse.com/security/cve/CVE-2021-37701.html https://www.suse.com/security/cve/CVE-2021-37712.html https://www.suse.com/security/cve/CVE-2021-37713.html https://www.suse.com/security/cve/CVE-2021-39134.html https://www.suse.com/security/cve/CVE-2021-39135.html https://bugzilla.suse.com/1190053 https://bugzilla.suse.com/1190054 https://bugzilla.suse.com/1190055 https://bugzilla.suse.com/1190056 https://bugzilla.suse.com/1190057 https://bugzilla.suse.com/1191601 https://bugzilla.suse.com/1191602 From sle-updates at lists.suse.com Tue Dec 7 14:15:48 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Dec 2021 15:15:48 +0100 (CET) Subject: SUSE-RU-2021:3965-1: moderate: Recommended update for nghttp2 Message-ID: <20211207141548.B9EA0FC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for nghttp2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3965-1 Rating: moderate References: #1192681 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for nghttp2 fixes the following issue: - libnghttp2-devel was missing from the SDK. (bsc#1192681) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-3965=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3965=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (ppc64le s390x x86_64): libnghttp2-devel-1.39.2-3.7.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libnghttp2-14-1.39.2-3.7.1 libnghttp2-14-debuginfo-1.39.2-3.7.1 nghttp2-debuginfo-1.39.2-3.7.1 nghttp2-debugsource-1.39.2-3.7.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libnghttp2-14-32bit-1.39.2-3.7.1 libnghttp2-14-debuginfo-32bit-1.39.2-3.7.1 References: https://bugzilla.suse.com/1192681 From sle-updates at lists.suse.com Tue Dec 7 17:16:39 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Dec 2021 18:16:39 +0100 (CET) Subject: SUSE-RU-2021:3966-1: moderate: Recommended update for suse-module-tools Message-ID: <20211207171639.819E7FD0A@maintenance.suse.de> SUSE Recommended Update: Recommended update for suse-module-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3966-1 Rating: moderate References: #1189841 #1189879 #1190598 #1191200 #1191260 #1191480 #1191804 #1191922 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This update for suse-module-tools fixes the following issues: Update to version 12.11: Import kernel scriptlets from kernel-source * rpm-script: fix bad exit status in OpenQA (bsc#1191922) * cert-script: Deal with existing $cert.delete file (bsc#1191804). * cert-script: Ignore kernel keyring for kernel certificates (bsc#1191480). * cert-script: Only print mokutil output in verbose mode. * inkmp-script(postun): don't pass existing files to weak-modules2 (bsc#1191200) * kernel-scriptlets: skip cert scriptlet on non-UEFI systems (bsc#1191260) * rpm-script: link config also into /boot (bsc#1189879) * Import kernel scriptlets from kernel-source. (bsc#1189841, bsc#1190598) * Provide "suse-kernel-rpm-scriptlets" Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3966=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): suse-module-tools-12.11-3.8.1 References: https://bugzilla.suse.com/1189841 https://bugzilla.suse.com/1189879 https://bugzilla.suse.com/1190598 https://bugzilla.suse.com/1191200 https://bugzilla.suse.com/1191260 https://bugzilla.suse.com/1191480 https://bugzilla.suse.com/1191804 https://bugzilla.suse.com/1191922 From sle-updates at lists.suse.com Tue Dec 7 17:18:58 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Dec 2021 18:18:58 +0100 (CET) Subject: SUSE-RU-2021:3967-1: Recommended update for python36 Message-ID: <20211207171858.8F439FD0A@maintenance.suse.de> SUSE Recommended Update: Recommended update for python36 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3967-1 Rating: low References: #1186694 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python36 fixes the following issues: - a python36-devel package is shipped (bsc#1186694) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-3967=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3967=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): python36-devel-3.6.15-13.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.15-13.1 libpython3_6m1_0-debuginfo-3.6.15-13.1 python36-3.6.15-13.1 python36-base-3.6.15-13.1 python36-base-debuginfo-3.6.15-13.1 python36-debuginfo-3.6.15-13.1 python36-debugsource-3.6.15-13.1 References: https://bugzilla.suse.com/1186694 From sle-updates at lists.suse.com Tue Dec 7 20:17:22 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Dec 2021 21:17:22 +0100 (CET) Subject: SUSE-SU-2021:3968-1: moderate: Security update for xen Message-ID: <20211207201722.10741FC9F@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3968-1 Rating: moderate References: #1027519 #1191363 #1192554 #1192557 #1192559 Cross-References: CVE-2021-28702 CVE-2021-28704 CVE-2021-28705 CVE-2021-28706 CVE-2021-28707 CVE-2021-28708 CVE-2021-28709 CVSS scores: CVE-2021-28702 (NVD) : 7.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVE-2021-28704 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28705 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28705 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28706 (NVD) : 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H CVE-2021-28706 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28707 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28708 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28709 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE MicroOS 5.1 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2021-28702: Fixed PCI devices with RMRRs not deassigned correctly (XSA-386) (bsc#1191363). - CVE-2021-28704, CVE-2021-28707, CVE-2021-28708: Fixed PoD operations on misaligned GFNs (XSA-388) (bsc#1192557). - CVE-2021-28705, CVE-2021-28709: Fixed issues with partially successful P2M updates on x86 (XSA-389) (bsc#1192559). - CVE-2021-28706: Fixed guests may exceed their designated memory limit (XSA-385) (bsc#1192554). - Update to Xen 4.14.3 bug fix release (bsc#1027519). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-3968=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-3968=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3968=1 Package List: - SUSE MicroOS 5.1 (x86_64): xen-debugsource-4.14.3_04-3.15.1 xen-libs-4.14.3_04-3.15.1 xen-libs-debuginfo-4.14.3_04-3.15.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (x86_64): xen-4.14.3_04-3.15.1 xen-debugsource-4.14.3_04-3.15.1 xen-devel-4.14.3_04-3.15.1 xen-tools-4.14.3_04-3.15.1 xen-tools-debuginfo-4.14.3_04-3.15.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): xen-tools-xendomains-wait-disk-4.14.3_04-3.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): xen-debugsource-4.14.3_04-3.15.1 xen-libs-4.14.3_04-3.15.1 xen-libs-debuginfo-4.14.3_04-3.15.1 xen-tools-domU-4.14.3_04-3.15.1 xen-tools-domU-debuginfo-4.14.3_04-3.15.1 References: https://www.suse.com/security/cve/CVE-2021-28702.html https://www.suse.com/security/cve/CVE-2021-28704.html https://www.suse.com/security/cve/CVE-2021-28705.html https://www.suse.com/security/cve/CVE-2021-28706.html https://www.suse.com/security/cve/CVE-2021-28707.html https://www.suse.com/security/cve/CVE-2021-28708.html https://www.suse.com/security/cve/CVE-2021-28709.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1191363 https://bugzilla.suse.com/1192554 https://bugzilla.suse.com/1192557 https://bugzilla.suse.com/1192559 From sle-updates at lists.suse.com Tue Dec 7 20:19:27 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Dec 2021 21:19:27 +0100 (CET) Subject: SUSE-SU-2021:3969-1: important: Security update for the Linux Kernel Message-ID: <20211207201927.A2DE5FC9F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3969-1 Rating: important References: #1085235 #1085308 #1087078 #1087082 #1100394 #1102640 #1105412 #1108488 #1129898 #1133374 #1171420 #1173489 #1174161 #1181854 #1184804 #1185377 #1185726 #1185758 #1186109 #1186482 #1188172 #1188563 #1188601 #1188838 #1188876 #1188983 #1188985 #1189057 #1189262 #1189291 #1189399 #1189400 #1189706 #1189846 #1189884 #1190023 #1190025 #1190067 #1190117 #1190159 #1190351 #1190479 #1190534 #1190601 #1190717 #1191193 #1191315 #1191317 #1191790 #1191800 #1191961 #1192045 #1192267 #1192379 #1192400 #1192775 #1192781 #1192802 Cross-References: CVE-2018-3639 CVE-2018-9517 CVE-2019-3874 CVE-2019-3900 CVE-2020-12770 CVE-2020-3702 CVE-2021-0941 CVE-2021-20320 CVE-2021-20322 CVE-2021-22543 CVE-2021-31916 CVE-2021-33033 CVE-2021-34556 CVE-2021-34981 CVE-2021-35477 CVE-2021-3640 CVE-2021-3653 CVE-2021-3655 CVE-2021-3656 CVE-2021-3659 CVE-2021-3679 CVE-2021-37159 CVE-2021-3732 CVE-2021-3744 CVE-2021-3752 CVE-2021-3753 CVE-2021-37576 CVE-2021-3760 CVE-2021-3764 CVE-2021-3772 CVE-2021-38160 CVE-2021-38198 CVE-2021-38204 CVE-2021-40490 CVE-2021-41864 CVE-2021-42008 CVE-2021-42252 CVSS scores: CVE-2018-3639 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2018-3639 (SUSE): 4.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVE-2018-9517 (NVD) : 6.7 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2018-9517 (SUSE): 2.5 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2019-3874 (NVD) : 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-3874 (SUSE): 5.1 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-3900 (NVD) : 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2019-3900 (SUSE): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-12770 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-12770 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2020-3702 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-3702 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-0941 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-20320 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-20322 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2021-22543 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-22543 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-31916 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-31916 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-33033 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33033 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-34556 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-34981 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2021-35477 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-3640 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3653 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3655 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-3656 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3659 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3679 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-37159 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-37159 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3732 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-3744 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3752 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3753 (SUSE): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-37576 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3760 (SUSE): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3764 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3772 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-38160 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-38198 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-38204 (SUSE): 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-40490 (SUSE): 6.1 CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-41864 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-42008 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-42008 (SUSE): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-42252 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that solves 37 vulnerabilities and has 21 fixes is now available. Description: The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: Unprivileged BPF has been disabled by default to reduce attack surface as too many security issues have happened in the past (jsc#SLE-22573) You can reenable via systemctl setting /proc/sys/kernel/unprivileged_bpf_disabled to 0. (kernel.unprivileged_bpf_disabled = 0) - CVE-2018-3639: Fixed a speculative execution that may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. (bsc#1087082) - CVE-2021-20320: Fix a bug that allows a local attacker with special user privilege can circumvent the verifier and may lead to a confidentiality problem. (bsc#1190601) - CVE-2021-0941: Fixed A missing sanity check to the current MTU check that may allow a local attacker with special user privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. (bnc#1192045) - CVE-2021-31916: Fixed a bound check failure that could allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash, a leak of internal kernel information, or a privilege escalation problem. (bnc#1192781) - CVE-2021-20322: Fixed a bug that provides to an attacker the ability to quickly scan open UDP ports. (bsc#1191790) - CVE-2021-3772: Fixed an issue that would allow a blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses. (bsc#1190351) - CVE-2021-34981: Fixed an issue that allows an attacker with a local account to escalate privileges when CAPI (ISDN) hardware connection fails. (bsc#1191961) - CVE-2018-9517: Fixed possible memory corruption due to a use after free in pppol2tp_connect (bsc#1108488). - CVE-2019-3874: Fixed possible denial of service attack via SCTP socket buffer used by a userspace applications (bnc#1129898). - CVE-2019-3900: Fixed an infinite loop issue while handling incoming packets in handle_rx() (bnc#1133374). - CVE-2020-12770: Fixed sg_remove_request call in a certain failure cases (bsc#1171420). - CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bnc#1191193) - CVE-2021-22543: Fixed improper handling of VM_IO|VM_PFNMAP vmas in KVM, which could bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allowed users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation (bsc#1186482). - CVE-2021-33033: Fixed a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled (bsc#1186109). - CVE-2021-34556: Fixed side-channel attack via a Speculative Store Bypass via unprivileged BPF program that could have obtain sensitive information from kernel memory (bsc#1188983). - CVE-2021-35477: Fixed BPF stack frame pointer which could have been abused to disclose content of arbitrary kernel memory (bsc#1188985). - CVE-2021-3640: Fixed a Use-After-Free vulnerability in function sco_sock_sendmsg() in the bluetooth stack (bsc#1188172). - CVE-2021-3653: Missing validation of the `int_ctl` VMCB field and allows a malicious L1 guest to enable AVIC support for the L2 guest. (bsc#1189399). - CVE-2021-3655: Fixed a missing size validations on inbound SCTP packets, which may have allowed the kernel to read uninitialized memory (bsc#1188563). - CVE-2021-3656: Missing validation of the the `virt_ext` VMCB field and allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS for the L2 guest (bsc#1189400). - CVE-2021-3659: Fixed a NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (bsc#1188876). - CVE-2021-3679: A lack of CPU resource in tracing module functionality was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service (bnc#1189057). - CVE-2021-37159: Fixed use-after-free and a double free inside hso_free_net_device in drivers/net/usb/hso.c when unregister_netdev is called without checking for the NETREG_REGISTERED state (bnc#1188601). - CVE-2021-3732: Mounting overlayfs inside an unprivileged user namespace can reveal files (bsc#1189706). - CVE-2021-3744: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1189884) - CVE-2021-3752: Fixed a use after free vulnerability in the Linux kernel's bluetooth module. (bsc#1190023) - CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling (bsc#1190025). - CVE-2021-37576: Fixed an issue on the powerpc platform, where a KVM guest OS user could cause host OS memory corruption via rtas_args.nargs (bsc#1188838). - CVE-2021-3760: Fixed a use-after-free vulnerability with the ndev->rf_conn_info object (bsc#1190067). - CVE-2021-3764: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1190534) - CVE-2021-38160: Data corruption or loss could be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190117) - CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault (bnc#1189262). - CVE-2021-38204: drivers/usb/host/max3421-hcd.c allowed physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations (bnc#1189291). - CVE-2021-40490: Fixed a race condition discovered in the ext4 subsystem that could leat to local priviledge escalation. (bnc#1190159) - CVE-2021-41864: Fixed prealloc_elems_and_freelist that allowed unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write (bnc#1191317). - CVE-2021-42008: Fixed a slab out-of-bounds write in the decode_data function in drivers/net/hamradio/6pack.c. Input from a process that had the CAP_NET_ADMIN capability could have lead to root access (bsc#1191315). - CVE-2021-42252: Fixed an issue inside aspeed_lpc_ctrl_mmap that could have allowed local attackers to access the Aspeed LPC control interface to overwrite memory in the kernel and potentially execute privileges (bnc#1190479). The following non-security bugs were fixed: - bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22913) - bpf: Disallow unprivileged bpf by default (jsc#SLE-22913). - cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode (bsc#1185758,bsc#1192400). - drm: fix spectre issue in vmw_execbuf_ioctl (bsc#1192802). - ftrace: Fix scripts/recordmcount.pl due to new binutils (bsc#1192267). - gigaset: fix spectre issue in do_data_b3_req (bsc#1192802). - hisax: fix spectre issues (bsc#1192802). - hv: mana: adjust mana_select_queue to old API (jsc#SLE-18779, bsc#1185726). - hv: mana: fake bitmap API (jsc#SLE-18779, bsc#1185726). - hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#1185726). - hysdn: fix spectre issue in hycapi_send_message (bsc#1192802). - infiniband: fix spectre issue in ib_uverbs_write (bsc#1192802). - ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115). - iwlwifi: fix spectre issue in iwl_dbgfs_update_pm (bsc#1192802). - media: dvb_ca_en50221: prevent using slot_info for Spectre attacs (bsc#1192802). - media: dvb_ca_en50221: sanity check slot number from userspace (bsc#1192802). - media: wl128x: get rid of a potential spectre issue (bsc#1192802). - memcg: enable accounting for file lock caches (bsc#1190115). - mpt3sas: fix spectre issues (bsc#1192802). - net_sched: cls_route: remove the right filter from hashtable (networking-stable-20_03_28). - net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#SLE-18779, bsc#1185726). - net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185726). - net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779, bsc#1185726). - net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779, bsc#1185726). - net: mana: Fix error handling in mana_create_rxq() (git-fixes, bsc#1191800). - net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185726). - net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185726). - net: mana: remove redundant initialization of variable err (jsc#SLE-18779, bsc#1185726). - net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#SLE-18779, bsc#1185726). - net: sched: sch_teql: fix null-pointer dereference (bsc#1190717). - net: sock_diag: Fix spectre v1 gadget in __sock_diag_cmd() (bsc#1192802). - net/mlx4_en: Avoid scheduling restart task if it is already running (bsc#1181854). - net/mlx4_en: Handle TX error CQE (bsc#1181854). - objtool: Do not fail on missing symbol table (bsc#1192379). - osst: fix spectre issue in osst_verify_frame (bsc#1192802). - ovl: check whiteout in ovl_create_over_whiteout() (bsc#1189846). - ovl: filter of trusted xattr results in audit (bsc#1189846). - ovl: fix dentry leak in ovl_get_redirect (bsc#1189846). - ovl: initialize error in ovl_copy_xattr (bsc#1189846). - ovl: relax WARN_ON() on rename to self (bsc#1189846). - s390/bpf: implement jitting of BPF_ALU | BPF_ARSH | BPF_* (bsc#1190601). - s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant (bsc#1190601). - s390/bpf: Fix branch shortening during codegen pass (bsc#1190601). - s390/bpf: Fix optimizing out zero-extensions (bsc#1190601). - s390/bpf: Wrap JIT macro parameter usages in parentheses (bsc#1190601). - sctp: check asoc peer.asconf_capable before processing asconf (bsc#1190351). - sctp: fully initialize v4 addr in some functions (bsc#1188563). - sysvipc/sem: mitigate semnum index against spectre v1 (bsc#1192802). - x86/CPU: Add more Icelake model numbers (bsc#1185758,bsc#1192400). - xfrm: xfrm_state_mtu should return at least 1280 for ipv6 (bsc#1185377). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-3969=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-3969=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2021-3969=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3969=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3969=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2021-3969=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): kernel-default-4.12.14-150.78.1 kernel-default-base-4.12.14-150.78.1 kernel-default-debuginfo-4.12.14-150.78.1 kernel-default-debugsource-4.12.14-150.78.1 kernel-default-devel-4.12.14-150.78.1 kernel-default-devel-debuginfo-4.12.14-150.78.1 kernel-obs-build-4.12.14-150.78.2 kernel-obs-build-debugsource-4.12.14-150.78.2 kernel-syms-4.12.14-150.78.1 kernel-vanilla-base-4.12.14-150.78.1 kernel-vanilla-base-debuginfo-4.12.14-150.78.1 kernel-vanilla-debuginfo-4.12.14-150.78.1 kernel-vanilla-debugsource-4.12.14-150.78.1 reiserfs-kmp-default-4.12.14-150.78.1 reiserfs-kmp-default-debuginfo-4.12.14-150.78.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): kernel-devel-4.12.14-150.78.1 kernel-docs-4.12.14-150.78.2 kernel-macros-4.12.14-150.78.1 kernel-source-4.12.14-150.78.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): kernel-default-4.12.14-150.78.1 kernel-default-base-4.12.14-150.78.1 kernel-default-debuginfo-4.12.14-150.78.1 kernel-default-debugsource-4.12.14-150.78.1 kernel-default-devel-4.12.14-150.78.1 kernel-default-devel-debuginfo-4.12.14-150.78.1 kernel-obs-build-4.12.14-150.78.2 kernel-obs-build-debugsource-4.12.14-150.78.2 kernel-syms-4.12.14-150.78.1 kernel-vanilla-base-4.12.14-150.78.1 kernel-vanilla-base-debuginfo-4.12.14-150.78.1 kernel-vanilla-debuginfo-4.12.14-150.78.1 kernel-vanilla-debugsource-4.12.14-150.78.1 reiserfs-kmp-default-4.12.14-150.78.1 reiserfs-kmp-default-debuginfo-4.12.14-150.78.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): kernel-devel-4.12.14-150.78.1 kernel-docs-4.12.14-150.78.2 kernel-macros-4.12.14-150.78.1 kernel-source-4.12.14-150.78.1 - SUSE Linux Enterprise Server 15-LTSS (s390x): kernel-default-man-4.12.14-150.78.1 kernel-zfcpdump-debuginfo-4.12.14-150.78.1 kernel-zfcpdump-debugsource-4.12.14-150.78.1 - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-150.78.1 kernel-default-debugsource-4.12.14-150.78.1 kernel-default-livepatch-4.12.14-150.78.1 kernel-livepatch-4_12_14-150_78-default-1-1.3.1 kernel-livepatch-4_12_14-150_78-default-debuginfo-1-1.3.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): kernel-default-4.12.14-150.78.1 kernel-default-base-4.12.14-150.78.1 kernel-default-debuginfo-4.12.14-150.78.1 kernel-default-debugsource-4.12.14-150.78.1 kernel-default-devel-4.12.14-150.78.1 kernel-default-devel-debuginfo-4.12.14-150.78.1 kernel-obs-build-4.12.14-150.78.2 kernel-obs-build-debugsource-4.12.14-150.78.2 kernel-syms-4.12.14-150.78.1 kernel-vanilla-base-4.12.14-150.78.1 kernel-vanilla-base-debuginfo-4.12.14-150.78.1 kernel-vanilla-debuginfo-4.12.14-150.78.1 kernel-vanilla-debugsource-4.12.14-150.78.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): kernel-devel-4.12.14-150.78.1 kernel-docs-4.12.14-150.78.2 kernel-macros-4.12.14-150.78.1 kernel-source-4.12.14-150.78.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): kernel-default-4.12.14-150.78.1 kernel-default-base-4.12.14-150.78.1 kernel-default-debuginfo-4.12.14-150.78.1 kernel-default-debugsource-4.12.14-150.78.1 kernel-default-devel-4.12.14-150.78.1 kernel-default-devel-debuginfo-4.12.14-150.78.1 kernel-obs-build-4.12.14-150.78.2 kernel-obs-build-debugsource-4.12.14-150.78.2 kernel-syms-4.12.14-150.78.1 kernel-vanilla-base-4.12.14-150.78.1 kernel-vanilla-base-debuginfo-4.12.14-150.78.1 kernel-vanilla-debuginfo-4.12.14-150.78.1 kernel-vanilla-debugsource-4.12.14-150.78.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): kernel-devel-4.12.14-150.78.1 kernel-docs-4.12.14-150.78.2 kernel-macros-4.12.14-150.78.1 kernel-source-4.12.14-150.78.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-150.78.1 cluster-md-kmp-default-debuginfo-4.12.14-150.78.1 dlm-kmp-default-4.12.14-150.78.1 dlm-kmp-default-debuginfo-4.12.14-150.78.1 gfs2-kmp-default-4.12.14-150.78.1 gfs2-kmp-default-debuginfo-4.12.14-150.78.1 kernel-default-debuginfo-4.12.14-150.78.1 kernel-default-debugsource-4.12.14-150.78.1 ocfs2-kmp-default-4.12.14-150.78.1 ocfs2-kmp-default-debuginfo-4.12.14-150.78.1 References: https://www.suse.com/security/cve/CVE-2018-3639.html https://www.suse.com/security/cve/CVE-2018-9517.html https://www.suse.com/security/cve/CVE-2019-3874.html https://www.suse.com/security/cve/CVE-2019-3900.html https://www.suse.com/security/cve/CVE-2020-12770.html https://www.suse.com/security/cve/CVE-2020-3702.html https://www.suse.com/security/cve/CVE-2021-0941.html https://www.suse.com/security/cve/CVE-2021-20320.html https://www.suse.com/security/cve/CVE-2021-20322.html https://www.suse.com/security/cve/CVE-2021-22543.html https://www.suse.com/security/cve/CVE-2021-31916.html https://www.suse.com/security/cve/CVE-2021-33033.html https://www.suse.com/security/cve/CVE-2021-34556.html https://www.suse.com/security/cve/CVE-2021-34981.html https://www.suse.com/security/cve/CVE-2021-35477.html https://www.suse.com/security/cve/CVE-2021-3640.html https://www.suse.com/security/cve/CVE-2021-3653.html https://www.suse.com/security/cve/CVE-2021-3655.html https://www.suse.com/security/cve/CVE-2021-3656.html https://www.suse.com/security/cve/CVE-2021-3659.html https://www.suse.com/security/cve/CVE-2021-3679.html https://www.suse.com/security/cve/CVE-2021-37159.html https://www.suse.com/security/cve/CVE-2021-3732.html https://www.suse.com/security/cve/CVE-2021-3744.html https://www.suse.com/security/cve/CVE-2021-3752.html https://www.suse.com/security/cve/CVE-2021-3753.html https://www.suse.com/security/cve/CVE-2021-37576.html https://www.suse.com/security/cve/CVE-2021-3760.html https://www.suse.com/security/cve/CVE-2021-3764.html https://www.suse.com/security/cve/CVE-2021-3772.html https://www.suse.com/security/cve/CVE-2021-38160.html https://www.suse.com/security/cve/CVE-2021-38198.html https://www.suse.com/security/cve/CVE-2021-38204.html https://www.suse.com/security/cve/CVE-2021-40490.html https://www.suse.com/security/cve/CVE-2021-41864.html https://www.suse.com/security/cve/CVE-2021-42008.html https://www.suse.com/security/cve/CVE-2021-42252.html https://bugzilla.suse.com/1085235 https://bugzilla.suse.com/1085308 https://bugzilla.suse.com/1087078 https://bugzilla.suse.com/1087082 https://bugzilla.suse.com/1100394 https://bugzilla.suse.com/1102640 https://bugzilla.suse.com/1105412 https://bugzilla.suse.com/1108488 https://bugzilla.suse.com/1129898 https://bugzilla.suse.com/1133374 https://bugzilla.suse.com/1171420 https://bugzilla.suse.com/1173489 https://bugzilla.suse.com/1174161 https://bugzilla.suse.com/1181854 https://bugzilla.suse.com/1184804 https://bugzilla.suse.com/1185377 https://bugzilla.suse.com/1185726 https://bugzilla.suse.com/1185758 https://bugzilla.suse.com/1186109 https://bugzilla.suse.com/1186482 https://bugzilla.suse.com/1188172 https://bugzilla.suse.com/1188563 https://bugzilla.suse.com/1188601 https://bugzilla.suse.com/1188838 https://bugzilla.suse.com/1188876 https://bugzilla.suse.com/1188983 https://bugzilla.suse.com/1188985 https://bugzilla.suse.com/1189057 https://bugzilla.suse.com/1189262 https://bugzilla.suse.com/1189291 https://bugzilla.suse.com/1189399 https://bugzilla.suse.com/1189400 https://bugzilla.suse.com/1189706 https://bugzilla.suse.com/1189846 https://bugzilla.suse.com/1189884 https://bugzilla.suse.com/1190023 https://bugzilla.suse.com/1190025 https://bugzilla.suse.com/1190067 https://bugzilla.suse.com/1190117 https://bugzilla.suse.com/1190159 https://bugzilla.suse.com/1190351 https://bugzilla.suse.com/1190479 https://bugzilla.suse.com/1190534 https://bugzilla.suse.com/1190601 https://bugzilla.suse.com/1190717 https://bugzilla.suse.com/1191193 https://bugzilla.suse.com/1191315 https://bugzilla.suse.com/1191317 https://bugzilla.suse.com/1191790 https://bugzilla.suse.com/1191800 https://bugzilla.suse.com/1191961 https://bugzilla.suse.com/1192045 https://bugzilla.suse.com/1192267 https://bugzilla.suse.com/1192379 https://bugzilla.suse.com/1192400 https://bugzilla.suse.com/1192775 https://bugzilla.suse.com/1192781 https://bugzilla.suse.com/1192802 From sle-updates at lists.suse.com Tue Dec 7 20:30:57 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 7 Dec 2021 21:30:57 +0100 (CET) Subject: SUSE-RU-2021:3970-1: moderate: Recommended update for suse-module-tools Message-ID: <20211207203057.789C1FC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for suse-module-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3970-1 Rating: moderate References: #1189841 #1189879 #1190598 #1191200 #1191260 #1191480 #1191804 #1191922 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This update for suse-module-tools fixes the following issues: Update to version 12.6.1: Import kernel scriptlets from kernel-source * rpm-script: fix bad exit status in OpenQA (bsc#1191922) * cert-script: Deal with existing $cert.delete file (bsc#1191804). * cert-script: Ignore kernel keyring for kernel certificates (bsc#1191480). * cert-script: Only print mokutil output in verbose mode. * inkmp-script(postun): don't pass existing files to weak-modules2 (bsc#1191200) * kernel-scriptlets: skip cert scriptlet on non-UEFI systems (bsc#1191260) * rpm-script: link config also into /boot (bsc#1189879) * Import kernel scriptlets from kernel-source. (bsc#1189841, bsc#1190598) * Provide "suse-kernel-rpm-scriptlets" Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-3970=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-3970=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-3970=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-3970=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-3970=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-3970=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-3970=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-3970=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-3970=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-3970=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-3970=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): suse-module-tools-12.6.1-27.6.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): suse-module-tools-12.6.1-27.6.1 - SUSE OpenStack Cloud 9 (x86_64): suse-module-tools-12.6.1-27.6.1 - SUSE OpenStack Cloud 8 (x86_64): suse-module-tools-12.6.1-27.6.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): suse-module-tools-12.6.1-27.6.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): suse-module-tools-12.6.1-27.6.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): suse-module-tools-12.6.1-27.6.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): suse-module-tools-12.6.1-27.6.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): suse-module-tools-12.6.1-27.6.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): suse-module-tools-12.6.1-27.6.1 - HPE Helion Openstack 8 (x86_64): suse-module-tools-12.6.1-27.6.1 References: https://bugzilla.suse.com/1189841 https://bugzilla.suse.com/1189879 https://bugzilla.suse.com/1190598 https://bugzilla.suse.com/1191200 https://bugzilla.suse.com/1191260 https://bugzilla.suse.com/1191480 https://bugzilla.suse.com/1191804 https://bugzilla.suse.com/1191922 From sle-updates at lists.suse.com Wed Dec 8 07:42:12 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Dec 2021 08:42:12 +0100 (CET) Subject: SUSE-CU-2021:576-1: Recommended update of suse/sles12sp4 Message-ID: <20211208074212.2F8B0FC9F@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:576-1 Container Tags : suse/sles12sp4:26.386 , suse/sles12sp4:latest Container Release : 26.386 Severity : moderate Type : recommended References : 1192681 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3965-1 Released: Tue Dec 7 10:08:23 2021 Summary: Recommended update for nghttp2 Type: recommended Severity: moderate References: 1192681 This update for nghttp2 fixes the following issue: - libnghttp2-devel was missing from the SDK. (bsc#1192681) The following package changes have been done: - base-container-licenses-3.0-1.256 updated - container-suseconnect-2.0.0-1.150 updated - libnghttp2-14-1.39.2-3.7.1 updated From sle-updates at lists.suse.com Wed Dec 8 07:52:51 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Dec 2021 08:52:51 +0100 (CET) Subject: SUSE-CU-2021:577-1: Recommended update of suse/sles12sp5 Message-ID: <20211208075251.617ADFC9F@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:577-1 Container Tags : suse/sles12sp5:6.5.269 , suse/sles12sp5:latest Container Release : 6.5.269 Severity : moderate Type : recommended References : 1192681 1192790 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3931-1 Released: Mon Dec 6 11:17:00 2021 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1192790 This update for curl fixes the following issues: - Fix sftp via proxy failure in curl, by preventing libssh from creating socket (bsc#1192790) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3965-1 Released: Tue Dec 7 10:08:23 2021 Summary: Recommended update for nghttp2 Type: recommended Severity: moderate References: 1192681 This update for nghttp2 fixes the following issue: - libnghttp2-devel was missing from the SDK. (bsc#1192681) The following package changes have been done: - libcurl4-7.60.0-11.31.1 updated - libnghttp2-14-1.39.2-3.7.1 updated From sle-updates at lists.suse.com Wed Dec 8 11:17:05 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Dec 2021 12:17:05 +0100 (CET) Subject: SUSE-RU-2021:3971-1: moderate: Recommended update for resource-agents Message-ID: <20211208111705.CF2CCFC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3971-1 Rating: moderate References: #1180668 #1184382 #1186830 Affected Products: SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for resource-agents fixes the following issues: - Drop prefix xenmigr from VirtualDomain migrate URI which is no longer supported by libvirt and can cause migration to fail (bsc#1180668) - Fix failover issue due to a Google API being unreachable (bsc#1186830) - Fix nfs-ganesha failover taking avery long time to regain access to nfs share (bsc#1184382) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2021-3971=1 Package List: - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): ldirectord-4.3.0184.6ee15eb2-4.57.1 resource-agents-4.3.0184.6ee15eb2-4.57.1 resource-agents-debuginfo-4.3.0184.6ee15eb2-4.57.1 resource-agents-debugsource-4.3.0184.6ee15eb2-4.57.1 - SUSE Linux Enterprise High Availability 15-SP1 (noarch): monitoring-plugins-metadata-4.3.0184.6ee15eb2-4.57.1 References: https://bugzilla.suse.com/1180668 https://bugzilla.suse.com/1184382 https://bugzilla.suse.com/1186830 From sle-updates at lists.suse.com Wed Dec 8 14:16:27 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 8 Dec 2021 15:16:27 +0100 (CET) Subject: SUSE-SU-2021:3972-1: important: Security update for the Linux Kernel Message-ID: <20211208141627.8C84AFC9F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3972-1 Rating: important References: #1087082 #1100416 #1108488 #1129735 #1129898 #1133374 #1153720 #1171420 #1176724 #1176931 #1180624 #1181854 #1181855 #1183050 #1183861 #1184673 #1184804 #1185377 #1185677 #1185726 #1185727 #1185758 #1185973 #1186063 #1186482 #1186483 #1186672 #1188026 #1188172 #1188563 #1188601 #1188613 #1188838 #1188842 #1188876 #1188983 #1188985 #1189057 #1189262 #1189278 #1189291 #1189399 #1189400 #1189418 #1189420 #1189706 #1189846 #1189884 #1190023 #1190025 #1190067 #1190115 #1190117 #1190118 #1190159 #1190276 #1190349 #1190350 #1190351 #1190432 #1190479 #1190534 #1190601 #1190717 #1191193 #1191315 #1191317 #1191318 #1191529 #1191530 #1191628 #1191660 #1191790 #1191801 #1191813 #1191961 #1192036 #1192045 #1192048 #1192267 #1192379 #1192400 #1192444 #1192549 #1192775 #1192781 #1192802 Cross-References: CVE-2018-13405 CVE-2018-9517 CVE-2019-3874 CVE-2019-3900 CVE-2020-0429 CVE-2020-12770 CVE-2020-3702 CVE-2021-0941 CVE-2021-20322 CVE-2021-22543 CVE-2021-31916 CVE-2021-34556 CVE-2021-34981 CVE-2021-3542 CVE-2021-35477 CVE-2021-3640 CVE-2021-3653 CVE-2021-3655 CVE-2021-3656 CVE-2021-3659 CVE-2021-3679 CVE-2021-3715 CVE-2021-37159 CVE-2021-3732 CVE-2021-3744 CVE-2021-3752 CVE-2021-3753 CVE-2021-37576 CVE-2021-3759 CVE-2021-3760 CVE-2021-3764 CVE-2021-3772 CVE-2021-38160 CVE-2021-38198 CVE-2021-38204 CVE-2021-40490 CVE-2021-41864 CVE-2021-42008 CVE-2021-42252 CVE-2021-42739 CVSS scores: CVE-2018-13405 (NVD) : 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2018-13405 (SUSE): 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVE-2018-9517 (NVD) : 6.7 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2018-9517 (SUSE): 2.5 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2019-3874 (NVD) : 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-3874 (SUSE): 5.1 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-3900 (NVD) : 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2019-3900 (SUSE): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-0429 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-0429 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-12770 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-12770 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2020-3702 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-3702 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-0941 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-20322 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2021-22543 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-22543 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-31916 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-31916 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-34556 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-34981 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2021-3542 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-35477 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-3640 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3653 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3655 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-3656 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3659 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3679 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3715 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-37159 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-37159 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3732 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-3744 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3752 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3753 (SUSE): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-37576 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3759 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3760 (SUSE): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3764 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3772 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-38160 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-38198 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-38204 (SUSE): 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-40490 (SUSE): 6.1 CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-41864 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-42008 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-42008 (SUSE): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-42252 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-42739 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that solves 40 vulnerabilities and has 47 fixes is now available. Description: The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - Unprivileged BPF has been disabled by default to reduce attack surface as too many security issues have happened in the past (jsc#SLE-22573) You can reenable via systemctl setting /proc/sys/kernel/unprivileged_bpf_disabled to 0. (kernel.unprivileged_bpf_disabled = 0) The following security bugs were fixed: - CVE-2021-0941: In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192045). - CVE-2021-31916: An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel A bound check failure allowed an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability (bnc#1192781). - CVE-2021-20322: Make the ipv4 and ipv6 ICMP exception caches less predictive to avoid information leaks about UDP ports in use. (bsc#1191790) - CVE-2021-34981: Fixed file refcounting in cmtp when cmtp_attach_device fails. (bsc#1191961) - CVE-2021-3655: Fixed a missing size validations on inbound SCTP packets, which may have allowed the kernel to read uninitialized memory (bsc#1188563). - CVE-2021-3715: Fixed a use-after-free in route4_change() in net/sched/cls_route.c (bsc#1190349). - CVE-2021-3760: Fixed a use-after-free vulnerability with the ndev->rf_conn_info object (bsc#1190067). - CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673). - CVE-2021-3542: Fixed heap buffer overflow in firedtv driver (bsc#1186063). - CVE-2021-42252: Fixed an issue inside aspeed_lpc_ctrl_mmap that could have allowed local attackers to access the Aspeed LPC control interface to overwrite memory in the kernel and potentially execute privileges (bnc#1190479). - CVE-2021-41864: Fixed prealloc_elems_and_freelist that allowed unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write (bnc#1191317). - CVE-2021-42008: Fixed a slab out-of-bounds write in the decode_data function in drivers/net/hamradio/6pack.c. Input from a process that had the CAP_NET_ADMIN capability could have lead to root access (bsc#1191315). - CVE-2021-37159: Fixed use-after-free and a double free inside hso_free_net_device in drivers/net/usb/hso.c when unregister_netdev is called without checking for the NETREG_REGISTERED state (bnc#1188601). - CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bnc#1191193) - CVE-2021-3752: Fixed a use after free vulnerability in the Linux kernel's bluetooth module. (bsc#1190023) - CVE-2021-40490: Fixed a race condition discovered in the ext4 subsystem that could leat to local priviledge escalation. (bnc#1190159) - CVE-2021-3744: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1189884) - CVE-2021-3764: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1190534) - CVE-2021-3772: Fixed a remote denial of service in the SCTP stack, if the attacker can spoof IP addresses and knows the IP-addresses and port numbers being used (bnc#1190351). - CVE-2018-9517: Fixed possible memory corruption due to a use after free in pppol2tp_connect (bsc#1108488). - CVE-2019-3874: Fixed possible denial of service attack via SCTP socket buffer used by a userspace applications (bnc#1129898). - CVE-2019-3900: Fixed an infinite loop issue while handling incoming packets in handle_rx() (bnc#1133374). - CVE-2021-3640: Fixed a Use-After-Free vulnerability in function sco_sock_sendmsg() in the bluetooth stack (bsc#1188172). - CVE-2021-3653: Missing validation of the `int_ctl` VMCB field and allows a malicious L1 guest to enable AVIC support for the L2 guest. (bsc#1189399). - CVE-2021-3656: Missing validation of the the `virt_ext` VMCB field and allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS for the L2 guest (bsc#1189400). - CVE-2021-3679: A lack of CPU resource in tracing module functionality was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service (bnc#1189057). - CVE-2021-3732: Mounting overlayfs inside an unprivileged user namespace can reveal files (bsc#1189706). - CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling (bsc#1190025). - CVE-2021-3759: Unaccounted ipc objects in Linux kernel could have lead to breaking memcg limits and DoS attacks (bsc#1190115). - CVE-2021-38160: Data corruption or loss could be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190117) - CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault (bnc#1189262). - CVE-2021-38204: drivers/usb/host/max3421-hcd.c allowed physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations (bnc#1189291). - CVE-2021-34556: Fixed side-channel attack via a Speculative Store Bypass via unprivileged BPF program that could have obtain sensitive information from kernel memory (bsc#1188983). - CVE-2021-35477: Fixed BPF stack frame pointer which could have been abused to disclose content of arbitrary kernel memory (bsc#1188985). - CVE-2020-12770: Fixed sg_remove_request call in a certain failure cases (bsc#1171420). - CVE-2021-3659: Fixed a NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (bsc#1188876). - CVE-2021-22543: Fixed improper handling of VM_IO|VM_PFNMAP vmas in KVM, which could bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allowed users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation (bsc#1186482). - CVE-2021-37576: Fixed an issue on the powerpc platform, where a KVM guest OS user could cause host OS memory corruption via rtas_args.nargs (bsc#1188838). - CVE-2020-0429: In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. (bsc#1176724). The following non-security bugs were fixed: - Add arch-dependent support markers in supported.conf (bsc#1186672) - Add the support for kernel-FLAVOR-optional subpackage (jsc#SLE-11796) - NFS: Do uncached readdir when we're seeking a cookie in an empty page cache (bsc#1191628). - PCI: hv: Use expected affinity when unmasking IRQ (bsc#1185973). - Use /usr/lib/modules as module dir when usermerge is active in the target distro. - UsrMerge the kernel (boo#1184804) - bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22913) - bpf: Disallow unprivileged bpf by default (jsc#SLE-22913). - cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode (bsc#1185758,bsc#1192400). - drm: fix spectre issue in vmw_execbuf_ioctl (bsc#1192802). - drop debugging statements - ftrace: Fix scripts/recordmcount.pl due to new binutils (bsc#1192267). - gigaset: fix spectre issue in do_data_b3_req (bsc#1192802). - handle also race conditions in /proc/net/tcp code - hisax: fix spectre issues (bsc#1192802). - hv: adjust mana_select_queue to old ndo_select_queue API - hv: mana: adjust mana_select_queue to old API (jsc#SLE-18779, bsc#1185727). - hv: mana: fake bitmap API (jsc#SLE-18779, bsc#1185726). - hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#1185727). - hysdn: fix spectre issue in hycapi_send_message (bsc#1192802). - infiniband: fix spectre issue in ib_uverbs_write (bsc#1192802). - ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115). - iwlwifi: fix spectre issue in iwl_dbgfs_update_pm (bsc#1192802). - media: dvb_ca_en50221: prevent using slot_info for Spectre attacs (bsc#1192802). - media: dvb_ca_en50221: sanity check slot number from userspace (bsc#1192802). - media: wl128x: get rid of a potential spectre issue (bsc#1192802). - memcg: enable accounting for file lock caches (bsc#1190115). - mm: vmscan: scan anonymous pages on file refaults (VM Performance, bsc#1183050). - mpt3sas: fix spectre issues (bsc#1192802). - net/mlx4_en: Avoid scheduling restart task if it is already running (bsc#1181854 bsc#1181855). - net/mlx4_en: Handle TX error CQE (bsc#1181854 bsc#1181855). - net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779, bsc#1185727). - net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#SLE-18779, bsc#1185727). - net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185727). - net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779, bsc#1185727). - net: mana: Fix error handling in mana_create_rxq() (git-fixes, bsc#1191801). - net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185727). - net: mana: Prefer struct_size over open coded arithmetic (jsc#SLE-18779, bsc#1185727). - net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#SLE-18779, bsc#1185727). - net: mana: Use struct_size() in kzalloc() (jsc#SLE-18779, bsc#1185727). - net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185727). - net: mana: remove redundant initialization of variable err (jsc#SLE-18779, bsc#1185727). - net: sched: sch_teql: fix null-pointer dereference (bsc#1190717). - net: sock_diag: Fix spectre v1 gadget in __sock_diag_cmd() (bsc#1192802). - net_sched: cls_route: remove the right filter from hashtable (networking-stable-20_03_28). - objtool: Do not fail on missing symbol table (bsc#1192379). - osst: fix spectre issue in osst_verify_frame (bsc#1192802). - ovl: check whiteout in ovl_create_over_whiteout() (bsc#1189846). - ovl: filter of trusted xattr results in audit (bsc#1189846). - ovl: fix dentry leak in ovl_get_redirect (bsc#1189846). - ovl: initialize error in ovl_copy_xattr (bsc#1189846). - ovl: relax WARN_ON() on rename to self (bsc#1189846). - s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant (bsc#1190601). - s390/bpf: Fix branch shortening during codegen pass (bsc#1190601). - s390/bpf: Fix optimizing out zero-extensions (bsc#1190601). - s390/bpf: Wrap JIT macro parameter usages in parentheses (bsc#1190601). - s390/unwind: use current_frame_address() to unwind current task (bsc#1185677). - s390/vtime: fix increased steal time accounting (bsc#1183861). - s390: bpf: implement jitting of BPF_ALU | BPF_ARSH | BPF_* (bsc#1190601). - scripts/git_sort/git_sort.py: add bpf git repo - sctp: check asoc peer.asconf_capable before processing asconf (bsc#1190351). - sctp: fully initialize v4 addr in some functions (bsc#1188563). - sysvipc/sem: mitigate semnum index against spectre v1 (bsc#1192802). - x86/CPU: Add more Icelake model numbers (bsc#1185758,bsc#1192400). - x86/debug: Extend the lower bound of crash kernel low reservations (bsc#1153720). - xfrm: xfrm_state_mtu should return at least 1280 for ipv6 (bsc#1185377). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-3972=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-3972=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-3972=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-3972=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2021-3972=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2021-3972=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): kernel-default-4.12.14-95.83.2 kernel-default-base-4.12.14-95.83.2 kernel-default-base-debuginfo-4.12.14-95.83.2 kernel-default-debuginfo-4.12.14-95.83.2 kernel-default-debugsource-4.12.14-95.83.2 kernel-default-devel-4.12.14-95.83.2 kernel-default-devel-debuginfo-4.12.14-95.83.2 kernel-syms-4.12.14-95.83.2 - SUSE OpenStack Cloud Crowbar 9 (noarch): kernel-devel-4.12.14-95.83.2 kernel-macros-4.12.14-95.83.2 kernel-source-4.12.14-95.83.2 - SUSE OpenStack Cloud 9 (noarch): kernel-devel-4.12.14-95.83.2 kernel-macros-4.12.14-95.83.2 kernel-source-4.12.14-95.83.2 - SUSE OpenStack Cloud 9 (x86_64): kernel-default-4.12.14-95.83.2 kernel-default-base-4.12.14-95.83.2 kernel-default-base-debuginfo-4.12.14-95.83.2 kernel-default-debuginfo-4.12.14-95.83.2 kernel-default-debugsource-4.12.14-95.83.2 kernel-default-devel-4.12.14-95.83.2 kernel-default-devel-debuginfo-4.12.14-95.83.2 kernel-syms-4.12.14-95.83.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): kernel-default-4.12.14-95.83.2 kernel-default-base-4.12.14-95.83.2 kernel-default-base-debuginfo-4.12.14-95.83.2 kernel-default-debuginfo-4.12.14-95.83.2 kernel-default-debugsource-4.12.14-95.83.2 kernel-default-devel-4.12.14-95.83.2 kernel-syms-4.12.14-95.83.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): kernel-devel-4.12.14-95.83.2 kernel-macros-4.12.14-95.83.2 kernel-source-4.12.14-95.83.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): kernel-default-devel-debuginfo-4.12.14-95.83.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-95.83.2 kernel-default-base-4.12.14-95.83.2 kernel-default-base-debuginfo-4.12.14-95.83.2 kernel-default-debuginfo-4.12.14-95.83.2 kernel-default-debugsource-4.12.14-95.83.2 kernel-default-devel-4.12.14-95.83.2 kernel-syms-4.12.14-95.83.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): kernel-default-devel-debuginfo-4.12.14-95.83.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): kernel-devel-4.12.14-95.83.2 kernel-macros-4.12.14-95.83.2 kernel-source-4.12.14-95.83.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x): kernel-default-man-4.12.14-95.83.2 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kernel-default-kgraft-4.12.14-95.83.2 kernel-default-kgraft-devel-4.12.14-95.83.2 kgraft-patch-4_12_14-95_83-default-1-6.3.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-95.83.2 cluster-md-kmp-default-debuginfo-4.12.14-95.83.2 dlm-kmp-default-4.12.14-95.83.2 dlm-kmp-default-debuginfo-4.12.14-95.83.2 gfs2-kmp-default-4.12.14-95.83.2 gfs2-kmp-default-debuginfo-4.12.14-95.83.2 kernel-default-debuginfo-4.12.14-95.83.2 kernel-default-debugsource-4.12.14-95.83.2 ocfs2-kmp-default-4.12.14-95.83.2 ocfs2-kmp-default-debuginfo-4.12.14-95.83.2 References: https://www.suse.com/security/cve/CVE-2018-13405.html https://www.suse.com/security/cve/CVE-2018-9517.html https://www.suse.com/security/cve/CVE-2019-3874.html https://www.suse.com/security/cve/CVE-2019-3900.html https://www.suse.com/security/cve/CVE-2020-0429.html https://www.suse.com/security/cve/CVE-2020-12770.html https://www.suse.com/security/cve/CVE-2020-3702.html https://www.suse.com/security/cve/CVE-2021-0941.html https://www.suse.com/security/cve/CVE-2021-20322.html https://www.suse.com/security/cve/CVE-2021-22543.html https://www.suse.com/security/cve/CVE-2021-31916.html https://www.suse.com/security/cve/CVE-2021-34556.html https://www.suse.com/security/cve/CVE-2021-34981.html https://www.suse.com/security/cve/CVE-2021-3542.html https://www.suse.com/security/cve/CVE-2021-35477.html https://www.suse.com/security/cve/CVE-2021-3640.html https://www.suse.com/security/cve/CVE-2021-3653.html https://www.suse.com/security/cve/CVE-2021-3655.html https://www.suse.com/security/cve/CVE-2021-3656.html https://www.suse.com/security/cve/CVE-2021-3659.html https://www.suse.com/security/cve/CVE-2021-3679.html https://www.suse.com/security/cve/CVE-2021-3715.html https://www.suse.com/security/cve/CVE-2021-37159.html https://www.suse.com/security/cve/CVE-2021-3732.html https://www.suse.com/security/cve/CVE-2021-3744.html https://www.suse.com/security/cve/CVE-2021-3752.html https://www.suse.com/security/cve/CVE-2021-3753.html https://www.suse.com/security/cve/CVE-2021-37576.html https://www.suse.com/security/cve/CVE-2021-3759.html https://www.suse.com/security/cve/CVE-2021-3760.html https://www.suse.com/security/cve/CVE-2021-3764.html https://www.suse.com/security/cve/CVE-2021-3772.html https://www.suse.com/security/cve/CVE-2021-38160.html https://www.suse.com/security/cve/CVE-2021-38198.html https://www.suse.com/security/cve/CVE-2021-38204.html https://www.suse.com/security/cve/CVE-2021-40490.html https://www.suse.com/security/cve/CVE-2021-41864.html https://www.suse.com/security/cve/CVE-2021-42008.html https://www.suse.com/security/cve/CVE-2021-42252.html https://www.suse.com/security/cve/CVE-2021-42739.html https://bugzilla.suse.com/1087082 https://bugzilla.suse.com/1100416 https://bugzilla.suse.com/1108488 https://bugzilla.suse.com/1129735 https://bugzilla.suse.com/1129898 https://bugzilla.suse.com/1133374 https://bugzilla.suse.com/1153720 https://bugzilla.suse.com/1171420 https://bugzilla.suse.com/1176724 https://bugzilla.suse.com/1176931 https://bugzilla.suse.com/1180624 https://bugzilla.suse.com/1181854 https://bugzilla.suse.com/1181855 https://bugzilla.suse.com/1183050 https://bugzilla.suse.com/1183861 https://bugzilla.suse.com/1184673 https://bugzilla.suse.com/1184804 https://bugzilla.suse.com/1185377 https://bugzilla.suse.com/1185677 https://bugzilla.suse.com/1185726 https://bugzilla.suse.com/1185727 https://bugzilla.suse.com/1185758 https://bugzilla.suse.com/1185973 https://bugzilla.suse.com/1186063 https://bugzilla.suse.com/1186482 https://bugzilla.suse.com/1186483 https://bugzilla.suse.com/1186672 https://bugzilla.suse.com/1188026 https://bugzilla.suse.com/1188172 https://bugzilla.suse.com/1188563 https://bugzilla.suse.com/1188601 https://bugzilla.suse.com/1188613 https://bugzilla.suse.com/1188838 https://bugzilla.suse.com/1188842 https://bugzilla.suse.com/1188876 https://bugzilla.suse.com/1188983 https://bugzilla.suse.com/1188985 https://bugzilla.suse.com/1189057 https://bugzilla.suse.com/1189262 https://bugzilla.suse.com/1189278 https://bugzilla.suse.com/1189291 https://bugzilla.suse.com/1189399 https://bugzilla.suse.com/1189400 https://bugzilla.suse.com/1189418 https://bugzilla.suse.com/1189420 https://bugzilla.suse.com/1189706 https://bugzilla.suse.com/1189846 https://bugzilla.suse.com/1189884 https://bugzilla.suse.com/1190023 https://bugzilla.suse.com/1190025 https://bugzilla.suse.com/1190067 https://bugzilla.suse.com/1190115 https://bugzilla.suse.com/1190117 https://bugzilla.suse.com/1190118 https://bugzilla.suse.com/1190159 https://bugzilla.suse.com/1190276 https://bugzilla.suse.com/1190349 https://bugzilla.suse.com/1190350 https://bugzilla.suse.com/1190351 https://bugzilla.suse.com/1190432 https://bugzilla.suse.com/1190479 https://bugzilla.suse.com/1190534 https://bugzilla.suse.com/1190601 https://bugzilla.suse.com/1190717 https://bugzilla.suse.com/1191193 https://bugzilla.suse.com/1191315 https://bugzilla.suse.com/1191317 https://bugzilla.suse.com/1191318 https://bugzilla.suse.com/1191529 https://bugzilla.suse.com/1191530 https://bugzilla.suse.com/1191628 https://bugzilla.suse.com/1191660 https://bugzilla.suse.com/1191790 https://bugzilla.suse.com/1191801 https://bugzilla.suse.com/1191813 https://bugzilla.suse.com/1191961 https://bugzilla.suse.com/1192036 https://bugzilla.suse.com/1192045 https://bugzilla.suse.com/1192048 https://bugzilla.suse.com/1192267 https://bugzilla.suse.com/1192379 https://bugzilla.suse.com/1192400 https://bugzilla.suse.com/1192444 https://bugzilla.suse.com/1192549 https://bugzilla.suse.com/1192775 https://bugzilla.suse.com/1192781 https://bugzilla.suse.com/1192802 From sle-updates at lists.suse.com Thu Dec 9 05:16:28 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Dec 2021 06:16:28 +0100 (CET) Subject: SUSE-RU-2021:3974-1: moderate: Recommended update for crash Message-ID: <20211209051628.B9635FC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for crash ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3974-1 Rating: moderate References: #1190743 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for crash fixes the following issues: - Fix module loading (bsc#1190743) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-3974=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): crash-7.2.9-23.8.1 crash-debuginfo-7.2.9-23.8.1 crash-debugsource-7.2.9-23.8.1 crash-devel-7.2.9-23.8.1 crash-kmp-default-7.2.9_k5.3.18_59.34-23.8.1 crash-kmp-default-debuginfo-7.2.9_k5.3.18_59.34-23.8.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64): crash-kmp-64kb-7.2.9_k5.3.18_59.34-23.8.1 crash-kmp-64kb-debuginfo-7.2.9_k5.3.18_59.34-23.8.1 References: https://bugzilla.suse.com/1190743 From sle-updates at lists.suse.com Thu Dec 9 05:18:51 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Dec 2021 06:18:51 +0100 (CET) Subject: SUSE-RU-2021:3975-1: moderate: Recommended update for apache2 Message-ID: <20211209051851.4C005FC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3975-1 Rating: moderate References: #1184531 Affected Products: SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for apache2 fixes the following issues: - httpd core dump in a FIPS enabled system (bsc#1184531) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-3975=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-3975=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-3975=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-3975=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-3975=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-3975=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-3975=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3975=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3975=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-3975=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): apache2-2.4.33-3.58.1 apache2-debuginfo-2.4.33-3.58.1 apache2-debugsource-2.4.33-3.58.1 apache2-devel-2.4.33-3.58.1 apache2-prefork-2.4.33-3.58.1 apache2-prefork-debuginfo-2.4.33-3.58.1 apache2-utils-2.4.33-3.58.1 apache2-utils-debuginfo-2.4.33-3.58.1 apache2-worker-2.4.33-3.58.1 apache2-worker-debuginfo-2.4.33-3.58.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): apache2-doc-2.4.33-3.58.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): apache2-2.4.33-3.58.1 apache2-debuginfo-2.4.33-3.58.1 apache2-debugsource-2.4.33-3.58.1 apache2-devel-2.4.33-3.58.1 apache2-prefork-2.4.33-3.58.1 apache2-prefork-debuginfo-2.4.33-3.58.1 apache2-utils-2.4.33-3.58.1 apache2-utils-debuginfo-2.4.33-3.58.1 apache2-worker-2.4.33-3.58.1 apache2-worker-debuginfo-2.4.33-3.58.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): apache2-doc-2.4.33-3.58.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): apache2-2.4.33-3.58.1 apache2-debuginfo-2.4.33-3.58.1 apache2-debugsource-2.4.33-3.58.1 apache2-devel-2.4.33-3.58.1 apache2-prefork-2.4.33-3.58.1 apache2-prefork-debuginfo-2.4.33-3.58.1 apache2-utils-2.4.33-3.58.1 apache2-utils-debuginfo-2.4.33-3.58.1 apache2-worker-2.4.33-3.58.1 apache2-worker-debuginfo-2.4.33-3.58.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): apache2-doc-2.4.33-3.58.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): apache2-doc-2.4.33-3.58.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): apache2-2.4.33-3.58.1 apache2-debuginfo-2.4.33-3.58.1 apache2-debugsource-2.4.33-3.58.1 apache2-devel-2.4.33-3.58.1 apache2-prefork-2.4.33-3.58.1 apache2-prefork-debuginfo-2.4.33-3.58.1 apache2-utils-2.4.33-3.58.1 apache2-utils-debuginfo-2.4.33-3.58.1 apache2-worker-2.4.33-3.58.1 apache2-worker-debuginfo-2.4.33-3.58.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): apache2-2.4.33-3.58.1 apache2-debuginfo-2.4.33-3.58.1 apache2-debugsource-2.4.33-3.58.1 apache2-devel-2.4.33-3.58.1 apache2-prefork-2.4.33-3.58.1 apache2-prefork-debuginfo-2.4.33-3.58.1 apache2-utils-2.4.33-3.58.1 apache2-utils-debuginfo-2.4.33-3.58.1 apache2-worker-2.4.33-3.58.1 apache2-worker-debuginfo-2.4.33-3.58.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): apache2-doc-2.4.33-3.58.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): apache2-2.4.33-3.58.1 apache2-debuginfo-2.4.33-3.58.1 apache2-debugsource-2.4.33-3.58.1 apache2-devel-2.4.33-3.58.1 apache2-prefork-2.4.33-3.58.1 apache2-prefork-debuginfo-2.4.33-3.58.1 apache2-utils-2.4.33-3.58.1 apache2-utils-debuginfo-2.4.33-3.58.1 apache2-worker-2.4.33-3.58.1 apache2-worker-debuginfo-2.4.33-3.58.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): apache2-doc-2.4.33-3.58.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): apache2-2.4.33-3.58.1 apache2-debuginfo-2.4.33-3.58.1 apache2-debugsource-2.4.33-3.58.1 apache2-devel-2.4.33-3.58.1 apache2-prefork-2.4.33-3.58.1 apache2-prefork-debuginfo-2.4.33-3.58.1 apache2-utils-2.4.33-3.58.1 apache2-utils-debuginfo-2.4.33-3.58.1 apache2-worker-2.4.33-3.58.1 apache2-worker-debuginfo-2.4.33-3.58.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): apache2-doc-2.4.33-3.58.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): apache2-2.4.33-3.58.1 apache2-debuginfo-2.4.33-3.58.1 apache2-debugsource-2.4.33-3.58.1 apache2-devel-2.4.33-3.58.1 apache2-prefork-2.4.33-3.58.1 apache2-prefork-debuginfo-2.4.33-3.58.1 apache2-utils-2.4.33-3.58.1 apache2-utils-debuginfo-2.4.33-3.58.1 apache2-worker-2.4.33-3.58.1 apache2-worker-debuginfo-2.4.33-3.58.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): apache2-doc-2.4.33-3.58.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): apache2-2.4.33-3.58.1 apache2-debuginfo-2.4.33-3.58.1 apache2-debugsource-2.4.33-3.58.1 apache2-devel-2.4.33-3.58.1 apache2-prefork-2.4.33-3.58.1 apache2-prefork-debuginfo-2.4.33-3.58.1 apache2-utils-2.4.33-3.58.1 apache2-utils-debuginfo-2.4.33-3.58.1 apache2-worker-2.4.33-3.58.1 apache2-worker-debuginfo-2.4.33-3.58.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): apache2-doc-2.4.33-3.58.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): apache2-2.4.33-3.58.1 apache2-debuginfo-2.4.33-3.58.1 apache2-debugsource-2.4.33-3.58.1 apache2-devel-2.4.33-3.58.1 apache2-prefork-2.4.33-3.58.1 apache2-prefork-debuginfo-2.4.33-3.58.1 apache2-utils-2.4.33-3.58.1 apache2-utils-debuginfo-2.4.33-3.58.1 apache2-worker-2.4.33-3.58.1 apache2-worker-debuginfo-2.4.33-3.58.1 - SUSE Enterprise Storage 6 (noarch): apache2-doc-2.4.33-3.58.1 - SUSE CaaS Platform 4.0 (x86_64): apache2-2.4.33-3.58.1 apache2-debuginfo-2.4.33-3.58.1 apache2-debugsource-2.4.33-3.58.1 apache2-devel-2.4.33-3.58.1 apache2-prefork-2.4.33-3.58.1 apache2-prefork-debuginfo-2.4.33-3.58.1 apache2-utils-2.4.33-3.58.1 apache2-utils-debuginfo-2.4.33-3.58.1 apache2-worker-2.4.33-3.58.1 apache2-worker-debuginfo-2.4.33-3.58.1 - SUSE CaaS Platform 4.0 (noarch): apache2-doc-2.4.33-3.58.1 References: https://bugzilla.suse.com/1184531 From sle-updates at lists.suse.com Thu Dec 9 11:16:26 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Dec 2021 12:16:26 +0100 (CET) Subject: SUSE-RU-2021:3976-1: moderate: Recommended update for selinux-policy Message-ID: <20211209111626.8DD57FC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for selinux-policy ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3976-1 Rating: moderate References: #1185030 Affected Products: SUSE MicroOS 5.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for selinux-policy fixes the following issues: - Fix container runtime binary labels (bsc#1185030) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-3976=1 Package List: - SUSE MicroOS 5.0 (noarch): selinux-policy-20210309-3.6.1 selinux-policy-targeted-20210309-3.6.1 References: https://bugzilla.suse.com/1185030 From sle-updates at lists.suse.com Thu Dec 9 14:15:46 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Dec 2021 15:15:46 +0100 (CET) Subject: SUSE-SU-2021:3978-1: important: Security update for the Linux RT Kernel Message-ID: <20211209141546.11C94FC9F@maintenance.suse.de> SUSE Security Update: Security update for the Linux RT Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3978-1 Rating: important References: #1094840 #1133021 #1152489 #1153275 #1169263 #1169514 #1170269 #1176940 #1179599 #1188601 #1190523 #1190795 #1191790 #1191851 #1191958 #1191961 #1191980 #1192045 #1192229 #1192273 #1192328 #1192718 #1192740 #1192745 #1192750 #1192753 #1192781 #1192802 #1192896 #1192906 #1192918 #1192987 #1192998 #1193002 SLE-22573 Cross-References: CVE-2020-27820 CVE-2021-0941 CVE-2021-20322 CVE-2021-31916 CVE-2021-34981 CVE-2021-37159 CVE-2021-43389 CVSS scores: CVE-2020-27820 (SUSE): 3.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L CVE-2021-0941 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-20322 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2021-31916 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-31916 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-34981 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2021-37159 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-37159 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-43389 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Realtime 15-SP2 ______________________________________________________________________________ An update that solves 7 vulnerabilities, contains one feature and has 27 fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - Unprivileged BPF has been disabled by default to reduce attack surface as too many security issues have happened in the past (jsc#SLE-22573) You can reenable via systemctl setting /proc/sys/kernel/unprivileged_bpf_disabled to 0. (kernel.unprivileged_bpf_disabled = 0) - CVE-2021-0941: In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192045). - CVE-2021-31916: An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel A bound check failure allowed an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability (bnc#1192781). - CVE-2021-20322: Make the ipv4 and ipv6 ICMP exception caches less predictive to avoid information leaks about UDP ports in use. (bsc#1191790) - CVE-2021-34981: Fixed file refcounting in cmtp when cmtp_attach_device fails (bsc#1191961). - CVE-2021-43389: There was an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958). - CVE-2021-37159: hso_free_net_device in drivers/net/usb/hso.c called unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free (bnc#1188601). - CVE-2020-27820: Fixed a use-after-free in nouveau's postclose() handler that could have happened during device or driver removal (bnc#1179599). The following non-security bugs were fixed: - ABI: sysfs-kernel-slab: Document some stats (git-fixes). - ALSA: hda: Reduce udelay() at SKL+ position reporting (git-fixes). - ALSA: ua101: fix division by zero at probe (git-fixes). - ALSA: usb-audio: Add Audient iD14 to mixer map quirk table (git-fixes). - ALSA: usb-audio: Add Schiit Hel device to mixer map quirk table (git-fixes). - ASoC: cs42l42: Correct some register default values (git-fixes). - ASoC: cs42l42: Defer probe if request_threaded_irq() returns EPROBE_DEFER (git-fixes). - ASoC: cs42l42: Do not set defaults for volatile registers (git-fixes). - ASoC: dt-bindings: cs42l42: Correct description of ts-inv (git-fixes). - ASoC: mediatek: mt8195: Remove unsued irqs_lock (git-fixes). - ASoC: rockchip: Use generic dmaengine code (git-fixes). - ata: sata_mv: Fix the error handling of mv_chip_id() (git-fixes). - ath10k: fix control-message timeout (git-fixes). - ath10k: fix division by zero in send path (git-fixes). - ath10k: fix max antenna gain unit (git-fixes). - ath10k: Fix missing frame timestamp for beacon/probe-resp (git-fixes). - ath6kl: fix control-message timeout (git-fixes). - ath6kl: fix division by zero in send path (git-fixes). - ath9k: Fix potential interrupt storm on queue reset (git-fixes). - auxdisplay: ht16k33: Connect backlight to fbdev (git-fixes). - auxdisplay: ht16k33: Fix frame buffer device blanking (git-fixes). - auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string (git-fixes). - b43: fix a lower bounds test (git-fixes). - b43legacy: fix a lower bounds test (git-fixes). - Bluetooth: btmtkuart: fix a memleak in mtk_hci_wmt_sync (git-fixes). - Bluetooth: fix init and cleanup of sco_conn.timeout_work (git-fixes). - bnxt_en: reject indirect blk offload when hw-tc-offload is off (jsc#SLE-8372 bsc#1153275). - bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22573) - bpf: Disallow unprivileged bpf by default (jsc#SLE-22573). - bpf: Fix potential race in tail call compatibility check (git-fixes). - btrfs: block-group: Rework documentation of check_system_chunk function (bsc#1192896). - btrfs: do not ignore error from btrfs_next_leaf() when inserting checksums (bsc#1193002). - btrfs: fix deadlock between chunk allocation and chunk btree modifications (bsc#1192896). - btrfs: fix fsync failure and transaction abort after writes to prealloc extents (bsc#1193002). - btrfs: fix lost inode on log replay after mix of fsync, rename and inode eviction (bsc#1192998). - btrfs: fix memory ordering between normal and ordered work functions (git-fixes). - btrfs: fix race causing unnecessary inode logging during link and rename (bsc#1192998). - btrfs: make checksum item extension more efficient (bsc#1193002). - btrfs: update comments for chunk allocation -ENOSPC cases (bsc#1192896). - cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem (git-fixes). - config: disable unprivileged BPF by default (jsc#SLE-22573) - crypto: caam - disable pkc for non-E SoCs (git-fixes). - crypto: qat - detect PFVF collision after ACK (git-fixes). - crypto: qat - disregard spurious PFVF interrupts (git-fixes). - driver core: add a min_align_mask field to struct device_dma_parameters (bsc#1191851). - drm/amdgpu: fix warning for overflow check (git-fixes). - drm/msm: Fix potential NULL dereference in DPU SSPP (git-fixes). - drm/sun4i: Fix macros in sun8i_csc.h (git-fixes). - drm/v3d: fix wait for TMU write combiner flush (git-fixes). - drm: prevent spectre issue in vmw_execbuf_ioctl (bsc#1192802). - EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell (bsc#1152489). - elfcore: fix building with clang (bsc#1169514). - exfat: fix erroneous discard when clear cluster bit (git-fixes). - exfat: handle wrong stream entry size in exfat_readdir() (git-fixes). - exfat: properly set s_time_gran (bsc#1192328). - exfat: truncate atimes to 2s granularity (bsc#1192328). - firmware/psci: fix application of sizeof to pointer (git-fixes). - fuse: fix page stealing (bsc#1192718). - genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP (bsc#1152489). - gpio: mpc8xxx: Use 'devm_gpiochip_add_data()' to simplify the code and avoid a leak (git-fixes). - gve: Add netif_set_xps_queue call (bsc#1176940). - gve: Add rx buffer pagecnt bias (bsc#1176940). - gve: Allow pageflips on larger pages (bsc#1176940). - gve: DQO: avoid unused variable warnings (bsc#1176940). - gve: Track RX buffer allocation failures (bsc#1176940). - HID: u2fzero: clarify error check and length calculations (git-fixes). - HID: u2fzero: properly handle timeouts in usb_submit_urb (git-fixes). - hwmon: (pmbus/lm25066) Add offset coefficients (git-fixes). - hwmon: (pmbus/lm25066) Let compiler determine outer dimension of lm25066_coeff (git-fixes). - hwmon: Fix possible memleak in __hwmon_device_register() (git-fixes). - hwrng: mtk - Force runtime pm ops for sleep ops (git-fixes). - ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510). - ibmvnic: delay complete() (bsc#1094840 ltc#167098 git-fixes). - ibmvnic: do not stop queue in xmit (bsc#1192273 ltc#194629). - ibmvnic: Process crqs after enabling interrupts (bsc#1192273 ltc#194629). - iio: dac: ad5446: Fix ad5622_write() return value (git-fixes). - Input: elantench - fix misreporting trackpoint coordinates (bsc#1192918). - Input: i8042 - Add quirk for Fujitsu Lifebook T725 (bsc#1191980). - kABI: Fix kABI after 36950f2da1ea (bsc#1191851). - kernel-*-subpackage: Add dependency on kernel scriptlets (bsc#1192740). - KVM: s390: extend kvm_s390_shadow_fault to return entry pointer (bsc#1133021). - KVM: s390: index kvm->arch.idle_mask by vcpu_idx (bsc#1133021). - KVM: s390: split kvm_s390_logical_to_effective (bsc#1133021). - KVM: s390: VSIE: correctly handle MVPG when in VSIE (bsc#1133021). - libertas: Fix possible memory leak in probe and disconnect (git-fixes). - libertas_tf: Fix possible memory leak in probe and disconnect (git-fixes). - media: cedrus: Fix SUNXI tile size calculation (git-fixes). - media: cx23885: Fix snd_card_free call on null card pointer (git-fixes). - media: cxd2880-spi: Fix a null pointer dereference on error handling path (git-fixes). - media: dvb-frontends: mn88443x: Handle errors of clk_prepare_enable() (git-fixes). - media: dvb-usb: fix ununit-value in az6027_rc_query (git-fixes). - media: em28xx: add missing em28xx_close_extension (git-fixes). - media: em28xx: Do not use ops->suspend if it is NULL (git-fixes). - media: i2c: ths8200 needs V4L2_ASYNC (git-fixes). - media: ite-cir: IR receiver stop working after receive overflow (git-fixes). - media: mtk-vpu: Fix a resource leak in the error handling path of 'mtk_vpu_probe()' (git-fixes). - media: mxl111sf: change mutex_init() location (git-fixes). - media: radio-wl1273: Avoid card name truncation (git-fixes). - media: si470x: Avoid card name truncation (git-fixes). - media: staging/intel-ipu3: css: Fix wrong size comparison imgu_css_fw_init (git-fixes). - media: TDA1997x: handle short reads of hdmi info frame (git-fixes). - media: tm6000: Avoid card name truncation (git-fixes). - media: v4l2-ioctl: Fix check_ext_ctrls (git-fixes). - media: v4l2-ioctl: S_CTRL output the right value (git-fixes). - memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe (git-fixes). - memstick: avoid out-of-range warning (git-fixes). - memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host() (git-fixes). - mm/hugetlb: initialize hugetlb_usage in mm_init (bsc#1192906). - mmc: mxs-mmc: disable regulator on error and in the remove function (git-fixes). - mmc: sdhci-omap: Fix NULL pointer exception if regulator is not configured (git-fixes). - mmc: sdhci: Map more voltage level to SDHCI_POWER_330 (git-fixes). - mt76: mt76x02: fix endianness warnings in mt76x02_mac.c (git-fixes). - mwifiex: fix division by zero in fw download path (git-fixes). - mwifiex: Send DELBA requests according to spec (git-fixes). - net: dsa: felix: re-enable TX flow control in ocelot_port_flush() (git-fixes). - net: mscc: ocelot: fix hardware timestamp dequeue logic. - net: mscc: ocelot: warn when a PTP IRQ is raised for an unknown skb (git-fixes). - nvme-pci: set min_align_mask (bsc#1191851). - objtool: Support Clang non-section symbols in ORC generation (bsc#1169514). - ocfs2: do not zero pages beyond i_size (bsc#1190795). - ocfs2: fix data corruption on truncate (bsc#1190795). - PCI/ACPI: Check for _OSC support in acpi_pci_osc_control_set() (bsc#1169263). - PCI/ACPI: Clarify message about _OSC failure (bsc#1169263). - PCI/ACPI: Move _OSC query checks to separate function (bsc#1169263). - PCI/ACPI: Move supported and control calculations to separate functions (bsc#1169263). - PCI/ACPI: Remove OSC_PCI_SUPPORT_MASKS and OSC_PCI_CONTROL_MASKS (bsc#1169263). - PCI/ACPI: Remove unnecessary osc_lock (bsc#1169263). - PCI: aardvark: Do not clear status bits of masked interrupts (git-fixes). - PCI: aardvark: Do not spam about PIO Response Status (git-fixes). - PCI: aardvark: Do not unmask unused interrupts (git-fixes). - PCI: aardvark: Fix checking for link up via LTSSM state (git-fixes). - PCI: aardvark: Fix reporting Data Link Layer Link Active (git-fixes). - PCI: aardvark: Fix return value of MSI domain .alloc() method (git-fixes). - PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG (git-fixes). - PCI: pci-bridge-emul: Fix emulation of W1C bits (git-fixes). - PCI: uniphier: Serialize INTx masking/unmasking and fix the bit operation (git-fixes). - pinctrl: core: fix possible memory leak in pinctrl_enable() (git-fixes). - platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning (git-fixes). - power: supply: bq27xxx: Fix kernel crash on IRQ handler register error (git-fixes). - power: supply: max17042_battery: Prevent int underflow in set_soc_threshold (git-fixes). - power: supply: max17042_battery: use VFSOC for capacity when no rsns (git-fixes). - power: supply: rt5033 battery: Change voltage values to ca 5V (git-fixes). - printk/console: Allow to disable console output by using console="" or console=null (bsc#1192753). - printk: handle blank console arguments passed in (bsc#1192753). - printk: Remove printk.h inclusion in percpu.h (bsc#1192987). - qtnfmac: fix potential Spectre vulnerabilities (bsc#1192802). - r8152: add a helper function about setting EEE (git-fixes). - r8152: Add macpassthru support for ThinkPad Thunderbolt 3 Dock Gen 2 (git-fixes). - r8152: Disable PLA MCU clock speed down (git-fixes). - r8152: disable U2P3 for RTL8153B (git-fixes). - r8152: divide the tx and rx bottom functions (git-fixes). - r8152: do not enable U1U2 with USB_SPEED_HIGH for RTL8153B (git-fixes). - r8152: fix runtime resume for linking change (git-fixes). - r8152: replace array with linking list for rx information (git-fixes). - r8152: reset flow control patch when linking on for RTL8153B (git-fixes). - r8152: saving the settings of EEE (git-fixes). - r8152: separate the rx buffer size (git-fixes). - r8152: use alloc_pages for rx buffer (git-fixes). - regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-dvs-idx property (git-fixes). - regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled (git-fixes). - Revert "ibmvnic: check failover_pending in login response" (bsc#1190523 ltc#194510). - Revert "platform/x86: i2c-multi-instantiate: Do not create platform device for INT3515 ACPI nodes" (git-fixes). - Revert "r8152: adjust the settings about MAC clock speed down for RTL8153" (git-fixes). - Revert "scsi: ufs: fix a missing check of devm_reset_control_get" (git-fixes). - Revert "x86/kvm: fix vcpu-id indexed array sizes" (git-fixes). - rndis_host: set proper input size for OID_GEN_PHYSICAL_MEDIUM request (git-fixes). - rsi: fix control-message timeout (git-fixes). - rsi: Fix module dev_oper_mode parameter description (git-fixes). - rsi: stop thread firstly in rsi_91x_init() error handling (git-fixes). - rtl8187: fix control-message timeouts (git-fixes). - s390/qeth: fix deadlock during failing recovery (git-fixes). - s390/qeth: Fix deadlock in remove_discipline (git-fixes). - s390/qeth: fix NULL deref in qeth_clear_working_pool_list() (git-fixes). - scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe() (git-fixes). - scsi: BusLogic: Fix missing pr_cont() use (git-fixes). - scsi: core: Fix spelling in a source code comment (git-fixes). - scsi: csiostor: Add module softdep on cxgb4 (git-fixes). - scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn() (git-fixes). - scsi: dc395: Fix error case unwinding (git-fixes). - scsi: fdomain: Fix error return code in fdomain_probe() (git-fixes). - scsi: FlashPoint: Rename si_flags field (git-fixes). - scsi: iscsi: Fix iface sysfs attr detection (git-fixes). - scsi: libsas: Use _safe() loop in sas_resume_port() (git-fixes). - scsi: mpt3sas: Fix error return value in _scsih_expander_add() (git-fixes). - scsi: qedf: Add pointer checks in qedf_update_link_speed() (git-fixes). - scsi: qedf: Fix error codes in qedf_alloc_global_queues() (git-fixes). - scsi: qedi: Fix error codes in qedi_alloc_global_queues() (git-fixes). - scsi: qla2xxx: Fix a memory leak in an error path of qla2x00_process_els() (git-fixes). - scsi: qla2xxx: Make sure that aborted commands are freed (git-fixes). - scsi: smartpqi: Fix an error code in pqi_get_raid_map() (git-fixes). - scsi: snic: Fix an error message (git-fixes). - scsi: ufs-pci: Add quirk for broken auto-hibernate for Intel EHL (git-fixes). - scsi: ufs: ufshcd-pltfrm: Fix memory leak due to probe defer (git-fixes). - serial: 8250_dw: Drop wrong use of ACPI_PTR() (git-fixes). - serial: xilinx_uartps: Fix race condition causing stuck TX (git-fixes). - staging: r8712u: fix control-message timeout (git-fixes). - staging: rtl8192u: fix control-message timeouts (git-fixes). - stmmac: platform: Fix signedness bug in stmmac_probe_config_dt() (git-fixes). - swiotlb: add a IO_TLB_SIZE define (bsc#1191851). - swiotlb: clean up swiotlb_tbl_unmap_single (bsc#1191851). - swiotlb: do not modify orig_addr in swiotlb_tbl_sync_single (bsc#1191851). - swiotlb: factor out a nr_slots helper (bsc#1191851). - swiotlb: factor out an io_tlb_offset helper (bsc#1191851). - swiotlb: refactor swiotlb_tbl_map_single (bsc#1191851). - swiotlb: respect min_align_mask (bsc#1191851). - swiotlb: Split size parameter to map/unmap APIs (bsc#1191851). - tpm: Check for integer overflow in tpm2_map_response_body() (git-fixes). - tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker together (bsc#1192745). - Update config files: Add CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set - usb: gadget: hid: fix error code in do_config() (git-fixes). - usb: iowarrior: fix control-message timeouts (git-fixes). - usb: max-3421: Use driver data instead of maintaining a list of bound devices (git-fixes). - usb: musb: Balance list entry in musb_gadget_queue (git-fixes). - usb: serial: keyspan: fix memleak on probe errors (git-fixes). - usbnet: fix error return code in usbnet_probe() (git-fixes). - usbnet: sanity check for maxpacket (git-fixes). - video: fbdev: chipsfb: use memset_io() instead of memset() (git-fixes). - virtio-gpu: fix possible memory allocation failure (git-fixes). - wcn36xx: Add ability for wcn36xx_smd_dump_cmd_req to pass two's complement (git-fixes). - wcn36xx: add proper DMA memory barriers in rx path (git-fixes). - wcn36xx: Fix HT40 capability for 2Ghz band (git-fixes). - x86/ioapic: Force affinity setup before startup (bsc#1152489). - x86/msi: Force affinity setup before startup (bsc#1152489). - x86/sme: Use #define USE_EARLY_PGTABLE_L5 in mem_encrypt_identity.c (bsc#1152489). - x86/xen: Mark cpu_bringup_and_idle() as dead_end_function (git-fixes). - xen-pciback: Fix return in pm_ctrl_init() (git-fixes). - xen: Fix implicit type conversion (git-fixes). - xfs: do not allow log writes if the data device is readonly (bsc#1192229). - zram-avoid-race-between-zram_remove-and-disksize_sto.patch: (bsc#1170269). - zram-don-t-fail-to-remove-zram-during-unloading-modu.patch: (bsc#1170269). - zram-fix-race-between-zram_reset_device-and-disksize.patch: (bsc#1170269). - zram-replace-fsync_bdev-with-sync_blockdev.patch: (bsc#1170269). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-3978=1 - SUSE Linux Enterprise Module for Realtime 15-SP2: zypper in -t patch SUSE-SLE-Module-RT-15-SP2-2021-3978=1 Package List: - SUSE MicroOS 5.0 (x86_64): kernel-rt-5.3.18-62.2 kernel-rt-debuginfo-5.3.18-62.2 kernel-rt-debugsource-5.3.18-62.2 - SUSE Linux Enterprise Module for Realtime 15-SP2 (x86_64): cluster-md-kmp-rt-5.3.18-62.2 cluster-md-kmp-rt-debuginfo-5.3.18-62.2 dlm-kmp-rt-5.3.18-62.2 dlm-kmp-rt-debuginfo-5.3.18-62.2 gfs2-kmp-rt-5.3.18-62.2 gfs2-kmp-rt-debuginfo-5.3.18-62.2 kernel-rt-5.3.18-62.2 kernel-rt-debuginfo-5.3.18-62.2 kernel-rt-debugsource-5.3.18-62.2 kernel-rt-devel-5.3.18-62.2 kernel-rt-devel-debuginfo-5.3.18-62.2 kernel-rt_debug-5.3.18-62.3 kernel-rt_debug-debuginfo-5.3.18-62.3 kernel-rt_debug-debugsource-5.3.18-62.3 kernel-rt_debug-devel-5.3.18-62.3 kernel-rt_debug-devel-debuginfo-5.3.18-62.3 kernel-syms-rt-5.3.18-62.1 ocfs2-kmp-rt-5.3.18-62.2 ocfs2-kmp-rt-debuginfo-5.3.18-62.2 - SUSE Linux Enterprise Module for Realtime 15-SP2 (noarch): kernel-devel-rt-5.3.18-62.3 kernel-source-rt-5.3.18-62.3 References: https://www.suse.com/security/cve/CVE-2020-27820.html https://www.suse.com/security/cve/CVE-2021-0941.html https://www.suse.com/security/cve/CVE-2021-20322.html https://www.suse.com/security/cve/CVE-2021-31916.html https://www.suse.com/security/cve/CVE-2021-34981.html https://www.suse.com/security/cve/CVE-2021-37159.html https://www.suse.com/security/cve/CVE-2021-43389.html https://bugzilla.suse.com/1094840 https://bugzilla.suse.com/1133021 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1153275 https://bugzilla.suse.com/1169263 https://bugzilla.suse.com/1169514 https://bugzilla.suse.com/1170269 https://bugzilla.suse.com/1176940 https://bugzilla.suse.com/1179599 https://bugzilla.suse.com/1188601 https://bugzilla.suse.com/1190523 https://bugzilla.suse.com/1190795 https://bugzilla.suse.com/1191790 https://bugzilla.suse.com/1191851 https://bugzilla.suse.com/1191958 https://bugzilla.suse.com/1191961 https://bugzilla.suse.com/1191980 https://bugzilla.suse.com/1192045 https://bugzilla.suse.com/1192229 https://bugzilla.suse.com/1192273 https://bugzilla.suse.com/1192328 https://bugzilla.suse.com/1192718 https://bugzilla.suse.com/1192740 https://bugzilla.suse.com/1192745 https://bugzilla.suse.com/1192750 https://bugzilla.suse.com/1192753 https://bugzilla.suse.com/1192781 https://bugzilla.suse.com/1192802 https://bugzilla.suse.com/1192896 https://bugzilla.suse.com/1192906 https://bugzilla.suse.com/1192918 https://bugzilla.suse.com/1192987 https://bugzilla.suse.com/1192998 https://bugzilla.suse.com/1193002 From sle-updates at lists.suse.com Thu Dec 9 14:21:55 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Dec 2021 15:21:55 +0100 (CET) Subject: SUSE-SU-2021:3977-1: moderate: Security update for xen Message-ID: <20211209142155.9F2C8FC9F@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3977-1 Rating: moderate References: #1027519 #1189632 #1191363 #1192554 #1192557 #1192559 Cross-References: CVE-2021-28701 CVE-2021-28702 CVE-2021-28704 CVE-2021-28705 CVE-2021-28706 CVE-2021-28707 CVE-2021-28708 CVE-2021-28709 CVSS scores: CVE-2021-28701 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-28702 (NVD) : 7.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVE-2021-28704 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28705 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28705 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28706 (NVD) : 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H CVE-2021-28706 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28707 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28708 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28709 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2021-28701: Fixed race condition in XENMAPSPACE_grant_table handling (XSA-384) (bsc#1189632). - CVE-2021-28702: Fixed PCI devices with RMRRs not deassigned correctly (XSA-386) (bsc#1191363). - CVE-2021-28704, CVE-2021-28707, CVE-2021-28708: Fixed PoD operations on misaligned GFNs (XSA-388) (bsc#1192557). - CVE-2021-28705, CVE-2021-28709: Fixed issues with partially successful P2M updates on x86 (XSA-389) (bsc#1192559). - CVE-2021-28706: Fixed guests may exceed their designated memory limit (XSA-385) (bsc#1192554). - Upstream bug fixes (bsc#1027519) Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-3977=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-3977=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-3977=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-3977=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-3977=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-3977=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): xen-4.12.4_16-3.57.1 xen-debugsource-4.12.4_16-3.57.1 xen-devel-4.12.4_16-3.57.1 xen-libs-4.12.4_16-3.57.1 xen-libs-debuginfo-4.12.4_16-3.57.1 xen-tools-4.12.4_16-3.57.1 xen-tools-debuginfo-4.12.4_16-3.57.1 xen-tools-domU-4.12.4_16-3.57.1 xen-tools-domU-debuginfo-4.12.4_16-3.57.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): xen-4.12.4_16-3.57.1 xen-debugsource-4.12.4_16-3.57.1 xen-devel-4.12.4_16-3.57.1 xen-libs-4.12.4_16-3.57.1 xen-libs-debuginfo-4.12.4_16-3.57.1 xen-tools-4.12.4_16-3.57.1 xen-tools-debuginfo-4.12.4_16-3.57.1 xen-tools-domU-4.12.4_16-3.57.1 xen-tools-domU-debuginfo-4.12.4_16-3.57.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): xen-4.12.4_16-3.57.1 xen-debugsource-4.12.4_16-3.57.1 xen-devel-4.12.4_16-3.57.1 xen-libs-4.12.4_16-3.57.1 xen-libs-debuginfo-4.12.4_16-3.57.1 xen-tools-4.12.4_16-3.57.1 xen-tools-debuginfo-4.12.4_16-3.57.1 xen-tools-domU-4.12.4_16-3.57.1 xen-tools-domU-debuginfo-4.12.4_16-3.57.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): xen-4.12.4_16-3.57.1 xen-debugsource-4.12.4_16-3.57.1 xen-devel-4.12.4_16-3.57.1 xen-libs-4.12.4_16-3.57.1 xen-libs-debuginfo-4.12.4_16-3.57.1 xen-tools-4.12.4_16-3.57.1 xen-tools-debuginfo-4.12.4_16-3.57.1 xen-tools-domU-4.12.4_16-3.57.1 xen-tools-domU-debuginfo-4.12.4_16-3.57.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): xen-4.12.4_16-3.57.1 xen-debugsource-4.12.4_16-3.57.1 xen-devel-4.12.4_16-3.57.1 xen-libs-4.12.4_16-3.57.1 xen-libs-debuginfo-4.12.4_16-3.57.1 xen-tools-4.12.4_16-3.57.1 xen-tools-debuginfo-4.12.4_16-3.57.1 xen-tools-domU-4.12.4_16-3.57.1 xen-tools-domU-debuginfo-4.12.4_16-3.57.1 - SUSE Enterprise Storage 6 (x86_64): xen-4.12.4_16-3.57.1 xen-debugsource-4.12.4_16-3.57.1 xen-devel-4.12.4_16-3.57.1 xen-libs-4.12.4_16-3.57.1 xen-libs-debuginfo-4.12.4_16-3.57.1 xen-tools-4.12.4_16-3.57.1 xen-tools-debuginfo-4.12.4_16-3.57.1 xen-tools-domU-4.12.4_16-3.57.1 xen-tools-domU-debuginfo-4.12.4_16-3.57.1 - SUSE CaaS Platform 4.0 (x86_64): xen-4.12.4_16-3.57.1 xen-debugsource-4.12.4_16-3.57.1 xen-devel-4.12.4_16-3.57.1 xen-libs-4.12.4_16-3.57.1 xen-libs-debuginfo-4.12.4_16-3.57.1 xen-tools-4.12.4_16-3.57.1 xen-tools-debuginfo-4.12.4_16-3.57.1 xen-tools-domU-4.12.4_16-3.57.1 xen-tools-domU-debuginfo-4.12.4_16-3.57.1 References: https://www.suse.com/security/cve/CVE-2021-28701.html https://www.suse.com/security/cve/CVE-2021-28702.html https://www.suse.com/security/cve/CVE-2021-28704.html https://www.suse.com/security/cve/CVE-2021-28705.html https://www.suse.com/security/cve/CVE-2021-28706.html https://www.suse.com/security/cve/CVE-2021-28707.html https://www.suse.com/security/cve/CVE-2021-28708.html https://www.suse.com/security/cve/CVE-2021-28709.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1189632 https://bugzilla.suse.com/1191363 https://bugzilla.suse.com/1192554 https://bugzilla.suse.com/1192557 https://bugzilla.suse.com/1192559 From sle-updates at lists.suse.com Thu Dec 9 20:18:27 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Dec 2021 21:18:27 +0100 (CET) Subject: SUSE-RU-2021:3980-1: moderate: Recommended update for glibc Message-ID: <20211209201827.6557BFC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for glibc ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3980-1 Rating: moderate References: #1191592 Affected Products: SUSE MicroOS 5.1 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: glibc was updated to fix the following issue: - Support for new IBM Z Hardware (bsc#1191592, jsc#IBM-869) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-3980=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-3980=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3980=1 Package List: - SUSE MicroOS 5.1 (aarch64 s390x x86_64): glibc-2.31-9.6.1 glibc-debuginfo-2.31-9.6.1 glibc-debugsource-2.31-9.6.1 glibc-locale-2.31-9.6.1 glibc-locale-base-2.31-9.6.1 glibc-locale-base-debuginfo-2.31-9.6.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): glibc-debuginfo-2.31-9.6.1 glibc-debugsource-2.31-9.6.1 glibc-devel-static-2.31-9.6.1 glibc-utils-2.31-9.6.1 glibc-utils-debuginfo-2.31-9.6.1 glibc-utils-src-debugsource-2.31-9.6.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (x86_64): glibc-32bit-debuginfo-2.31-9.6.1 glibc-devel-32bit-2.31-9.6.1 glibc-devel-32bit-debuginfo-2.31-9.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): glibc-2.31-9.6.1 glibc-debuginfo-2.31-9.6.1 glibc-debugsource-2.31-9.6.1 glibc-devel-2.31-9.6.1 glibc-devel-debuginfo-2.31-9.6.1 glibc-extra-2.31-9.6.1 glibc-extra-debuginfo-2.31-9.6.1 glibc-locale-2.31-9.6.1 glibc-locale-base-2.31-9.6.1 glibc-locale-base-debuginfo-2.31-9.6.1 glibc-profile-2.31-9.6.1 nscd-2.31-9.6.1 nscd-debuginfo-2.31-9.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): glibc-32bit-2.31-9.6.1 glibc-32bit-debuginfo-2.31-9.6.1 glibc-locale-base-32bit-2.31-9.6.1 glibc-locale-base-32bit-debuginfo-2.31-9.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): glibc-i18ndata-2.31-9.6.1 glibc-info-2.31-9.6.1 glibc-lang-2.31-9.6.1 References: https://bugzilla.suse.com/1191592 From sle-updates at lists.suse.com Thu Dec 9 20:22:10 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 9 Dec 2021 21:22:10 +0100 (CET) Subject: SUSE-SU-2021:3979-1: important: Security update for the Linux RT Kernel Message-ID: <20211209202210.48EC9FC9F@maintenance.suse.de> SUSE Security Update: Security update for the Linux RT Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3979-1 Rating: important References: #1152489 #1169263 #1170269 #1184924 #1190523 #1190795 #1191790 #1191961 #1192045 #1192217 #1192273 #1192328 #1192375 #1192473 #1192691 #1192718 #1192740 #1192745 #1192750 #1192753 #1192758 #1192781 #1192802 #1192874 #1192896 #1192906 #1192918 SLE-22573 Cross-References: CVE-2021-0941 CVE-2021-20322 CVE-2021-31916 CVE-2021-34981 CVSS scores: CVE-2021-0941 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-20322 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2021-31916 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-31916 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-34981 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Affected Products: SUSE MicroOS 5.1 SUSE Linux Enterprise Module for Realtime 15-SP3 ______________________________________________________________________________ An update that solves four vulnerabilities, contains one feature and has 23 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - Unprivileged BPF has been disabled by default to reduce attack surface as too many security issues have happened in the past (jsc#SLE-22573) You can reenable via systemctl setting /proc/sys/kernel/unprivileged_bpf_disabled to 0. (kernel.unprivileged_bpf_disabled = 0) - CVE-2021-0941: In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192045 ). - CVE-2021-31916: An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel A bound check failure allowed an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability (bnc#1192781). - CVE-2021-20322: Make the ipv4 and ipv6 ICMP exception caches less predictive to avoid information leaks about UDP ports in use. (bsc#1191790) - CVE-2021-34981: Fixed file refcounting in cmtp when cmtp_attach_device fails (bsc#1191961). The following non-security bugs were fixed: - ABI: sysfs-kernel-slab: Document some stats (git-fixes). - ALSA: hda: fix general protection fault in azx_runtime_idle (git-fixes). - ALSA: hda: Free card instance properly at probe errors (git-fixes). - ALSA: usb-audio: Add Audient iD14 to mixer map quirk table (git-fixes). - ALSA: usb-audio: Add minimal-mute notion in dB mapping table (bsc#1192375). - ALSA: usb-audio: Add Schiit Hel device to mixer map quirk table (git-fixes). - ALSA: usb-audio: Fix dB level of Bose Revolve+ SoundLink (bsc#1192375). - ALSA: usb-audio: Use int for dB map values (bsc#1192375). - ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE (bsc#1192473). - auxdisplay: ht16k33: Connect backlight to fbdev (git-fixes). - auxdisplay: ht16k33: Fix frame buffer device blanking (git-fixes). - auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string (git-fixes). - bpf, kconfig: Add consolidated menu entry for bpf with core options (jsc#SLE-22574). - bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22573) - bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22574) - bpf: Disallow unprivileged bpf by default (jsc#SLE-22573). - bpf: Disallow unprivileged bpf by default (jsc#SLE-22574). - bpf: Fix BPF_JIT kconfig symbol dependency (git-fixes jsc#SLE-22574). - bpf: Fix potential race in tail call compatibility check (git-fixes). - btrfs: block-group: Rework documentation of check_system_chunk function (bsc#1192896). - btrfs: fix deadlock between chunk allocation and chunk btree modifications (bsc#1192896). - btrfs: fix memory ordering between normal and ordered work functions (git-fixes). - btrfs: update comments for chunk allocation -ENOSPC cases (bsc#1192896). - cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem (git-fixes). - config: disable unprivileged BPF by default (jsc#SLE-22573) Backport of mainline commit 8a03e56b253e ("bpf: Disallow unprivileged bpf by default") only changes kconfig default, used e.g. for "make oldconfig" when the config option is missing, but does not update our kernel configs used for build. Update also these to make sure unprivileged BPF is really disabled by default. - crypto: caam - disable pkc for non-E SoCs (git-fixes). - crypto: qat - detect PFVF collision after ACK (git-fixes). - crypto: qat - disregard spurious PFVF interrupts (git-fixes). - drm/i915: Introduce intel_hpd_hotplug_irqs() (bsc#1192758). - drm: prevent spectre issue in vmw_execbuf_ioctl (bsc#1192802). - e1000e: Separate TGP board type from SPT (bsc#1192874). - EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell (bsc#1152489). - Eradicate Patch-mainline: No The pre-commit check can reject this deprecated tag then. - exfat: fix erroneous discard when clear cluster bit (git-fixes). - exfat: handle wrong stream entry size in exfat_readdir() (git-fixes). - exfat: properly set s_time_gran (bsc#1192328). - exfat: truncate atimes to 2s granularity (bsc#1192328). - Fix problem with missing installkernel on Tumbleweed. - fuse: fix page stealing (bsc#1192718). - gpio/rockchip: add driver for rockchip gpio (bsc#1192217). - gpio/rockchip: drop irq_gc_lock/irq_gc_unlock for irq set type (bsc#1192217). - gpio/rockchip: extended debounce support is only available on v2 (bsc#1192217). - gpio/rockchip: fetch deferred output settings on probe (bsc#1192217). - gpio/rockchip: fix get_direction value handling (bsc#1192217). - gpio/rockchip: support next version gpio controller (bsc#1192217). - gpio/rockchip: use struct rockchip_gpio_regs for gpio controller (bsc#1192217). - gpio: mpc8xxx: Use 'devm_gpiochip_add_data()' to simplify the code and avoid a leak (git-fixes). - HID: u2fzero: clarify error check and length calculations (git-fixes). - HID: u2fzero: properly handle timeouts in usb_submit_urb (git-fixes). - ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510). - ibmvnic: do not stop queue in xmit (bsc#1192273 ltc#194629). - ibmvnic: Process crqs after enabling interrupts (bsc#1192273 ltc#194629). - iio: dac: ad5446: Fix ad5622_write() return value (git-fixes). - Input: elantench - fix misreporting trackpoint coordinates (bsc#1192918). - kernel-*-subpackage: Add dependency on kernel scriptlets (bsc#1192740). - mm/hugetlb: initialize hugetlb_usage in mm_init (bsc#1192906). - Move upstreamed sound fix into sorted section - net/smc: Correct smc link connection counter in case of smc client (git-fixes). - net/smc: fix 'workqueue leaked lock' in smc_conn_abort_work (git-fixes). - net: dsa: felix: re-enable TX flow control in ocelot_port_flush() (git-fixes). - net: mscc: ocelot: fix hardware timestamp dequeue logic. - net: mscc: ocelot: warn when a PTP IRQ is raised for an unknown skb (git-fixes). - net: stmmac: add EHL 2.5Gbps PCI info and PCI ID (bsc#1192691). - net: stmmac: add EHL PSE0 and PSE1 1Gbps PCI info and PCI ID (bsc#1192691). - net: stmmac: add EHL RGMII 1Gbps PCI info and PCI ID (bsc#1192691). - net: stmmac: add EHL SGMII 1Gbps PCI info and PCI ID (bsc#1192691). - net: stmmac: add TGL SGMII 1Gbps PCI info and PCI ID (bsc#1192691). - net: stmmac: create dwmac-intel.c to contain all Intel platform (bsc#1192691). - net: stmmac: pci: Add HAPS support using GMAC5 (bsc#1192691). - ocfs2: do not zero pages beyond i_size (bsc#1190795). - ocfs2: fix data corruption on truncate (bsc#1190795). - PCI/ACPI: Check for _OSC support in acpi_pci_osc_control_set() (bsc#1169263). - PCI/ACPI: Clarify message about _OSC failure (bsc#1169263). - PCI/ACPI: Move _OSC query checks to separate function (bsc#1169263). - PCI/ACPI: Move supported and control calculations to separate functions (bsc#1169263). - PCI/ACPI: Remove OSC_PCI_SUPPORT_MASKS and OSC_PCI_CONTROL_MASKS (bsc#1169263). - PCI/ACPI: Remove unnecessary osc_lock (bsc#1169263). - PCI: aardvark: Do not clear status bits of masked interrupts (git-fixes). - PCI: aardvark: Do not spam about PIO Response Status (git-fixes). - PCI: aardvark: Do not unmask unused interrupts (git-fixes). - PCI: aardvark: Fix checking for link up via LTSSM state (git-fixes). - PCI: aardvark: Fix reporting Data Link Layer Link Active (git-fixes). - PCI: aardvark: Fix return value of MSI domain .alloc() method (git-fixes). - PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG (git-fixes). - PCI: pci-bridge-emul: Fix emulation of W1C bits (git-fixes). - PCI: uniphier: Serialize INTx masking/unmasking and fix the bit operation (git-fixes). - pinctrl/rockchip: add a queue for deferred pin output settings on probe (bsc#1192217). - pinctrl/rockchip: add pinctrl device to gpio bank struct (bsc#1192217). - pinctrl/rockchip: always enable clock for gpio controller (bsc#1192217). - pinctrl/rockchip: drop the gpio related codes (bsc#1192217). - pinctrl/rockchip: separate struct rockchip_pin_bank to a head file (bsc#1192217). - pinctrl: core: fix possible memory leak in pinctrl_enable() (git-fixes). - pinctrl: pinctrl-rockchip: Fix a bunch of kerneldoc misdemeanours (bsc#1192217). - pinctrl: rockchip: add rk3308 SoC support (bsc#1192217). - pinctrl: rockchip: add support for rk3568 (bsc#1192217). - pinctrl: rockchip: clear int status when driver probed (bsc#1192217). - pinctrl: rockchip: create irq mapping in gpio_to_irq (bsc#1192217). - pinctrl: rockchip: do coding style for mux route struct (bsc#1192217). - pinctrl: rockchip: enable gpio pclk for rockchip_gpio_to_irq (bsc#1192217). - pinctrl: rockchip: make driver be tristate module (bsc#1192217). - pinctrl: rockchip: Replace HTTP links with HTTPS ones (bsc#1192217). - pinctrl: rockchip: return ENOMEM instead of EINVAL if allocation fails (bsc#1192217). - power: supply: bq27xxx: Fix kernel crash on IRQ handler register error (git-fixes). - power: supply: max17042_battery: Prevent int underflow in set_soc_threshold (git-fixes). - power: supply: max17042_battery: use VFSOC for capacity when no rsns (git-fixes). - power: supply: rt5033-battery: Change voltage values to 5V (git-fixes). - printk/console: Allow to disable console output by using console="" or console=null (bsc#1192753). - printk: handle blank console arguments passed in (bsc#1192753). - qtnfmac: fix potential Spectre vulnerabilities (bsc#1192802). - r8152: add a helper function about setting EEE (git-fixes). - r8152: Add macpassthru support for ThinkPad Thunderbolt 3 Dock Gen 2 (git-fixes). - r8152: Disable PLA MCU clock speed down (git-fixes). - r8152: disable U2P3 for RTL8153B (git-fixes). - r8152: divide the tx and rx bottom functions (git-fixes). - r8152: do not enable U1U2 with USB_SPEED_HIGH for RTL8153B (git-fixes). - r8152: fix runtime resume for linking change (git-fixes). - r8152: replace array with linking list for rx information (git-fixes). - r8152: reset flow control patch when linking on for RTL8153B (git-fixes). - r8152: saving the settings of EEE (git-fixes). - r8152: separate the rx buffer size (git-fixes). - r8152: use alloc_pages for rx buffer (git-fixes). - random: fix crash on multiple early calls to add_bootloader_randomness() (bsc#1184924) - Revert "ibmvnic: check failover_pending in login response" (bsc#1190523 ltc#194510). - Revert "platform/x86: i2c-multi-instantiate: Do not create platform device for INT3515 ACPI nodes" (git-fixes). - Revert "r8152: adjust the settings about MAC clock speed down for RTL8153" (git-fixes). - Revert "scsi: ufs: fix a missing check of devm_reset_control_get" (git-fixes). - Revert "x86/kvm: fix vcpu-id indexed array sizes" (git-fixes). - rndis_host: set proper input size for OID_GEN_PHYSICAL_MEDIUM request (git-fixes). - s390/dasd: fix use after free in dasd path handling (git-fixes). - s390/pci: fix use after free of zpci_dev (git-fixes). - s390/pci: fix zpci_zdev_put() on reserve (git-fixes). - s390/qeth: fix deadlock during failing recovery (git-fixes). - s390/qeth: Fix deadlock in remove_discipline (git-fixes). - s390/qeth: fix NULL deref in qeth_clear_working_pool_list() (git-fixes). - s390/topology: clear thread/group maps for offline cpus (git-fixes). - scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe() (git-fixes). - scsi: BusLogic: Fix missing pr_cont() use (git-fixes). - scsi: core: Fix spelling in a source code comment (git-fixes). - scsi: csiostor: Add module softdep on cxgb4 (git-fixes). - scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn() (git-fixes). - scsi: dc395: Fix error case unwinding (git-fixes). - scsi: fdomain: Fix error return code in fdomain_probe() (git-fixes). - scsi: FlashPoint: Rename si_flags field (git-fixes). - scsi: iscsi: Fix iface sysfs attr detection (git-fixes). - scsi: libsas: Use _safe() loop in sas_resume_port() (git-fixes). - scsi: mpt3sas: Fix error return value in _scsih_expander_add() (git-fixes). - scsi: qedf: Add pointer checks in qedf_update_link_speed() (git-fixes). - scsi: qedf: Fix error codes in qedf_alloc_global_queues() (git-fixes). - scsi: qedi: Fix error codes in qedi_alloc_global_queues() (git-fixes). - scsi: qla2xxx: Fix a memory leak in an error path of qla2x00_process_els() (git-fixes). - scsi: qla2xxx: Make sure that aborted commands are freed (git-fixes). - scsi: smartpqi: Fix an error code in pqi_get_raid_map() (git-fixes). - scsi: snic: Fix an error message (git-fixes). - scsi: ufs-pci: Add quirk for broken auto-hibernate for Intel EHL (git-fixes). - scsi: ufs: ufshcd-pltfrm: Fix memory leak due to probe defer (git-fixes). - serial: 8250_dw: Drop wrong use of ACPI_PTR() (git-fixes). - serial: xilinx_uartps: Fix race condition causing stuck TX (git-fixes). - staging: r8712u: fix control-message timeout (git-fixes). - staging: rtl8192u: fix control-message timeouts (git-fixes). - stmmac: platform: Fix signedness bug in stmmac_probe_config_dt() (git-fixes). - tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker together (bsc#1192745). - Update config files: Add CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set - Update config files: pull BPF configs together - usb: gadget: hid: fix error code in do_config() (git-fixes). - USB: iowarrior: fix control-message timeouts (git-fixes). - usb: max-3421: Use driver data instead of maintaining a list of bound devices (git-fixes). - usb: musb: Balance list entry in musb_gadget_queue (git-fixes). - USB: serial: keyspan: fix memleak on probe errors (git-fixes). - video: fbdev: chipsfb: use memset_io() instead of memset() (git-fixes). - x86/sme: Use #define USE_EARLY_PGTABLE_L5 in mem_encrypt_identity.c (bsc#1152489). - x86/xen: Mark cpu_bringup_and_idle() as dead_end_function (git-fixes). - xen-pciback: Fix return in pm_ctrl_init() (git-fixes). - xen: Fix implicit type conversion (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-3979=1 - SUSE Linux Enterprise Module for Realtime 15-SP3: zypper in -t patch SUSE-SLE-Module-RT-15-SP3-2021-3979=1 Package List: - SUSE MicroOS 5.1 (x86_64): kernel-rt-5.3.18-65.2 kernel-rt-debuginfo-5.3.18-65.2 kernel-rt-debugsource-5.3.18-65.2 - SUSE Linux Enterprise Module for Realtime 15-SP3 (noarch): kernel-devel-rt-5.3.18-65.2 kernel-source-rt-5.3.18-65.2 - SUSE Linux Enterprise Module for Realtime 15-SP3 (x86_64): cluster-md-kmp-rt-5.3.18-65.2 cluster-md-kmp-rt-debuginfo-5.3.18-65.2 dlm-kmp-rt-5.3.18-65.2 dlm-kmp-rt-debuginfo-5.3.18-65.2 gfs2-kmp-rt-5.3.18-65.2 gfs2-kmp-rt-debuginfo-5.3.18-65.2 kernel-rt-5.3.18-65.2 kernel-rt-debuginfo-5.3.18-65.2 kernel-rt-debugsource-5.3.18-65.2 kernel-rt-devel-5.3.18-65.2 kernel-rt-devel-debuginfo-5.3.18-65.2 kernel-rt_debug-debuginfo-5.3.18-65.2 kernel-rt_debug-debugsource-5.3.18-65.2 kernel-rt_debug-devel-5.3.18-65.2 kernel-rt_debug-devel-debuginfo-5.3.18-65.2 kernel-syms-rt-5.3.18-65.1 ocfs2-kmp-rt-5.3.18-65.2 ocfs2-kmp-rt-debuginfo-5.3.18-65.2 References: https://www.suse.com/security/cve/CVE-2021-0941.html https://www.suse.com/security/cve/CVE-2021-20322.html https://www.suse.com/security/cve/CVE-2021-31916.html https://www.suse.com/security/cve/CVE-2021-34981.html https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1169263 https://bugzilla.suse.com/1170269 https://bugzilla.suse.com/1184924 https://bugzilla.suse.com/1190523 https://bugzilla.suse.com/1190795 https://bugzilla.suse.com/1191790 https://bugzilla.suse.com/1191961 https://bugzilla.suse.com/1192045 https://bugzilla.suse.com/1192217 https://bugzilla.suse.com/1192273 https://bugzilla.suse.com/1192328 https://bugzilla.suse.com/1192375 https://bugzilla.suse.com/1192473 https://bugzilla.suse.com/1192691 https://bugzilla.suse.com/1192718 https://bugzilla.suse.com/1192740 https://bugzilla.suse.com/1192745 https://bugzilla.suse.com/1192750 https://bugzilla.suse.com/1192753 https://bugzilla.suse.com/1192758 https://bugzilla.suse.com/1192781 https://bugzilla.suse.com/1192802 https://bugzilla.suse.com/1192874 https://bugzilla.suse.com/1192896 https://bugzilla.suse.com/1192906 https://bugzilla.suse.com/1192918 From sle-updates at lists.suse.com Fri Dec 10 07:40:34 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Dec 2021 08:40:34 +0100 (CET) Subject: SUSE-CU-2021:578-1: Recommended update of suse/sles12sp3 Message-ID: <20211210074034.A3376FC9F@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:578-1 Container Tags : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.335 , suse/sles12sp3:latest Container Release : 24.335 Severity : moderate Type : recommended References : 1189841 1189879 1190598 1191200 1191260 1191480 1191804 1191922 ----------------------------------------------------------------- The container suse/sles12sp3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3970-1 Released: Tue Dec 7 16:23:38 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1189841,1189879,1190598,1191200,1191260,1191480,1191804,1191922 This update for suse-module-tools fixes the following issues: Update to version 12.6.1: Import kernel scriptlets from kernel-source * rpm-script: fix bad exit status in OpenQA (bsc#1191922) * cert-script: Deal with existing $cert.delete file (bsc#1191804). * cert-script: Ignore kernel keyring for kernel certificates (bsc#1191480). * cert-script: Only print mokutil output in verbose mode. * inkmp-script(postun): don't pass existing files to weak-modules2 (bsc#1191200) * kernel-scriptlets: skip cert scriptlet on non-UEFI systems (bsc#1191260) * rpm-script: link config also into /boot (bsc#1189879) * Import kernel scriptlets from kernel-source. (bsc#1189841, bsc#1190598) * Provide 'suse-kernel-rpm-scriptlets' The following package changes have been done: - suse-module-tools-12.6.1-27.6.1 updated From sle-updates at lists.suse.com Fri Dec 10 07:41:44 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Dec 2021 08:41:44 +0100 (CET) Subject: SUSE-CU-2021:579-1: Security update of suse/sle15 Message-ID: <20211210074144.6BA5CFC9F@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:579-1 Container Tags : suse/sle15:15.4 , suse/sle15:15.4.150400.21.47 Container Release : 150400.21.47 Severity : moderate Type : security References : 1162581 1174504 1187153 1187273 1188623 1191563 1191736 1192248 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3799-1 Released: Wed Nov 24 18:07:54 2021 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1187153,1187273,1188623 This update for gcc11 fixes the following issues: The additional GNU compiler collection GCC 11 is provided: To select these compilers install the packages: - gcc11 - gcc-c++11 - and others with 11 prefix. to select them for building: - CC='gcc-11' - CXX='g++-11' The compiler baselibraries (libgcc_s1, libstdc++6 and others) are being replaced by the GCC 11 variants. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3872-1 Released: Thu Dec 2 07:25:55 2021 Summary: Recommended update for cracklib Type: recommended Severity: moderate References: 1191736 This update for cracklib fixes the following issues: - Enable build time tests (bsc#1191736) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3899-1 Released: Fri Dec 3 11:27:41 2021 Summary: Security update for aaa_base Type: security Severity: moderate References: 1162581,1174504,1191563,1192248 This update for aaa_base fixes the following issues: - Allowed ping and ICMP commands without CAP_NET_RAW (bsc#1174504). - Add $HOME/.local/bin to PATH, if it exists (bsc#1192248). - Fixed get_kernel_version.c to work also for recent kernels on the s390/X platform (bsc#1191563). - Support xz compressed kernel (bsc#1162581) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.52.1 updated - bash-4.4-150400.23.36 updated - boost-license1_66_0-1.66.0-150400.16.1 updated - cpio-2.13-150400.1.23 updated - cracklib-dict-small-2.9.7-11.6.1 updated - cracklib-2.9.7-11.6.1 updated - libblkid1-2.37.2-150400.2.8 updated - libboost_system1_66_0-1.66.0-150400.16.1 updated - libboost_thread1_66_0-1.66.0-150400.16.1 updated - libbz2-1-1.0.8-150400.1.37 updated - libcom_err2-1.46.4-150400.1.9 updated - libcrack2-2.9.7-11.6.1 updated - libdw1-0.185-150400.2.37 updated - libelf1-0.185-150400.2.37 updated - libfdisk1-2.37.2-150400.2.8 updated - libgcc_s1-11.2.1+git610-1.3.9 updated - libgcrypt20-hmac-1.9.4-150400.1.49 updated - libgcrypt20-1.9.4-150400.1.49 updated - libgpg-error0-1.42-150400.1.47 updated - libgpgme11-1.16.0-150400.1.27 updated - libkeyutils1-1.6.3-150400.1.53 updated - libmount1-2.37.2-150400.2.8 updated - libopenssl1_1-hmac-1.1.1l-150400.2.22 updated - libopenssl1_1-1.1.1l-150400.2.22 updated - libp11-kit0-0.23.22-150400.1.6 updated - libreadline7-7.0-150400.23.36 updated - libsigc-2_0-0-2.10.7-150400.1.4 updated - libsmartcols1-2.37.2-150400.2.8 updated - libsolv-tools-0.7.20-150400.1.6 updated - libstdc++6-11.2.1+git610-1.3.9 updated - libsystemd0-249.7-150400.1.14 updated - libudev1-249.7-150400.1.14 updated - libuuid1-2.37.2-150400.2.8 updated - libxml2-2-2.9.12-150400.2.1 updated - libzstd1-1.5.0-150400.1.5 updated - libzypp-17.28.8-150400.1.4 updated - login_defs-4.8.1-150400.7.12 updated - openssl-1_1-1.1.1l-150400.2.22 updated - p11-kit-tools-0.23.22-150400.1.6 updated - p11-kit-0.23.22-150400.1.6 updated - rpm-config-SUSE-1-150400.11.13 updated - shadow-4.8.1-150400.7.12 updated - sles-release-15.4-150400.25.3 updated - system-group-hardware-20170617-150400.21.12 updated - util-linux-2.37.2-150400.2.8 updated From sle-updates at lists.suse.com Fri Dec 10 08:17:47 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Dec 2021 09:17:47 +0100 (CET) Subject: SUSE-RU-2021:3986-1: moderate: Recommended update for suse-module-tools Message-ID: <20211210081747.03DCFFC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for suse-module-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3986-1 Rating: moderate References: #1187196 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for suse-module-tools fixes the following issues: - Blacklist isst_if_mbox_msr driver because uses hardware information based on CPU family and model, which is too unspecific. On large systems, this causes a lot of failing loading attempts for this driver, leading to slow or even stalled boot (bsc#1187196) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-3986=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3986=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): suse-module-tools-15.2.16-4.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): suse-module-tools-15.2.16-4.12.1 References: https://bugzilla.suse.com/1187196 From sle-updates at lists.suse.com Fri Dec 10 08:20:17 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Dec 2021 09:20:17 +0100 (CET) Subject: SUSE-RU-2021:3982-1: moderate: Recommended update for librsvg Message-ID: <20211210082017.8D7FEFC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for librsvg ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3982-1 Rating: moderate References: #1189304 #1191114 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for librsvg fixes the following issues: - Bump required rust version to rust-1.53, in order to avoid a ppc64le crash (bsc#1189304, bsc#1191114) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-3982=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-3982=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3982=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3982=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): librsvg-debugsource-2.46.5-3.6.1 librsvg-devel-2.46.5-3.6.1 typelib-1_0-Rsvg-2_0-2.46.5-3.6.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): librsvg-debugsource-2.46.5-3.6.1 librsvg-devel-2.46.5-3.6.1 typelib-1_0-Rsvg-2_0-2.46.5-3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): gdk-pixbuf-loader-rsvg-2.46.5-3.6.1 gdk-pixbuf-loader-rsvg-debuginfo-2.46.5-3.6.1 librsvg-2-2-2.46.5-3.6.1 librsvg-2-2-debuginfo-2.46.5-3.6.1 librsvg-debugsource-2.46.5-3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): gdk-pixbuf-loader-rsvg-2.46.5-3.6.1 gdk-pixbuf-loader-rsvg-debuginfo-2.46.5-3.6.1 librsvg-2-2-2.46.5-3.6.1 librsvg-2-2-debuginfo-2.46.5-3.6.1 librsvg-debugsource-2.46.5-3.6.1 References: https://bugzilla.suse.com/1189304 https://bugzilla.suse.com/1191114 From sle-updates at lists.suse.com Fri Dec 10 08:21:40 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Dec 2021 09:21:40 +0100 (CET) Subject: SUSE-RU-2021:3984-1: moderate: Recommended update for md_monitor Message-ID: <20211210082140.5F975FC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for md_monitor ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3984-1 Rating: moderate References: #1161872 #1192861 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for md_monitor fixes the following issues: - Fix md_monitor crash when a process stop, due to the file descriptors created from md_monitor that exceed the defined value 1024 in glibc. (bsc#1161872, bsc#1192861) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3984=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (s390x): md_monitor-6.6-7.13.2 md_monitor-debuginfo-6.6-7.13.2 md_monitor-debugsource-6.6-7.13.2 References: https://bugzilla.suse.com/1161872 https://bugzilla.suse.com/1192861 From sle-updates at lists.suse.com Fri Dec 10 08:22:57 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Dec 2021 09:22:57 +0100 (CET) Subject: SUSE-RU-2021:3987-1: moderate: Recommended update for suse-module-tools Message-ID: <20211210082257.D61BFFC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for suse-module-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3987-1 Rating: moderate References: #1187196 Affected Products: SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for suse-module-tools fixes the following issues: - Blacklist isst_if_mbox_msr driver because uses hardware information based on CPU family and model, which is too unspecific. On large systems, this causes a lot of failing loading attempts for this driver, leading to slow or even stalled boot (bsc#1187196) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-3987=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-3987=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-3987=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-3987=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-3987=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-3987=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): suse-module-tools-15.1.24-3.22.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): suse-module-tools-15.1.24-3.22.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): suse-module-tools-15.1.24-3.22.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): suse-module-tools-15.1.24-3.22.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): suse-module-tools-15.1.24-3.22.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): suse-module-tools-15.1.24-3.22.1 - SUSE CaaS Platform 4.0 (x86_64): suse-module-tools-15.1.24-3.22.1 References: https://bugzilla.suse.com/1187196 From sle-updates at lists.suse.com Fri Dec 10 08:24:11 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Dec 2021 09:24:11 +0100 (CET) Subject: SUSE-RU-2021:3983-1: moderate: Recommended update for libstorage-ng Message-ID: <20211210082411.E0F2FFC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for libstorage-ng ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3983-1 Rating: moderate References: #1186823 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Installer 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libstorage-ng fixes the following issues: - Fix having an empty partition table and a filesystem directly on the logical unit number (LUN), which confuses the yast2-partitioner.The solution is to prefer file system over empty MS-DOS partition table (bsc#1186823) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-3983=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3983=1 - SUSE Linux Enterprise Installer 15-SP2: zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2021-3983=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): libstorage-ng-debuginfo-4.2.78-3.13.1 libstorage-ng-debugsource-4.2.78-3.13.1 libstorage-ng-utils-4.2.78-3.13.1 libstorage-ng-utils-debuginfo-4.2.78-3.13.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libstorage-ng-debuginfo-4.2.78-3.13.1 libstorage-ng-debugsource-4.2.78-3.13.1 libstorage-ng-devel-4.2.78-3.13.1 libstorage-ng-ruby-4.2.78-3.13.1 libstorage-ng-ruby-debuginfo-4.2.78-3.13.1 libstorage-ng1-4.2.78-3.13.1 libstorage-ng1-debuginfo-4.2.78-3.13.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): libstorage-ng-lang-4.2.78-3.13.1 - SUSE Linux Enterprise Installer 15-SP2 (aarch64 ppc64le s390x x86_64): libstorage-ng-ruby-4.2.78-3.13.1 libstorage-ng1-4.2.78-3.13.1 References: https://bugzilla.suse.com/1186823 From sle-updates at lists.suse.com Fri Dec 10 08:25:25 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Dec 2021 09:25:25 +0100 (CET) Subject: SUSE-RU-2021:3981-1: moderate: Recommended update for ocfs2-tools and libdlm Message-ID: <20211210082525.9B364FC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for ocfs2-tools and libdlm ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3981-1 Rating: moderate References: #1191810 #1192103 Affected Products: SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for ocfs2-tools and libdlm fixes the following issues: ocfs2-tools: - Fix mounted.ocfs2 output when some devices are not ready (bsc#1191810) - Rollback when dir_index creation fails (bsc#1192103) libdlm: - Added libdlm to fix missing dependency Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2021-3981=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-3981=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2021-3981=1 Package List: - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): libdlm-4.0.9-6.8.1 libdlm-debuginfo-4.0.9-6.8.1 libdlm-debugsource-4.0.9-6.8.1 libdlm-devel-4.0.9-6.8.1 libdlm3-4.0.9-6.8.1 libdlm3-debuginfo-4.0.9-6.8.1 ocfs2-tools-1.8.5-12.11.1 ocfs2-tools-debuginfo-1.8.5-12.11.1 ocfs2-tools-debugsource-1.8.5-12.11.1 ocfs2-tools-o2cb-1.8.5-12.11.1 ocfs2-tools-o2cb-debuginfo-1.8.5-12.11.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): libdlm-4.0.9-6.8.1 libdlm-debuginfo-4.0.9-6.8.1 libdlm-debugsource-4.0.9-6.8.1 libdlm-devel-4.0.9-6.8.1 libdlm3-4.0.9-6.8.1 libdlm3-debuginfo-4.0.9-6.8.1 ocfs2-tools-1.8.5-12.11.1 ocfs2-tools-debuginfo-1.8.5-12.11.1 ocfs2-tools-debugsource-1.8.5-12.11.1 ocfs2-tools-o2cb-1.8.5-12.11.1 ocfs2-tools-o2cb-debuginfo-1.8.5-12.11.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): libdlm-4.0.9-6.8.1 libdlm-debuginfo-4.0.9-6.8.1 libdlm-debugsource-4.0.9-6.8.1 libdlm-devel-4.0.9-6.8.1 libdlm3-4.0.9-6.8.1 libdlm3-debuginfo-4.0.9-6.8.1 ocfs2-tools-1.8.5-12.11.1 ocfs2-tools-debuginfo-1.8.5-12.11.1 ocfs2-tools-debugsource-1.8.5-12.11.1 ocfs2-tools-o2cb-1.8.5-12.11.1 ocfs2-tools-o2cb-debuginfo-1.8.5-12.11.1 References: https://bugzilla.suse.com/1191810 https://bugzilla.suse.com/1192103 From sle-updates at lists.suse.com Fri Dec 10 08:27:49 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Dec 2021 09:27:49 +0100 (CET) Subject: SUSE-RU-2021:3985-1: moderate: Recommended update for suse-module-tools Message-ID: <20211210082749.B9780FC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for suse-module-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3985-1 Rating: moderate References: #1187196 Affected Products: SUSE MicroOS 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for suse-module-tools fixes the following issues: - Blacklist isst_if_mbox_msr driver because uses hardware information based on CPU family and model, which is too unspecific. On large systems, this causes a lot of failing loading attempts for this driver, leading to slow or even stalled boot (bsc#1187196) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-3985=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3985=1 Package List: - SUSE MicroOS 5.1 (aarch64 s390x x86_64): suse-module-tools-15.3.15-3.17.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): suse-module-tools-15.3.15-3.17.1 References: https://bugzilla.suse.com/1187196 From sle-updates at lists.suse.com Fri Dec 10 14:30:13 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Dec 2021 15:30:13 +0100 (CET) Subject: SUSE-RU-2021:3990-1: moderate: Recommended update for installation-images Message-ID: <20211210143013.882CEFC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for installation-images ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3990-1 Rating: moderate References: #1187434 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for installation-images fixes the following issues: - Fix conditions for turning on/off zram (bnc#1187434) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3990=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): tftpboot-installation-SLE-15-SP3-aarch64-16.56.13-3.9.1 tftpboot-installation-SLE-15-SP3-ppc64le-16.56.13-3.9.1 tftpboot-installation-SLE-15-SP3-s390x-16.56.13-3.9.1 tftpboot-installation-SLE-15-SP3-x86_64-16.56.13-3.9.1 References: https://bugzilla.suse.com/1187434 From sle-updates at lists.suse.com Fri Dec 10 14:31:33 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Dec 2021 15:31:33 +0100 (CET) Subject: SUSE-RU-2021:3988-1: moderate: Recommended update for zypper Message-ID: <20211210143133.8C651FC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for zypper ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3988-1 Rating: moderate References: #1178925 #1179847 #1186503 #1187466 #1187760 #1190530 #1191286 SLE-17973 SLE-17974 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that has 7 recommended fixes and contains two features can now be installed. Description: This update for zypper stack fixes the following issues: - Fixed a typo on list-patches help. (bsc#1178925) - Manpage: Improve patch description to clarify what areas are affected. (bsc#1187466) - Turn on rich dependency handling needed for PTF support. (bnc#1190530) Rebuild all caches to make sure rich dependency handling is turned on. - Fix solver jobs for PTFs. (bsc#1186503) - Enhanced support for PTFs. (jsc#SLE-17973, jsc#SLE-17974) - Identify well-known category names for better sorting. (bsc#1179847) - Rephrase vendor conflict message in case 2 packages are involved. (bsc#1187760) - Don't probe for plaindir repo if URL schema is plugin. (bsc#1191286) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-3988=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): zypper-log-1.13.60-18.55.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libsolv-debugsource-0.6.38-2.27.29.1 libsolv-devel-0.6.38-2.27.29.1 libsolv-tools-0.6.38-2.27.29.1 libsolv-tools-debuginfo-0.6.38-2.27.29.1 libzypp-16.22.3-27.82.1 libzypp-debuginfo-16.22.3-27.82.1 libzypp-debugsource-16.22.3-27.82.1 libzypp-devel-16.22.3-27.82.1 perl-solv-0.6.38-2.27.29.1 perl-solv-debuginfo-0.6.38-2.27.29.1 python-solv-0.6.38-2.27.29.1 python-solv-debuginfo-0.6.38-2.27.29.1 zypper-1.13.60-18.55.1 zypper-debuginfo-1.13.60-18.55.1 zypper-debugsource-1.13.60-18.55.1 References: https://bugzilla.suse.com/1178925 https://bugzilla.suse.com/1179847 https://bugzilla.suse.com/1186503 https://bugzilla.suse.com/1187466 https://bugzilla.suse.com/1187760 https://bugzilla.suse.com/1190530 https://bugzilla.suse.com/1191286 From sle-updates at lists.suse.com Fri Dec 10 14:38:23 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Dec 2021 15:38:23 +0100 (CET) Subject: SUSE-RU-2021:3989-1: moderate: Recommended update for transactional-update Message-ID: <20211210143823.42911FC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for transactional-update ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3989-1 Rating: moderate References: #1188110 #1191945 #1192078 #1192242 #1192302 Affected Products: SUSE MicroOS 5.1 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for transactional-update fixes the following issues: - Bind mount root file system snapshot on itself, this makes the temporary directory in /tmp unnecessary - Fix `pkcon system-upgrade` to return the correct snapshot's working directory (bsc#1188110) - Use separate mount namespace for transactional-update. It fixes several applications that fail to run if a mount point has the 'unbindable' mount flag set - Fix rsyncing /etc into the running system with `--drop-if-no-change` (bsc#1192242) - Simplify mount hierarchy by just using a single slave bind mount as the root of the update environment; this may avoid the error messages of failed unmounts May fix (bsc#1191945) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-3989=1 Package List: - SUSE MicroOS 5.1 (aarch64 s390x x86_64): libtukit0-3.6.2-3.8.1 libtukit0-debuginfo-3.6.2-3.8.1 transactional-update-3.6.2-3.8.1 transactional-update-debuginfo-3.6.2-3.8.1 transactional-update-debugsource-3.6.2-3.8.1 tukit-3.6.2-3.8.1 tukit-debuginfo-3.6.2-3.8.1 - SUSE MicroOS 5.1 (noarch): dracut-transactional-update-3.6.2-3.8.1 transactional-update-zypp-config-3.6.2-3.8.1 References: https://bugzilla.suse.com/1188110 https://bugzilla.suse.com/1191945 https://bugzilla.suse.com/1192078 https://bugzilla.suse.com/1192242 https://bugzilla.suse.com/1192302 From sle-updates at lists.suse.com Fri Dec 10 14:40:15 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Dec 2021 15:40:15 +0100 (CET) Subject: SUSE-RU-2021:3991-1: important: Recommended update for python-boto3 Message-ID: <20211210144015.DEC0CFC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-boto3 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3991-1 Rating: important References: #1075263 #1146853 #1189649 SLE-22564 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has three recommended fixes and contains one feature can now be installed. Description: This update for python-boto3 fixes the following issues: -Disables Py 2 build for SLE 15 -Py 2 is considered legacy with limited support. -Update to version 1.18.7 (bsc#1189649) - S3 Access Point aliases can be used anywhere you use S3 bucket names to access data in S3 - Adds support for AnalyzeExpense, a new API to extract relevant data such as contact information, items purchased, and vendor name, from almost any invoice or receipt without the need for any templates or configuration. - Documentation-only update links - Documentation updates for SSO API Ref. - Update cloudwatch client to latest version - CloudWatch Synthetics now supports visual testing in its canaries. - Added product name, company name, and Region fields for security findings. Added details objects for RDS event subscriptions and AWS ECS services. Added fields to the details for AWS Elasticsearch domains. - Update to documentation to reapply missing change to SSM uninstall switch default value and improve description. - Add on-premise access type support for endpoints - MediaLive now supports passing through style data on WebVTT caption outputs. - This SDK release adds two new features: 1) Output to Native JDBC destinations and 2) Adding configurations to profile jobs - Update elbv2 client to latest version - Documentation updates for Amazon S3-control - This release allows customers to assign prefixes to their elastic network interface and to reserve IP blocks in their subnet CIDRs. These reserved blocks can be used to assign prefixes to elastic network interfaces or be excluded from auto-assignment. - Amazon QLDB now supports ledgers encrypted with customer managed KMS keys. Changes in CreateLedger, UpdateLedger and DescribeLedger APIs to support the changes. - Amazon Kendra now provides a data source connector for Amazon WorkDocs. - Documentation updates for AWS Proton - Documentation updates for AWS Identity and Access Management (IAM). - Adds the OriginalSnapshotCreateTime field to the DBSnapshot response object. This field timestamps the underlying data of a snapshot and doesn't change when the snapshot is copied. - Update elbv2 client to latest version - New ResourceConflictException error code for PutFunctionEventInvokeConfig, UpdateFunctionEventInvokeConfig, and DeleteFunctionEventInvokeConfig operations. - AWS CodeBuild now allows you to set the access permissions for build artifacts, project artifacts, and log files that are uploaded to an Amazon S3 bucket that is owned by another account. - My AWS Service (placeholder) -Making minProvisionedTPS an optional parameter when creating a campaign. If not provided, it defaults to 1. - Update emr client to latest version - Documentation updates for Compute Optimizer - Added idempotency to the CreateVolume API using the ClientToken request parameter - Documentation updates for reversal of default value for additional instance configuration SSM switch, plus improved descriptions for semantic versioning. - Documentation updates for directconnect - In the Health API, the maximum number of entities for the EventFilter and EntityFilter data types has changed from 100 to 99. This change is related to an internal optimization of the AWS Health service. - This release allows customers to create a new version of WorldTemplates with support for Doors. - Add five new API operations: UpdateGeofenceCollection, UpdateMap, UpdatePlaceIndex, UpdateRouteCalculator, UpdateTracker. - Updated DescribeManagedEndpoint and ListManagedEndpoints to return failureReason and stateDetails in API response. - Documentation update for AppIntegrations Service - This SDK release adds Account Status as one of the attributes in Account API response - This release relaxes the S3 URL character restrictions in AWS Audit Manager. Regex patterns have been updated for the following attributes: s3RelativePath, destination, and s3ResourcePath. 'AWS' terms have also been replaced with entities to align with China Rebrand documentation efforts. - This feature enables customers to specify weekly recurring time window(s) for scheduled events that reboot, stop or terminate EC2 instances. - Documentation updates for cognito-idp - Documentation updates for support of awsvpc mode on Windows. Lex now supports the en-IN locale - Update the default endpoint for the APIs used to manage asset models, assets, gateways, tags, and account configurations. If you have firewalls with strict egress rules, configure the rules to grant you access to api.iotsitewise.[region].amazonaws.com or api.iotsitewise.[cn-region].amazonaws.com.cn. - Drop support for Python 2.7 - Dropped support for Python 2.7 - Release of feature needed for ECA-Endpoint settings. This allows customer to delete a field in endpoint settings by using --exact-settings flag in modify-endpoint api. This also displays default values for certain required fields of endpoint settings in describe-endpoint-settings api. - Add support for Event Driven Workflows - Added support for RSA 3072 SSL certificate import - General availability for Amazon HealthLake. StartFHIRImportJob and StartFHIRExportJob APIs now require AWS KMS parameter. For more information, see the Amazon HealthLake Documentation https://docs.aws.amazon.com/healthlake/index.html. - This update provides support for Well- Architected API users to mark answer choices as not applicable. - This release adds support for the Amazon Lightsail object storage service, which allows you to create buckets and store objects. - Added Sign in with Apple OAuth provider. - Release new APIs to support new Redshift feature -Authentication Profile - Changes to OpsCenter APIs to support a new feature, operational insights. - Customers can now migrate bots built with Lex V1 APIs to V2 APIs. This release adds APIs to initiate and manage the migration of a bot. - This release adds a new filed named awsLogicalDeviceId that it displays the AWS Direct Connect endpoint which terminates a physical connection's BGP Sessions. - Documentation updates for api.pricing - Documentation updates for Wesley to support the parallel node upgrade feature. - Amazon Kendra now supports Principal Store - Releasing new APIs related to Tuning steps in model building pipelines. - This release adds support for ML Explainability to display model variable importance value in Amazon Fraud Detector. - MediaConvert now supports color, style and position information passthrough from 608 and Teletext to SRT and WebVTT subtitles. MediaConvert now also supports Automatic QVBR quality levels for QVBR RateControlMode. - Added waiters for EKS FargateProfiles. - Added property filters for listOutposts - AWS Firewall Manager now supports route table monitoring, and provides remediation action recommendations to security administrators for AWS Network Firewall policies with misconfigured routes. - Add ListAlerts for Channel, Program, Source Location, and VOD Source to return alerts for resources. - Add AnomalyReportedTimeRange field to include open and close time of anomalies. - Updated description for CreateContactChannel contactId. - Documentation updates for AWS Identity and Access Management (IAM). - Documentation updates for AWS Security Token Service. - adds support for modifying the maintenance window for brokers. - Amazon CloudFront now provides two new APIs, ListConflictingAliases and AssociateAlias, that help locate and move Alternate Domain Names (CNAMEs) if you encounter the CNAMEAlreadyExists error code. - Releasing new APIs for AWS Chime MediaCapturePipeline - This release add storage configuration APIs for AWS IoT SiteWise. - Adding support for oplocks for SMB file shares, S3 Access Point and S3 Private Link for all file shares and IP address support for file system associations - This release adds resource ids and tagging support for VPC security group rules. - Added support for AmazonMQRabbitMQ as an event source. Added support for VIRTUAL_HOST as SourceAccessType for streams event source mappings. - Adds support for specifying parameters to customize components for recipes. Expands configuration of the Amazon EC2 instances that are used for building and testing images, including the ability to specify commands to run on launch, and more control over installation and removal of the SSM agent. - Bug fix: Remove not supported EBS encryption type "NONE" - Adding new error code UnsupportedAddonModification for Addons in EKS - Sensitive data findings in Amazon Macie now include enhanced location data for JSON and JSON Lines files - Documentation updates for Amazon SNS. - Update elbv2 client to latest version - This release removes network-insights-boundary - SageMaker model registry now supports up to 5 containers and associated environment variables. - Documentation updates for Amazon SQS. - Adding a new reserved field to support future infrastructure improvements for Amazon EC2 Fleet. - Amazon EC2 Auto Scaling infrastructure improvements and optimizations. - Amazon Kendra Enterprise Edition now offered in smaller more granular units to enable customers with smaller workloads. Virtual Storage Capacity units now offer scaling in increments of 100,000 documents (up to 30GB) per unit and Virtual Query Units offer scaling increments of 8,000 queries per day. - Add support for Widevine DRM on CMAF packaging configurations. Both Widevine and FairPlay DRMs can now be used simultaneously, with CBCS encryption. - Fixes the tag key length range to 128 chars, tag value length to 256 chars; Adds support for UTF-8 chars for contact and channel names, Allows users to unset name in UpdateContact API; Adds throttling exception to StopEngagement API, validation exception to APIs UntagResource, ListTagsForResource - Adds support for the output of job results to the AWS Glue Data Catalog. - AWS Cloud Map now allows configuring the TTL of the SOA record for a hosted zone to control the negative caching for new services. - Sagemaker Neo now supports running compilation jobs using customer's Amazon VPC - Add JSON Support for Glue Schema Registry - Added InvalidClusterStateFault to the DisableLogging API, thrown when calling the API on a non available cluster. - MediaConvert adds support for HDR10+, ProRes 4444, and XAVC outputs, ADM/DAMF support for Dolby Atmos ingest, and alternative audio and WebVTT caption ingest via HLS inputs. MediaConvert also now supports creating trickplay outputs for Roku devices for HLS, CMAF, and DASH output groups. - Added waiters for template registration, service operations, and environment deployments. - Imports an existing backend authentication resource. - AWS Snow Family customers can remotely monitor and operate their connected AWS Snowcone devices. AWS Snowball Edge Storage Optimized customers can now import and export their data using NFS. - Adds EventIngestionUrl field to MediaPlacement - Minor update to AWS Cloud9 documentation to allow correct parsing of outputted text - Released Amazon Connect quick connects management API for general availability (GA). For more information, see https://docs.aws.amazon.com/connect/latest/APIReference/Welcome.html - Add support for encryption in transit to DAX clusters. - Added support for 15 new text transformation. - Amazon Kendra now supports SharePoint 2013 and SharePoint 2016 when using a SharePoint data source. - Added new resource details for ECS clusters and ECS task definitions. Added additional information for S3 buckets, Elasticsearch domains, and API Gateway V2 stages. - Customers can successfully use legacy clients with Transfer Family endpoints enabled for FTPS and FTP behind routers, firewalls, and load balancers by providing a Custom IP address used for data channel communication. - BucketOwnerAccess is currently not supported - DocumentDB documentation-only edits - Updated documentation for CreateEnvironmentEC2 to explain that because Amazon Linux AMI has ended standard support as of December 31, 2020, we recommend you choose Amazon Linux 2--which includes long term support through 2023--for new AWS Cloud9 environments. - Releasing new APIs for AWS QuickSight Folders - Update GetChannelSchedule to return information on ad breaks. - Amazon CloudFront adds support for a new security policy, TLSv1.2_2021. - AWS License Manager now allows license administrators and end users to communicate to each other by setting custom status reasons when updating the status on a granted license. - This release adds support for provisioning your own IP (BYOIP) range in multiple regions. This feature is in limited Preview for this release. Contact your account manager if you are interested in this feature. - Added the following parameters to ECS targets: CapacityProviderStrategy, EnableECSManagedTags, EnableExecuteCommand, PlacementConstraints, PlacementStrategy, PropagateTags, ReferenceId, and Tags - This release replaces previous generation CloudSearch instances with equivalent new instances that provide better stability at the same price. - Adds support for S3 based full repository analysis and changed lines scan. - CloudFormation registry service now supports 3rd party public type sharing - Amazon Kendra now supports the indexing of web documents for search through the web crawler. - Enable ml.g4dn instance types for SageMaker Batch Transform and SageMaker Processing - This release enables Database Activity Streams for RDS Oracle - This release adds a new API UpdateSipMediaApplicationCall, to update an in-progress call for SipMediaApplication. - Adds support for multi-Region keys - This release adds support for VLAN-tagged network traffic over an Elastic Network Interface (ENI). This feature is in limited Preview for this release. Contact your account manager if you are interested in this feature. - This release enables fast cloning in Aurora Serverless. You can now clone between Aurora Serverless clusters and Aurora Provisioned clusters. - Adds AWS Secrets Manager Access Token Authentication for Source Locations - Redshift Data API service now supports SQL parameterization. - This release adds new sets of APIs: AssociateBot, DisassociateBot, and ListBots. You can use it to programmatically add an Amazon Lex bot or Amazon Lex V2 bot on the specified Amazon Connect instance - EC2 M5n, M5dn, R5n, R5dn metal instances with 100 Gbps network performance and Elastic Fabric Adapter (EFA) for ultra low latency - Update lexv2-runtime client to latest version - Update lexv2-models client to latest version - Added "LEARNING" status for anomaly detector and updated description for "Offset" parameter in MetricSet APIs. - Adds support for data store partitions. - We have verified the APIs being released here and are ready to release - Amazon EC2 adds new AMI property to flag outdated AMIs - AWS MediaLive now supports OCR-based conversion of DVB-Sub and SCTE-27 image-based source captions to WebVTT, and supports ingest of ad avail decorations in HLS input manifests. - When you enable source failover, you can now designate one of two sources as the primary source. You can choose between two failover modes to prevent any disruption to the video stream. Merge combines the sources into a single stream. Failover allows switching between a primary and a backup stream. - Using SageMaker Edge Manager with AWS IoT Greengrass v2 simplifies accessing, maintaining, and deploying models to your devices. You can now create deployable IoT Greengrass components during edge packaging jobs. You can choose to create a device fleet with or without creating an AWS IoT role alias. - AppMesh now supports additional routing capabilities in match and rewrites for Gateway Routes and Routes. Additionally, App Mesh also supports specifying DNS Response Types in Virtual Nodes. - Added InvalidClusterStateFault to the ModifyAquaConfiguration API, thrown when calling the API on a non available cluster. - This SDK release adds support for UpdateAccount API to allow users to update their default license on Chime account. - This release adds a new optional parameter connectivityType (public, private) for the CreateNatGateway API. Private NatGateway does not require customers to attach an InternetGateway to the VPC and can be used for communication with other VPCs and on-premise networks. - AWS Resource Access Manager (RAM) is releasing new field isResourceTypeDefault in ListPermissions and GetPermission response, and adding permissionArn parameter to GetResourceShare request to filter by permission attached - Release BatchGetRecord API for AWS SageMaker Feature Store Runtime. - Amazon Cognito now supports targeted sign out through refresh token revocation - Adding MAP_ALL task type support. - This release supports KMS customer-managed Customer Master Keys (CMKs) on member-specific Hyperledger Fabric resources. - Documentation updates for the AWS Transfer Family service. - Support for unstructured text inputs in the items dataset to to automatically extract key information from product/content description as an input when creating solution versions. - This is the initial SDK release for AWS Proton - AWS Kendra now supports checking document status. - This release adds support for auditing end-user access to files, folders, and file shares using Windows event logs, enabling customers to meet their security and compliance needs. - increase max pagesize for List/Search apis - This release of the Amazon Macie API introduces stricter validation of S3 object criteria for classification jobs. - Documentation updates for cognito-idp - AWS SageMaker -Releasing new APIs related to Callback steps in model building pipelines. Adds experiment integration to model building pipelines. - Add SampleSize variable to S3Target to enable s3-sampling feature through API. - Update regex validation in kmsKeyArn and s3 path API parameters for AWS Personalize APIs - Added updateConfig option that allows customers to control upgrade velocity in Managed Node Group. - Documentation updates for RDS: fixing an outdated link to the RDS documentation in DBInstance$DBInstanceStatus - The new GetDimensionKeyDetails action retrieves the attributes of the specified dimension group for a DB instance or data source. - AWS CloudTrail supports data events on new service resources, including Amazon DynamoDB tables and S3 Object Lambda access points. - Add support for automatically setting the H.264 adaptive quantization and GOP B-frame fields. - Documentation updates for Amazon EC2 Auto Scaling - Documentation updates for Amazon QLDB - S3 Inventory now supports Bucket Key Status - Amazon S3 Batch Operations now supports S3 Bucket Keys. - Documentation updates for Route 53 Resolver - Documentation updates for ssm to fix customer reported issue - Added optional field AutoMLOverrideStrategy to CreatePredictor API that allows users to customize AutoML strategy. If provided in CreatePredictor request, this field is visible in DescribePredictor and GetAccuracyMetrics responses. - Update BuildRequires and Requires from setup.py - Update to version 1.17.86 - You can now launch EC2 instances with GP3 volumes when using Auto Scaling groups with Launch Configurations - Documentation updates for Lightsail - Documentation updates for Amazon ECS. - This SDK release adds support for DocDB global clusters. - Documentation updates for AWS Identity and Access Management (IAM). - Introduction of a RETIRED status for devices. - This release adds SMS sandbox in Amazon SNS and the ability to view all configured origination numbers. The SMS sandbox provides a safe environment for sending SMS messages, without risking your reputation as an SMS sender. - Amazon Polly adds new Canadian French voice -Gabrielle. Gabrielle is available as Neural voice only. - Added idempotency to CreateNetworkInterface using the ClientToken parameter. - Added six new public customer logging APIs to allow customers to set/get/reset log levels at resource type and resource id level. The log level set from the APIs will be used to filter log messages that can be emitted to CloudWatch in customer accounts. - Bugfixes -The DiscoverInstances API operation now provides an option to return all instances for health-checked services when there are no healthy instances available. - Allowing dot(.) character in table name for RDS and Redshift as source connector. - Adds support for calculation of routes, resource tagging and customer provided KMS keys. - Added SecurityDescriptorCopyFlags option that allows for control of which components of SMB security descriptors are copied from source to destination objects. - Releasing new APIs for AWS IoT Events Alarms - Introduces support for using our desktop testing service with applications hosted within your Virtual Private Cloud (VPC). - Amazon Kendra now suggests popular queries in order to help guide query typing and help overall accuracy. - IoT SiteWise Monitor Portal API updates to add alarms feature configuration. - Documentation updates for Resource Groups. - Documentation updates for Lightsail - Releasing new APIs for AWS IoT Events Alarms - This release adds LZ4 data compression support to FSx for Lustre to reduce storage consumption of both file system storage and file system backups. - Documentation updates for Amazon SQS for General Availability of high throughput for FIFO queues. - This release removes resource ids and tagging support for VPC security group rules. - Support STANDARD permissions mode in CreateLedger and DescribeLedger. Add UpdateLedgerPermissionsMode to update permissions mode on existing ledgers. - Documentation fix for CloudFront - Add ConflictException to DeleteOutpost, CreateOutpost - Adds scheduler count selection for Environments using Airflow version 2.0.2 or later. - This release adds resource ids and tagging support for VPC security group rules. - The release adds support for registering External instances to your Amazon ECS clusters. - This release enables customers to store CRLs in S3 buckets with Block Public Access enabled. The release adds the S3ObjectAcl parameter to the CreateCertificateAuthority and UpdateCertificateAuthority APIs to allow customers to choose whether their CRL will be publicly available. - AWS Transfer Family customers can now use AWS Managed Active Directory or AD Connector to authenticate their end users, enabling seamless migration of file transfer workflows that rely on AD authentication, without changing end users' credentials or needing a custom authorizer. - This release includes support for a new feature: Job templates for AWS IoT Device Management Jobs. The release includes job templates as a new resource and APIs for managing job templates. - Adds support for Linux device types in WorkspaceAccessProperties - Add new parameters on RegisterUser and UpdateUser APIs to assign or update external ID associated to QuickSight users federated through web identity. - Introduced FindingReasonCodes, PlatformDifferences, DiskResourceUtilization and NetworkResourceUtilization to GetRightsizingRecommendation action - Adds support for 1) additional instance types, 2) additional instance metrics, 3) finding reasons for instance recommendations, and 4) platform differences between a current instance and a recommended instance type. - This release adds support for creating and managing EC2 On-Demand Capacity Reservations on Outposts. - This release provides dimensions and unit support for metric filters. - Update efs client to latest version - Documentation updates for Amazon S3 - Updated attribute statistics in DescribeDatasetImportJob response to support Long values - New PUPPET_API_CRL attribute returned by DescribeServers API; new EngineVersion of 2019 available for Puppet Enterprise servers. - Added new API to stop a solution version creation that is pending or in progress for Amazon Personalize - Update lexv2-models client to latest version - Add ARN based Row Level Security support to CreateDataSet/UpdateDataSet APIs. - Documentation updates for AWS Identity and Access Management (IAM). - Kinesis Data Analytics now allows rapid iteration on Apache Flink stream processing through the Kinesis Data Analytics Studio feature. - Amazon Rekognition Custom Labels adds support for customer managed encryption, using AWS Key Management Service, of image files copied into the service and files written back to the customer. - Add pagination to ListUserTags operation - Update the EKS AddonActive waiter. - With this release, customers can easily use Predictive Scaling as a policy directly through Amazon EC2 Auto Scaling configurations to proactively scale their applications ahead of predicted demand. - Documentation updates for Amazon Lightsail. - Update BuildRequires and Requires from setup.py -Update to version 1.17.75 - Documentation updates for support - AWS App Runner is a service that provides a fast, simple, and cost-effective way to deploy from source code or a container image directly to a scalable and secure web application in the AWS Cloud. - This release enables compute optimizer to support exporting recommendations to Amazon S3 for EBS volumes and Lambda Functions. - Amazon Personalize now supports the ability to optimize a solution for a custom objective in addition to maximizing relevance. - AWS License Manager now supports periodic report generation. - Documentation updates for AWS IoT SiteWise. - Update lexv2-models client to latest version - MediaConnect now supports JPEG XS for AWS Cloud Digital Interface (AWS CDI) uncompressed workflows, allowing you to establish a bridge between your on-premises live video network and the AWS Cloud. - Documentation updates for Amazon A2I Runtime model - APIs for AWS Application Cost Profiler - Neptune support for CopyTagsToSnapshots - AWS IoT Core Device Advisor is fully managed test capability for IoT devices. Device manufacturers can use Device Advisor to test their IoT devices for reliable and secure connectivity with AWS IoT. - Documentation updates for elasticache - Update InputTransformer variable limit from 10 to 100 variables. - Block endpoint resolution of clients configured with S3 pseudo-regions (e.g. aws-global, s3-external-1) that will never resolve to a correct access point endpoint. - This release of the Amazon Macie API adds support for defining run-time, S3 bucket criteria for classification jobs. It also adds resources for querying data about AWS resources that Macie monitors. - Adds support for cold storage. - Updated descriptions to add notes on array lengths. - Updated descriptions of array parameters to add the restrictions on the array and value lengths. - Transcribe Medical now supports identification of PHI entities within transcripts - Text-only updates for bundled documentation feedback tickets -spring 2021. - Add validation to only attempt to connect to FIPS endpoints with a FIPS pseudo-region if the pseudo-region is explicitly known to the SDK. - High Memory virtual instances are powered by Intel Sky Lake CPUs and offer up to 12TB of memory. - AWS Systems Manager Incident Manager enables faster resolution of critical application availability and performance issues, management of contacts and post-incident analysis - Documentation updates for Amazon S3-control - AWS Elemental MediaConvert SDK has added support for Kantar SNAP File Audio Watermarking with a Kantar Watermarking account, and Display Definition Segment(DDS) segment data controls for DVB-Sub caption outputs. - This release contains updates for Amazon ECS. - Documentation updates for CodeArtifact - This release updates create-nodegroup and update-nodegroup-config APIs for adding/updating taints on managed nodegroups. - Add three new optional fields to support filtering and configurable sub-band in WirelessGateway APIs. The filtering is for all the RF region supported. The sub-band configuration is only applicable to LoRa gateways of US915 or AU915 RF region. - This release adds new APIs to associate, disassociate and list related items in SSM OpsCenter; and this release adds DisplayName as a version-level attribute for SSM Documents and introduces two new document types: ProblemAnalysis, ProblemAnalysisTemplate. - Amazon Kinesis Analytics now supports ListApplicationVersions and DescribeApplicationVersion API for Apache Flink applications - Adds paginator to multiple APIs: By default, the paginator allows user to iterate over the results and allows the CLI to return up to 1000 results. - This release adds Tag Based Access Control to AWS Lake Formation service - Enforcing UUID style for parameters that are already in UUID format today. Documentation specifying eventual consistency of lookoutmetrics resources. - Adds tagging support for Connect APIs CreateIntegrationAssociation and CreateUseCase. - Bugfix: Improved input validation for RegisterInstance action, InstanceId field - IAM Access Control for Amazon MSK enables you to create clusters that use IAM to authenticate clients and to allow or deny Apache Kafka actions for those clients. - SSM feature release -ChangeCalendar integration with StateManager. - AWS Snow Family adds APIs for ordering and managing Snow jobs with long term pricing - This release updates the CreateAssessmentFrameworkControlSet and UpdateAssessmentFrameworkControlSet API data types. For both of these data types, the control set name is now a required attribute. - Documentation Updates for Amazon Nimble Studio. - Amazon Kinesis Analytics now supports RollbackApplication for Apache Flink applications to revert the application to the previous running version - Amazon SageMaker Autopilot now provides the ability to automatically deploy the best model to an endpoint - Documentation updates for FinSpace API. - Documentation updates for FinSpaceData API. - Added GetCostEstimation and StartCostEstimation to get the monthly resource usage cost and added ability to view resource health by AWS service name and to search insights be AWS service name. - This release adds the KeyStorageSecurityStandard parameter to the CreateCertificateAuthority API to allow customers to mandate a security standard to which the CA key will be stored within. - Documentation updates for health - This release adds the ability to search for and order international phone numbers for Amazon Chime SIP media applications. - Enable retrying Training and Tuning Jobs that fail with InternalServerError by setting RetryStrategy. - Update FinSpace Data serviceAbbreviation - This is the initial SDK release for the data APIs for Amazon FinSpace. Amazon FinSpace is a data management and analytics application for the financial services industry (FSI). - Update mturk client to latest version - Added new BatchCreateChannelMembership API to support multiple membership creation for channels - This is the initial SDK release for the management APIs for Amazon FinSpace. Amazon FinSpace is a data management and analytics service for the financial services industry (FSI). - Updated ASFF to add the following new resource details objects: AwsEc2NetworkAcl, AwsEc2Subnet, and AwsElasticBeanstalkEnvironment. - Update URL for dataset export job documentation. - Allows user defined names for Changes in a ChangeSet. Users can use ChangeNames to reference properties in another Change within a ChangeSet. This feature allows users to make changes to an entity when the entity identifier is not yet available while constructing the StartChangeSet request. - Added new DeleteResourceTree operation that helps in deleting all the child resources of a given resource including the given resource. - Adds ROS2 Foxy as a supported Robot Software Suite Version and Gazebo 11 as a supported Simulation Software Suite Version - CloudFront now supports CloudFront Functions, a native feature of CloudFront that enables you to write lightweight functions in JavaScript for high-scale, latency-sensitive CDN customizations. - This release introduces GetMatches and MergeProfiles APIs to fetch and merge duplicate profiles - The Amazon Macie API now provides S3 bucket metadata that indicates whether a bucket policy requires server-side encryption of objects when objects are uploaded to the bucket. - Minor text updates for AWS Organizations API Reference - Add support for EphemeralStorage on TaskDefinition and TaskOverride - Increase AppInstanceUserId length to 64 characters - Updated max number of tags that can be attached from 200 to 50. MaxContacts is now an optional parameter for the UpdateQueueMaxContact API. - MediaPackage now offers the option to place your Sequence Parameter Set (SPS), Picture Parameter Set (PPS), and Video Parameter Set (VPS) encoder metadata in every video segment instead of in the init fragment for DASH and CMAF endpoints. - Amazon Nimble Studio is a virtual studio service that empowers visual effects, animation, and interactive content teams to create content securely within a scalable, private cloud service. - AWS IoT SiteWise interpolation API will get interpolated values for an asset property per specified time interval during a period of time. - Add CallAs parameter to GetTemplateSummary to enable use with StackSets delegated administrator integration - This release restricts using backslashes in control, assessment, and framework names. The controlSetName field of the UpdateAssessmentFrameworkControlSet API now allows strings without backslashes. - Adding support for Red Hat Enterprise Linux with HA for Reserved Instances. - Add a new optional field MessageType to support Sidewalk devices in SendDataToWirelessDevice API - Amazon Kinesis Data Analytics now supports custom application maintenance configuration using UpdateApplicationMaintenanceConfiguration API for Apache Flink applications. Customers will have visibility when their application is under maintenance status using 'MAINTENANCE' application status. - Added support for exporting data imported into an Amazon Personalize dataset to a specified data source (Amazon S3 bucket). - Documentation updates for mediaconvert - Include KMS Key Details in Repository Association APIs to enable usage of customer managed KMS Keys. - Adding Kafka Client Auth Related Parameters - This release updates existing Amazon EKS input validation so customers will see an InvalidParameterException instead of a ParamValidationError when they enter 0 for minSize and/or desiredSize. It also adds LaunchTemplate information to update responses and a new "CUSTOM" value for AMIType. - Add support for Widevine DRM on CMAF origin endpoints. Both Widevine and FairPlay DRMs can now be used simultaneously, with CBCS encryption. - Amazon SNS adds two new attributes, TemplateId and EntityId, for using sender IDs to send SMS messages to destinations in India. - This release adds EstimatedTimeRemaining minutes field to the DescribeDatasetImportJob, DescribePredictor, DescribeForecast API response which denotes the time remaining to complete the job IN_PROGRESS. - Replaced the term "master" with "administrator". Added new actions to replace AcceptInvitation, GetMasterAccount, and DisassociateFromMasterAccount. In Member, replaced MasterId with AdministratorId. - Documentation updates for cognito-idp - This release introduces log delivery of Redis slow log from Amazon ElastiCache. - Added parameters to track the data volume in bytes for a member account. Deprecated the existing parameters that tracked the volume as a percentage of the allowed volume for a behavior graph. Changes reflected in MemberDetails object. - Add operations: AddPartner, DescribePartners, DeletePartner, and UpdatePartnerStatus to support tracking integration status with data partners. - Support new S3 Recording Config allowing customers to write downlink data directly to S3. - Amazon Kendra now enables users to override index-level boosting configurations for each query. - Added support for creating and updating stack sets with self-managed permissions from templates that reference macros. - Added support for Amazon SageMaker in Machine Learning Savings Plans - Adding support for Sagemaker savings plans in GetSavingsPlansPurchaseRecommendation API - STS now supports assume role with Web Identity using JWT token length upto 20000 characters - AWS DMS added support of TLS for Kafka endpoint. Added Describe endpoint setting API for DMS endpoints. - For flows that use Listener protocols, you can now easily locate an output's outbound IP address for a private internet. Additionally, MediaConnect now supports the Waiters feature that makes it easier to poll for the status of a flow until it reaches its desired state. - Add exception for DeleteRemediationConfiguration and DescribeRemediationExecutionStatus - Documentation updates for route53 - This release adds tagging support for CodeStar Connections Host resources - Documentation updates for Amazon Lightsail. - This release adds the SourceIdentity parameter that can be set when assuming a role. - The InferICD10CM API now returns TIME_EXPRESSION entities that refer to medical conditions. - Clarify that enabling or disabling automated backups causes a brief downtime, not an outage. - Added support to enable AQUA in Amazon Redshift clusters. - Support for cross-region and cross-account backup copies - AWS CodeBuild now allows you to set the access permissions for build artifacts, project artifacts, and log files that are uploaded to an Amazon S3 bucket that is owned by another account. - Add support for case sensitive table level restore - Add paginator support to DescribeStoreImageTasks and update documentation. - CreateProtection now throws InvalidParameterException instead of InternalErrorException when system tags (tag with keys prefixed with "aws:") are passed in. - This release introduces support for Amazon Lookout for Equipment. - Documentation updates for archived.kinesisvideo - This release allows RoboMaker customers to specify custom tools to run with their simulation job - This release provides support for image updates - Documentation updates for AWS RAM resource sharing - Documentation updates for Put-Integration API - Amazon EC2 Auto Scaling announces Warm Pools that help applications to scale out faster by pre-initializing EC2 instances and save money by requiring fewer continuously running instances - File Gateway APIs now support FSx for Windows as a cloud storage. - IAM Access Analyzer now analyzes your CloudTrail events to identify actions and services that have been used by an IAM entity (user or role) and generates an IAM policy that is based on that activity. - This release adds tagging support for all AWS ElastiCache resources except Global Replication Groups. - This release adds support for the Auto-Record to S3 feature. Amazon IVS now enables you to save your live video to Amazon S3. - Add new service -Application Migration Service. - Supports removing a label or labels from a parameter, enables ScheduledEndTime and ChangeDetails for StartChangeRequestExecution API, supports critical/security/other noncompliant count for patch API. - MediaLive VPC outputs update to include Availability Zones, Security groups, Elastic Network Interfaces, and Subnet Ids in channel response - This release adds support for storing EBS-backed AMIs in S3 and restoring them from S3 to enable cross-partition copying of AMIs - Documentation updates for Cloud9 - AWS Audit Manager has updated the GetAssessment API operation to include a new response field called userRole. The userRole field indicates the role information and IAM ARN of the API caller. - MediaLive now support HTML5 Motion Graphics overlay - Added destination properties for Zendesk. - SPEKE v2 is an upgrade to the existing SPEKE API to support multiple encryption keys, based on an encryption contract selected by the customer. - This release adds support for Block Device Mappings for container image builds, and adds distribution configuration support for EC2 launch templates in AMI builds. - Route 53 Resolver DNS Firewall is a firewall service that allows you to filter and regulate outbound DNS traffic for your VPCs. - MediaConvert now supports HLS ingest, sidecar WebVTT ingest, Teletext color & style passthrough to TTML subtitles, TTML to WebVTT subtitle conversion with style, & DRC profiles in AC3 audio. - This release adds support for state detail for Amazon Lightsail container services. - AWS Kendra's ServiceNow data source now supports OAuth 2.0 authentication and knowledge article filtering via a ServiceNow query. - Lex now supports the ja-JP locale - Update lex-runtime client to latest version - Added Firewall Manager policy support for AWS Route 53 Resolver DNS Firewall. - VPC Flow Logs Service adds a new API, GetFlowLogsIntegrationTemplate, which generates CloudFormation templates for Athena. - Added support for ScopeDownStatement for ManagedRuleGroups, Labels, LabelMatchStatement, and LoggingFilter. For more information on these features, see the AWS WAF Developer Guide. - Added ability to prefix search on attribute value for ListThings API. - Minor documentation and link updates. - Amazon Transcribe now supports creating custom language models in the following languages: British English (en-GB), Australian English (en-AU), Indian Hindi (hi-IN), and US Spanish (es-US). - Minor documentation and link updates. - Support for customer managed KMS encryption of Comprehend custom models - Minor documentation updates and link updates. - AWS Batch adds support for Amazon EFS File System - Added the ability to assign tag values to Detective behavior graphs. Tag values can be used for attribute-based access control, and for cost allocation for billing. - Add Sidewalk support to APIs: GetWirelessDevice, ListWirelessDevices, GetWirelessDeviceStatistics. Add Gateway connection status in GetWirelessGatewayStatistics API. - 1. Added a new parameter RegionConcurrencyType in OperationPreferences. 2. Changed the name of AccountUrl to AccountsUrl in DeploymentTargets parameter. - Add ImageId input parameter to CreateEnvironmentEC2 endpoint. New parameter enables creation of environments with different AMIs. - This release adds MACsec support to AWS Direct Connect - Enable customers to share access to their Redshift clusters from other VPCs (including VPCs from other accounts). - This release adds support for mobile device access rules management in Amazon WorkMail. - Minor documentation updates and link updates. - Minor documentation updates and link updates. - Amazon SageMaker Autopilot now supports 1) feature importance reports for AutoML jobs and 2) PartialFailures for AutoML jobs - Adding support to push SSH keys to the EC2 serial console in order to allow an SSH connection to your Amazon EC2 instance's serial port. - Update cloudwatch client to latest version - This SDK release adds two new dataset features: 1) support for specifying a database connection as a dataset input 2) support for dynamic datasets that accept configurable parameters in S3 path. - This release adds support for Batch Predictions in Amazon Fraud Detector. - ReplaceRootVolume feature enables customers to replace the EBS root volume of a running instance to a previously known state. Add support to grant account-level access to the EC2 serial console - Adding new APIs to support ConformancePack Compliance CI in Aggregators - Added support for journey pause/resume, journey updatable import segment and journey quiet time wait. - Added custom request handling and custom response support in rule actions and default action; Added the option to inspect the web request body as parsed and filtered JSON. - AWS Identity and Access Management GetAccessKeyLastUsed API will throw a custom error if customer public key is not found for access keys. - Allow Dots in Registry and Schema Names for CreateRegistry, CreateSchema; Fixed issue when duplicate keys are present and not returned as part of QuerySchemaVersionMetadata. - This release adds support for Event Subscriptions to DocumentDB. - Amazon Location added support for specifying pricing plan information on resources in alignment with our cost model. - Support tag-on-create for WirelessDevice. - This release adds an optional parameter named FlowDefinition in PutIntegrationRequest. - Add support for SageMaker Model Builder Pipelines Targets to EventBridge - Amazon Transcribe now supports tagging words that match your vocabulary filter for batch transcription. - Allowing uppercase alphabets for RDS and Redshift database names. - Documentation updates for Amazon SQS - This release introduces AWS tagging support for Amazon Rekognition collections, stream processors, and Custom Label models. - This feature allows customer to specify the environment variables in their CreateTrainingJob requests. - EML now supports handling HDR10 and HLG 2020 color space from a Link input. - Amazon Lookout for Metrics is now generally available. You can use Lookout for Metrics to monitor your data for anomalies. For more information, see the Amazon Lookout for Metrics Developer Guide. - Added support for enabling and disabling data retention in the CreateProfile and UpdateProfile APIs and retrieving the state of data retention for a profile in the GetProfile API. - This release allows SSM Explorer customers to enable OpsData sources across their organization when creating a resource data sync. - Documentation updates for route53 - Fix an issue with XML newline normalization in PutBucketLifecycleConfiguration requests. - Documentation updates for Amazon S3 - Documentation updates for s3-control - maximumEfaInterfaces added to DescribeInstanceTypes API - Updated the parameters to make name required for CreateGroup API. - You can now create cost categories with inherited value rules and specify default values for any uncategorized costs. - Updated maximum allowed size of action parameter from 64 to 1024 - Removed APIs to control AQUA on clusters. - Documentation updates for IAM operations and descriptions. - GameLift adds support for using event notifications to monitor game session placements. Specify an SNS topic or use CloudWatch Events to track activity for a game session queue. - This release adds support for UEFI boot on selected AMD-and Intel-based EC2 instances. - Added support to enable AQUA in Amazon Redshift clusters. - Documentation updates for CodeArtifact - This release of the Amazon Macie API adds support for publishing sensitive data findings to AWS Security Hub and specifying which categories of findings to publish to Security Hub. - Adding authentication support for pulling images stored in private Docker registries to build containers for real-time inference. - X2gd instances are the next generation of memory-optimized instances powered by AWS-designed, Arm-based AWS Graviton2 processors. - Updated mislabeled exceptions for S3 Object Lambda - Amazon EC2 Auto Scaling Instance Refresh now supports phased deployments. - S3 Object Lambda is a new S3 feature that enables users to apply their own custom code to process the output of a standard S3 GET request by automatically invoking a Lambda function with a GET request - Add new fields for additional information about VPC endpoint for clusters with reallocation enabled, and a new field for total storage capacity for all clusters. - S3 Object Lambda is a new S3 feature that enables users to apply their own custom code to process the output of a standard S3 GET request by automatically invoking a Lambda function with a GET request - New object for separate provider and customer values. New objects track S3 Public Access Block configuration and identify sensitive data. BatchImportFinding requests are limited to 100 findings. - Support new target device ml_eia2 in SageMaker CreateCompilationJob API - Making serviceRole an optional parameter when creating a compute environment. If serviceRole is not provided then Service Linked Role will be created (or reused if it already exists). - Allow empty list for function response types - Documentation updates for AWS Identity and Access Management (IAM). - This release adds support for the SRT-listener protocol on sources and outputs. - This release adds support for the ValidatePolicy API. IAM Access Analyzer is adding over 100 policy checks and actionable recommendations that help you validate your policies during authoring. - MediaTailor channel assembly is a new manifest-only service that allows you to assemble linear streams using your existing VOD content. - This release adds UPDATE_FAILED and UNAVAILABLE MWAA environment states. - GameLift expands to six new AWS Regions, adds support for multi-location fleets to streamline management of hosting resources, and lets you customize more of the game session placement process. - Initial release of AWS Fault Injection Simulator, a managed service that enables you to perform fault injection experiments on your AWS workloads - AWS CodeDeploy can now detect instances running an outdated revision of your application and automatically update them with the latest revision. - Update emr client to latest version - This is for ecs exec feature release which includes two new APIs -execute-command and update-cluster and an AWS CLI customization for execute-command API - MediaTailor channel assembly is a new manifest-only service that allows you to assemble linear streams using your existing VOD content. - Adds API support for WorkSpaces bundle management operations. - Added optional billingViewArn field for OSG. - Update comprehend client to latest version - Update wafv2 client to latest version - Update medialive client to latest version - Update network-firewall client to latest version - Update accessanalyzer client to latest version - Update ssm client to latest version - Update s3 client to latest version - Update backup client to latest version - Update rds client to latest version - Update codeguruprofiler client to latest version - Update autoscaling client to latest version - Update iotwireless client to latest version - Update efs client to latest version - Update lambda client to latest version - Update emr client to latest version - Update kinesis-video-archived-media client to latest version - Update s3 client to latest version - Update s3control client to latest version - Update autoscaling client to latest version - Update license-manager client to latest version - Update network-firewall client to latest version - Update ec2 client to latest version - Update athena client to latest version - Update medialive client to latest version - Update shield client to latest version - Update codepipeline client to latest version - Update appflow client to latest version - Update servicediscovery client to latest version - Update events client to latest version - Update sagemaker client to latest version - Update mwaa client to latest version - Update forecast client to latest version - Update secretsmanager client to latest version - Update macie2 client to latest version - Update codebuild client to latest version - Update es client to latest version - Update acm client to latest version - Update wellarchitected client to latest version - Update iotwireless client to latest version - Update directconnect client to latest version - Fix an issue with XML newline normalization that could result in the DeleteObjects operation incorrectly deleting the wrong keys. - Update managedblockchain client to latest version - Update events client to latest version - Update compute-optimizer client to latest version - Update datasync client to latest version - Add a `__bytes__` method to the `Binary` DynamoDB type. - Update alexaforbusiness client to latest version - Update ssm client to latest version - Update codepipeline client to latest version - Update eks client to latest version - Update s3 client to latest version - Update sso-admin client to latest version - Update eks client to latest version - Update emr client to latest version - Update databrew client to latest version - Update detective client to latest version - Update lightsail client to latest version - Update imagebuilder client to latest version - Update transfer client to latest version - Update es client to latest version - Update mediapackage-vod client to latest version - Update appflow client to latest version - Update ecr-public client to latest version - Update compute-optimizer client to latest version - Update glue client to latest version - Update redshift-data client to latest version - Update s3control client to latest version - Update autoscaling client to latest version - Update pinpoint client to latest version - Update quicksight client to latest version - Update iotevents client to latest version - Update connect client to latest version - Update sagemaker-runtime client to latest version - Update sagemaker client to latest version - Update rds client to latest version - Update health client to latest version - Update sagemaker client to latest version - Update cloudformation client to latest version - Update codebuild client to latest version - Update ec2 client to latest version - Update config client to latest version - Update lookoutvision client to latest version This update for python-s3transfer fixes the following issues: - Update 0.5.0: (bsc#1189649) - Add set_exception to CRTTransferFuture to allow setting exceptions in subscribers. - Add optional AWS Common Runtime (CRT) support. The AWS CRT provides a C-based S3 transfer client that can improve transfer throughput. - Fix seek behavior in ReadFileChunk class - Block TransferManager methods for S3 Object Lambda resources - Add server side encryption context into allowed list - Update to version 0.2.1 (bsc#1146853) - Update to 0.1.13 (bsc#1075263) This update for aws-cli fixes the following issues: - Update to version 1.20.7 (bsc#1189649) - Update Requires in spec file from setup.py Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2021-3991=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2021-3991=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-3991=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3991=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch): aws-cli-1.20.7-30.3.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): aws-cli-1.20.7-30.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): python3-boto3-1.18.7-23.4.1 python3-botocore-1.21.7-37.4.1 python3-s3transfer-0.5.0-9.4.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): python3-boto3-1.18.7-23.4.1 python3-botocore-1.21.7-37.4.1 python3-s3transfer-0.5.0-9.4.1 References: https://bugzilla.suse.com/1075263 https://bugzilla.suse.com/1146853 https://bugzilla.suse.com/1189649 From sle-updates at lists.suse.com Fri Dec 10 14:45:43 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Dec 2021 15:45:43 +0100 (CET) Subject: SUSE-SU-2021:3992-1: important: Security update for the Linux RT Kernel Message-ID: <20211210144543.3F38EFC9F@maintenance.suse.de> SUSE Security Update: Security update for the Linux RT Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3992-1 Rating: important References: #1114648 #1141655 #1169514 #1190317 #1190523 #1191790 #1191876 #1191961 #1192045 #1192048 #1192273 #1192718 #1192750 #1192753 #1192781 #1192802 #1192866 #1192906 #1192987 SLE-22573 Cross-References: CVE-2021-0941 CVE-2021-20322 CVE-2021-31916 CVE-2021-34981 CVSS scores: CVE-2021-0941 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-20322 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2021-31916 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-31916 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-34981 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Real Time Extension 12-SP5 ______________________________________________________________________________ An update that solves four vulnerabilities, contains one feature and has 15 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 Real Time kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - Unprivileged BPF has been disabled by default to reduce attack surface as too many security issues have happened in the past (jsc#SLE-22573) You can reenable via systemctl setting /proc/sys/kernel/unprivileged_bpf_disabled to 0. (kernel.unprivileged_bpf_disabled = 0) - CVE-2021-0941: In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192045). - CVE-2021-31916: An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel A bound check failure allowed an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability (bnc#1192781). - CVE-2021-20322: Make the ipv4 and ipv6 ICMP exception caches less predictive to avoid information leaks about UDP ports in use. (bsc#1191790) - CVE-2021-34981: Fixed file refcounting in cmtp when cmtp_attach_device fails. (bsc#1191961) The following non-security bugs were fixed: - arm64/sve: Use correct size when reinitialising SVE state (git-fixes). - arm64: pgtable: make __pte_to_phys/__phys_to_pte_val inline functions (git-fixes). - bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22913) - bpf: Disallow unprivileged bpf by default (jsc#SLE-22913). - bpf: Fix potential race in tail call compatibility check (git-fixes). - bpf: Move owner type, jited info into array auxiliary data (bsc#1141655). - bpf: Use kvmalloc for map values in syscall (stable-5.14.16). - btrfs: fix memory ordering between normal and ordered work functions (git-fixes). - cifs: fix memory leak of smb3_fs_context_dup::server_hostname (bsc#1190317). - cifs: for compound requests, use open handle if possible (bsc#1190317). - cifs: release lock earlier in dequeue_mid error case (bsc#1190317). - config: disable unprivileged BPF by default (jsc#SLE-22913) - drivers: base: cacheinfo: Get rid of DEFINE_SMP_CALL_CACHE_FUNCTION() (git-fixes). - drm: fix spectre issue in vmw_execbuf_ioctl (bsc#1192802). - EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell (bsc#1114648). - elfcore: fix building with clang (bsc#1169514). - fuse: fix page stealing (bsc#1192718). - gigaset: fix spectre issue in do_data_b3_req (bsc#1192802). - hisax: fix spectre issues (bsc#1192802). - hysdn: fix spectre issue in hycapi_send_message (bsc#1192802). - i2c: synquacer: fix deferred probing (git-fixes). - ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510). - ibmvnic: do not stop queue in xmit (bsc#1192273 ltc#194629). - ibmvnic: Process crqs after enabling interrupts (bsc#1192273 ltc#194629). - infiniband: fix spectre issue in ib_uverbs_write (bsc#1192802). - iwlwifi: fix spectre issue in iwl_dbgfs_update_pm (bsc#1192802). - media: dvb_ca_en50221: prevent using slot_info for Spectre attacs (bsc#1192802). - media: dvb_ca_en50221: sanity check slot number from userspace (bsc#1192802). - media: wl128x: get rid of a potential spectre issue (bsc#1192802). - mm/hugetlb: initialize hugetlb_usage in mm_init (bsc#1192906). - mpt3sas: fix spectre issues (bsc#1192802). - net: sock_diag: Fix spectre v1 gadget in __sock_diag_cmd() (bsc#1192802). - objtool: Support Clang non-section symbols in ORC generation (bsc#1169514). - osst: fix spectre issue in osst_verify_frame (bsc#1192802). - prctl: allow to setup brk for et_dyn executables (git-fixes). - printk/console: Allow to disable console output by using console="" or console=null (bsc#1192753). - printk: handle blank console arguments passed in (bsc#1192753). - printk: Remove printk.h inclusion in percpu.h (bsc#1192987). - Revert "ibmvnic: check failover_pending in login response" (bsc#1190523 ltc#194510). - Revert "x86/kvm: fix vcpu-id indexed array sizes" (git-fixes). - scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe() (git-fixes). - scsi: BusLogic: Fix missing pr_cont() use (git-fixes). - scsi: core: Fix error handling of scsi_host_alloc() (git-fixes). - scsi: core: Fix spelling in a source code comment (git-fixes). - scsi: core: Only put parent device if host state differs from SHOST_CREATED (git-fixes). - scsi: core: Put .shost_dev in failure path if host state changes to RUNNING (git-fixes). - scsi: core: Retry I/O for Notify (Enable Spinup) Required error (git-fixes). - scsi: csiostor: Add module softdep on cxgb4 (git-fixes). - scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn() (git-fixes). - scsi: dc395: Fix error case unwinding (git-fixes). - scsi: FlashPoint: Rename si_flags field (git-fixes). - scsi: iscsi: Fix iface sysfs attr detection (git-fixes). - scsi: libsas: Use _safe() loop in sas_resume_port() (git-fixes). - scsi: mpt3sas: Fix error return value in _scsih_expander_add() (git-fixes). - scsi: qedf: Add pointer checks in qedf_update_link_speed() (git-fixes). - scsi: qedf: Fix error codes in qedf_alloc_global_queues() (git-fixes). - scsi: qedi: Fix error codes in qedi_alloc_global_queues() (git-fixes). - scsi: qla2xxx: Fix a memory leak in an error path of qla2x00_process_els() (git-fixes). - scsi: qla2xxx: Make sure that aborted commands are freed (git-fixes). - scsi: snic: Fix an error message (git-fixes). - scsi: ufs: ufshcd-pltfrm: Fix memory leak due to probe defer (git-fixes). - smb3: add additional null check in SMB2_ioctl (bsc#1190317). - smb3: add additional null check in SMB2_open (bsc#1190317). - smb3: add additional null check in SMB2_tcon (bsc#1190317). - soc: fsl: dpio: replace smp_processor_id with raw_smp_processor_id (git-fixes). - SUNRPC/auth: async tasks mustn't block waiting for memory (bsc#1191876 bsc#1192866). - SUNRPC/call_alloc: async tasks mustn't block waiting for memory (bsc#1191876 bsc#1192866). - SUNRPC/xprt: async tasks mustn't block waiting for memory (bsc#1191876 bsc#1192866). - SUNRPC: improve 'swap' handling: scheduling and PF_MEMALLOC (bsc#1191876 bsc#1192866). - swiotlb-xen: avoid double free (git-fixes). - sysvipc/sem: mitigate semnum index against spectre v1 (bsc#1192802). - tracing: use %ps format string to print symbols (git-fixes). - tty: serial: fsl_lpuart: fix the wrong mapbase value (git-fixes). - Update config files: Add CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set - x86/xen: Mark cpu_bringup_and_idle() as dead_end_function (bsc#1169514). - x86/xen: Mark cpu_bringup_and_idle() as dead_end_function (git-fixes). - x86/Xen: swap NX determination and GDT setup on BSP (git-fixes). - xen-pciback: Fix return in pm_ctrl_init() (git-fixes). - xen-pciback: redo VF placement in the virtual topology (git-fixes). - xen/x86: fix PV trap handling on secondary processors (git-fixes). - xen: Fix implicit type conversion (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 12-SP5: zypper in -t patch SUSE-SLE-RT-12-SP5-2021-3992=1 Package List: - SUSE Linux Enterprise Real Time Extension 12-SP5 (x86_64): cluster-md-kmp-rt-4.12.14-10.70.2 cluster-md-kmp-rt-debuginfo-4.12.14-10.70.2 dlm-kmp-rt-4.12.14-10.70.2 dlm-kmp-rt-debuginfo-4.12.14-10.70.2 gfs2-kmp-rt-4.12.14-10.70.2 gfs2-kmp-rt-debuginfo-4.12.14-10.70.2 kernel-rt-4.12.14-10.70.2 kernel-rt-base-4.12.14-10.70.2 kernel-rt-base-debuginfo-4.12.14-10.70.2 kernel-rt-debuginfo-4.12.14-10.70.2 kernel-rt-debugsource-4.12.14-10.70.2 kernel-rt-devel-4.12.14-10.70.2 kernel-rt-devel-debuginfo-4.12.14-10.70.2 kernel-rt_debug-4.12.14-10.70.2 kernel-rt_debug-debuginfo-4.12.14-10.70.2 kernel-rt_debug-debugsource-4.12.14-10.70.2 kernel-rt_debug-devel-4.12.14-10.70.2 kernel-rt_debug-devel-debuginfo-4.12.14-10.70.2 kernel-syms-rt-4.12.14-10.70.2 ocfs2-kmp-rt-4.12.14-10.70.2 ocfs2-kmp-rt-debuginfo-4.12.14-10.70.2 - SUSE Linux Enterprise Real Time Extension 12-SP5 (noarch): kernel-devel-rt-4.12.14-10.70.2 kernel-source-rt-4.12.14-10.70.2 References: https://www.suse.com/security/cve/CVE-2021-0941.html https://www.suse.com/security/cve/CVE-2021-20322.html https://www.suse.com/security/cve/CVE-2021-31916.html https://www.suse.com/security/cve/CVE-2021-34981.html https://bugzilla.suse.com/1114648 https://bugzilla.suse.com/1141655 https://bugzilla.suse.com/1169514 https://bugzilla.suse.com/1190317 https://bugzilla.suse.com/1190523 https://bugzilla.suse.com/1191790 https://bugzilla.suse.com/1191876 https://bugzilla.suse.com/1191961 https://bugzilla.suse.com/1192045 https://bugzilla.suse.com/1192048 https://bugzilla.suse.com/1192273 https://bugzilla.suse.com/1192718 https://bugzilla.suse.com/1192750 https://bugzilla.suse.com/1192753 https://bugzilla.suse.com/1192781 https://bugzilla.suse.com/1192802 https://bugzilla.suse.com/1192866 https://bugzilla.suse.com/1192906 https://bugzilla.suse.com/1192987 From sle-updates at lists.suse.com Fri Dec 10 17:17:08 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Dec 2021 18:17:08 +0100 (CET) Subject: SUSE-SU-2021:3993-1: important: Security update for MozillaFirefox Message-ID: <20211210171708.8CD06FC9F@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3993-1 Rating: important References: #1193321 #1193485 Cross-References: CVE-2021-43536 CVE-2021-43537 CVE-2021-43538 CVE-2021-43539 CVE-2021-43541 CVE-2021-43542 CVE-2021-43543 CVE-2021-43545 CVE-2021-43546 CVSS scores: CVE-2021-43537 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-43541 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-43542 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: Update to Extended Support Release 91.4.0 (bsc#1193485): - CVE-2021-43536: URL leakage when navigating while executing asynchronous function - CVE-2021-43537: Heap buffer overflow when using structured clone - CVE-2021-43538: Missing fullscreen and pointer lock notification when requesting both - CVE-2021-43539: GC rooting failure when calling wasm instance methods - CVE-2021-43541: External protocol handler parameters were unescaped - CVE-2021-43542: XMLHttpRequest error codes could have leaked the existence of an external protocol handler - CVE-2021-43543: Bypass of CSP sandbox directive when embedding - CVE-2021-43545: Denial of Service when using the Location API in a loop - CVE-2021-43546: Cursor spoofing could overlay user interface when native cursor is zoomed - Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4 - Removed x-scheme-handler/ftp from MozillaFirefox.desktop (bsc#1193321) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-3993=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-3993=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.4.0-152.9.1 MozillaFirefox-debuginfo-91.4.0-152.9.1 MozillaFirefox-debugsource-91.4.0-152.9.1 MozillaFirefox-translations-common-91.4.0-152.9.1 MozillaFirefox-translations-other-91.4.0-152.9.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le x86_64): MozillaFirefox-devel-91.4.0-152.9.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.4.0-152.9.1 MozillaFirefox-debuginfo-91.4.0-152.9.1 MozillaFirefox-debugsource-91.4.0-152.9.1 MozillaFirefox-devel-91.4.0-152.9.1 MozillaFirefox-translations-common-91.4.0-152.9.1 MozillaFirefox-translations-other-91.4.0-152.9.1 References: https://www.suse.com/security/cve/CVE-2021-43536.html https://www.suse.com/security/cve/CVE-2021-43537.html https://www.suse.com/security/cve/CVE-2021-43538.html https://www.suse.com/security/cve/CVE-2021-43539.html https://www.suse.com/security/cve/CVE-2021-43541.html https://www.suse.com/security/cve/CVE-2021-43542.html https://www.suse.com/security/cve/CVE-2021-43543.html https://www.suse.com/security/cve/CVE-2021-43545.html https://www.suse.com/security/cve/CVE-2021-43546.html https://bugzilla.suse.com/1193321 https://bugzilla.suse.com/1193485 From sle-updates at lists.suse.com Fri Dec 10 20:17:38 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Dec 2021 21:17:38 +0100 (CET) Subject: SUSE-SU-2021:3997-1: important: Security update for glib-networking Message-ID: <20211210201738.2F529FC9F@maintenance.suse.de> SUSE Security Update: Security update for glib-networking ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3997-1 Rating: important References: #1172460 Cross-References: CVE-2020-13645 CVSS scores: CVE-2020-13645 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2020-13645 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for glib-networking fixes the following issues: - CVE-2020-13645: Fixed a connection failure when the server identity is unset (bsc#1172460). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-3997=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-3997=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-3997=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-3997=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-3997=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-3997=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-3997=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3997=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3997=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-3997=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): glib-networking-2.54.1-3.6.1 glib-networking-debuginfo-2.54.1-3.6.1 glib-networking-debugsource-2.54.1-3.6.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): glib-networking-lang-2.54.1-3.6.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): glib-networking-2.54.1-3.6.1 glib-networking-debuginfo-2.54.1-3.6.1 glib-networking-debugsource-2.54.1-3.6.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): glib-networking-lang-2.54.1-3.6.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): glib-networking-2.54.1-3.6.1 glib-networking-debuginfo-2.54.1-3.6.1 glib-networking-debugsource-2.54.1-3.6.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): glib-networking-lang-2.54.1-3.6.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): glib-networking-lang-2.54.1-3.6.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): glib-networking-2.54.1-3.6.1 glib-networking-debuginfo-2.54.1-3.6.1 glib-networking-debugsource-2.54.1-3.6.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): glib-networking-2.54.1-3.6.1 glib-networking-debuginfo-2.54.1-3.6.1 glib-networking-debugsource-2.54.1-3.6.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): glib-networking-lang-2.54.1-3.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): glib-networking-2.54.1-3.6.1 glib-networking-debuginfo-2.54.1-3.6.1 glib-networking-debugsource-2.54.1-3.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): glib-networking-lang-2.54.1-3.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): glib-networking-2.54.1-3.6.1 glib-networking-debuginfo-2.54.1-3.6.1 glib-networking-debugsource-2.54.1-3.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): glib-networking-lang-2.54.1-3.6.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): glib-networking-2.54.1-3.6.1 glib-networking-debuginfo-2.54.1-3.6.1 glib-networking-debugsource-2.54.1-3.6.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): glib-networking-lang-2.54.1-3.6.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): glib-networking-2.54.1-3.6.1 glib-networking-debuginfo-2.54.1-3.6.1 glib-networking-debugsource-2.54.1-3.6.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): glib-networking-lang-2.54.1-3.6.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): glib-networking-2.54.1-3.6.1 glib-networking-debuginfo-2.54.1-3.6.1 glib-networking-debugsource-2.54.1-3.6.1 - SUSE Enterprise Storage 6 (noarch): glib-networking-lang-2.54.1-3.6.1 - SUSE CaaS Platform 4.0 (x86_64): glib-networking-2.54.1-3.6.1 glib-networking-debuginfo-2.54.1-3.6.1 glib-networking-debugsource-2.54.1-3.6.1 - SUSE CaaS Platform 4.0 (noarch): glib-networking-lang-2.54.1-3.6.1 References: https://www.suse.com/security/cve/CVE-2020-13645.html https://bugzilla.suse.com/1172460 From sle-updates at lists.suse.com Fri Dec 10 20:19:01 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Dec 2021 21:19:01 +0100 (CET) Subject: SUSE-SU-2021:3996-1: moderate: Security update for ImageMagick Message-ID: <20211210201901.14621FC9F@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3996-1 Rating: moderate References: #1181836 Cross-References: CVE-2021-20176 CVSS scores: CVE-2021-20176 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-20176 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ImageMagick fixes the following issues: - CVE-2021-20176: Fixed division by zero caused by processing crafted file (bsc#1181836). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-3996=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-3996=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-3996=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-3996=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-7.0.7.34-10.18.1 ImageMagick-debugsource-7.0.7.34-10.18.1 perl-PerlMagick-7.0.7.34-10.18.1 perl-PerlMagick-debuginfo-7.0.7.34-10.18.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-7.0.7.34-10.18.1 ImageMagick-debugsource-7.0.7.34-10.18.1 perl-PerlMagick-7.0.7.34-10.18.1 perl-PerlMagick-debuginfo-7.0.7.34-10.18.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): ImageMagick-7.0.7.34-10.18.1 ImageMagick-config-7-SUSE-7.0.7.34-10.18.1 ImageMagick-config-7-upstream-7.0.7.34-10.18.1 ImageMagick-debuginfo-7.0.7.34-10.18.1 ImageMagick-debugsource-7.0.7.34-10.18.1 ImageMagick-devel-7.0.7.34-10.18.1 libMagick++-7_Q16HDRI4-7.0.7.34-10.18.1 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-10.18.1 libMagick++-devel-7.0.7.34-10.18.1 libMagickCore-7_Q16HDRI6-7.0.7.34-10.18.1 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-10.18.1 libMagickWand-7_Q16HDRI6-7.0.7.34-10.18.1 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-10.18.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): ImageMagick-7.0.7.34-10.18.1 ImageMagick-config-7-SUSE-7.0.7.34-10.18.1 ImageMagick-config-7-upstream-7.0.7.34-10.18.1 ImageMagick-debuginfo-7.0.7.34-10.18.1 ImageMagick-debugsource-7.0.7.34-10.18.1 ImageMagick-devel-7.0.7.34-10.18.1 libMagick++-7_Q16HDRI4-7.0.7.34-10.18.1 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-10.18.1 libMagick++-devel-7.0.7.34-10.18.1 libMagickCore-7_Q16HDRI6-7.0.7.34-10.18.1 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-10.18.1 libMagickWand-7_Q16HDRI6-7.0.7.34-10.18.1 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-10.18.1 References: https://www.suse.com/security/cve/CVE-2021-20176.html https://bugzilla.suse.com/1181836 From sle-updates at lists.suse.com Fri Dec 10 20:25:37 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Dec 2021 21:25:37 +0100 (CET) Subject: SUSE-RU-2021:3998-1: moderate: Recommended update for libguestfs Message-ID: <20211210202537.0E8B4FC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for libguestfs ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3998-1 Rating: moderate References: #1190270 #1192981 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for libguestfs fixes the following issue: Disable locking when invoking QEMU on a `qcow2` drive. (bsc#1190270, bsc#1192981) - QEMU higher than 2.10 started to do mandatory locking. This checks the QMP schema to see if we are using that version of QEMU. - Disable QEMU locking when opening read-only drives - QEMU does not accept options unrecognized by the block driver in use. Disable locking only for read-only disks that are file-backed, as that's the only block driver it is supported with. - Use old-style `file=` and `format=` parameters when not disabling locking. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-3998=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-3998=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-3998=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-3998=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-3998=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-3998=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): guestfs-data-1.32.4-24.3.2 guestfs-tools-1.32.4-24.3.2 guestfs-tools-debuginfo-1.32.4-24.3.2 guestfsd-1.32.4-24.3.2 guestfsd-debuginfo-1.32.4-24.3.2 libguestfs-debugsource-1.32.4-24.3.2 libguestfs0-1.32.4-24.3.2 libguestfs0-debuginfo-1.32.4-24.3.2 perl-Sys-Guestfs-1.32.4-24.3.2 perl-Sys-Guestfs-debuginfo-1.32.4-24.3.2 python-libguestfs-1.32.4-24.3.2 python-libguestfs-debuginfo-1.32.4-24.3.2 virt-p2v-1.32.4-24.3.2 virt-p2v-debuginfo-1.32.4-24.3.2 virt-v2v-1.32.4-24.3.2 virt-v2v-debuginfo-1.32.4-24.3.2 - SUSE OpenStack Cloud 9 (x86_64): guestfs-data-1.32.4-24.3.2 guestfs-tools-1.32.4-24.3.2 guestfs-tools-debuginfo-1.32.4-24.3.2 guestfsd-1.32.4-24.3.2 guestfsd-debuginfo-1.32.4-24.3.2 libguestfs-debugsource-1.32.4-24.3.2 libguestfs0-1.32.4-24.3.2 libguestfs0-debuginfo-1.32.4-24.3.2 perl-Sys-Guestfs-1.32.4-24.3.2 perl-Sys-Guestfs-debuginfo-1.32.4-24.3.2 python-libguestfs-1.32.4-24.3.2 python-libguestfs-debuginfo-1.32.4-24.3.2 virt-p2v-1.32.4-24.3.2 virt-p2v-debuginfo-1.32.4-24.3.2 virt-v2v-1.32.4-24.3.2 virt-v2v-debuginfo-1.32.4-24.3.2 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libguestfs-debugsource-1.32.4-24.3.2 libguestfs-devel-1.32.4-24.3.2 ocaml-libguestfs-devel-1.32.4-24.3.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): guestfs-data-1.32.4-24.3.2 guestfs-tools-1.32.4-24.3.2 guestfs-tools-debuginfo-1.32.4-24.3.2 guestfsd-1.32.4-24.3.2 guestfsd-debuginfo-1.32.4-24.3.2 libguestfs-debugsource-1.32.4-24.3.2 libguestfs0-1.32.4-24.3.2 libguestfs0-debuginfo-1.32.4-24.3.2 perl-Sys-Guestfs-1.32.4-24.3.2 perl-Sys-Guestfs-debuginfo-1.32.4-24.3.2 python-libguestfs-1.32.4-24.3.2 python-libguestfs-debuginfo-1.32.4-24.3.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): virt-p2v-1.32.4-24.3.2 virt-p2v-debuginfo-1.32.4-24.3.2 virt-v2v-1.32.4-24.3.2 virt-v2v-debuginfo-1.32.4-24.3.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): guestfs-data-1.32.4-24.3.2 guestfs-tools-1.32.4-24.3.2 guestfs-tools-debuginfo-1.32.4-24.3.2 guestfsd-1.32.4-24.3.2 guestfsd-debuginfo-1.32.4-24.3.2 libguestfs-debugsource-1.32.4-24.3.2 libguestfs0-1.32.4-24.3.2 libguestfs0-debuginfo-1.32.4-24.3.2 perl-Sys-Guestfs-1.32.4-24.3.2 perl-Sys-Guestfs-debuginfo-1.32.4-24.3.2 python-libguestfs-1.32.4-24.3.2 python-libguestfs-debuginfo-1.32.4-24.3.2 - SUSE Linux Enterprise Server 12-SP5 (x86_64): virt-p2v-1.32.4-24.3.2 virt-p2v-debuginfo-1.32.4-24.3.2 virt-v2v-1.32.4-24.3.2 virt-v2v-debuginfo-1.32.4-24.3.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): guestfs-data-1.32.4-24.3.2 guestfs-tools-1.32.4-24.3.2 guestfs-tools-debuginfo-1.32.4-24.3.2 guestfsd-1.32.4-24.3.2 guestfsd-debuginfo-1.32.4-24.3.2 libguestfs-debugsource-1.32.4-24.3.2 libguestfs0-1.32.4-24.3.2 libguestfs0-debuginfo-1.32.4-24.3.2 perl-Sys-Guestfs-1.32.4-24.3.2 perl-Sys-Guestfs-debuginfo-1.32.4-24.3.2 python-libguestfs-1.32.4-24.3.2 python-libguestfs-debuginfo-1.32.4-24.3.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): virt-p2v-1.32.4-24.3.2 virt-p2v-debuginfo-1.32.4-24.3.2 virt-v2v-1.32.4-24.3.2 virt-v2v-debuginfo-1.32.4-24.3.2 References: https://bugzilla.suse.com/1190270 https://bugzilla.suse.com/1192981 From sle-updates at lists.suse.com Fri Dec 10 20:29:36 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Dec 2021 21:29:36 +0100 (CET) Subject: SUSE-SU-2021:14859-1: important: Security update for MozillaFirefox Message-ID: <20211210202936.6F21FFC9F@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14859-1 Rating: important References: #1193321 #1193485 Cross-References: CVE-2021-43536 CVE-2021-43537 CVE-2021-43538 CVE-2021-43539 CVE-2021-43541 CVE-2021-43542 CVE-2021-43543 CVE-2021-43545 CVE-2021-43546 CVSS scores: CVE-2021-43537 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-43541 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-43542 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: Update to Extended Support Release 91.4.0 (bsc#1193485): - CVE-2021-43536: URL leakage when navigating while executing asynchronous function - CVE-2021-43537: Heap buffer overflow when using structured clone - CVE-2021-43538: Missing fullscreen and pointer lock notification when requesting both - CVE-2021-43539: GC rooting failure when calling wasm instance methods - CVE-2021-43541: External protocol handler parameters were unescaped - CVE-2021-43542: XMLHttpRequest error codes could have leaked the existence of an external protocol handler - CVE-2021-43543: Bypass of CSP sandbox directive when embedding - CVE-2021-43545: Denial of Service when using the Location API in a loop - CVE-2021-43546: Cursor spoofing could overlay user interface when native cursor is zoomed - Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4 - Removed x-scheme-handler/ftp from MozillaFirefox.desktop (bsc#1193321) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-MozillaFirefox-14859=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-MozillaFirefox-14859=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (x86_64): MozillaFirefox-91.4.0-78.154.1 MozillaFirefox-translations-common-91.4.0-78.154.1 MozillaFirefox-translations-other-91.4.0-78.154.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64): MozillaFirefox-debuginfo-91.4.0-78.154.1 References: https://www.suse.com/security/cve/CVE-2021-43536.html https://www.suse.com/security/cve/CVE-2021-43537.html https://www.suse.com/security/cve/CVE-2021-43538.html https://www.suse.com/security/cve/CVE-2021-43539.html https://www.suse.com/security/cve/CVE-2021-43541.html https://www.suse.com/security/cve/CVE-2021-43542.html https://www.suse.com/security/cve/CVE-2021-43543.html https://www.suse.com/security/cve/CVE-2021-43545.html https://www.suse.com/security/cve/CVE-2021-43546.html https://bugzilla.suse.com/1193321 https://bugzilla.suse.com/1193485 From sle-updates at lists.suse.com Fri Dec 10 20:32:46 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 10 Dec 2021 21:32:46 +0100 (CET) Subject: SUSE-SU-2021:3995-1: important: Security update for MozillaFirefox Message-ID: <20211210203246.1750FFC9F@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3995-1 Rating: important References: #1193321 #1193485 Cross-References: CVE-2021-43536 CVE-2021-43537 CVE-2021-43538 CVE-2021-43539 CVE-2021-43541 CVE-2021-43542 CVE-2021-43543 CVE-2021-43545 CVE-2021-43546 CVSS scores: CVE-2021-43537 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-43541 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-43542 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: Update to Extended Support Release 91.4.0 (bsc#1193485): - CVE-2021-43536: URL leakage when navigating while executing asynchronous function - CVE-2021-43537: Heap buffer overflow when using structured clone - CVE-2021-43538: Missing fullscreen and pointer lock notification when requesting both - CVE-2021-43539: GC rooting failure when calling wasm instance methods - CVE-2021-43541: External protocol handler parameters were unescaped - CVE-2021-43542: XMLHttpRequest error codes could have leaked the existence of an external protocol handler - CVE-2021-43543: Bypass of CSP sandbox directive when embedding - CVE-2021-43545: Denial of Service when using the Location API in a loop - CVE-2021-43546: Cursor spoofing could overlay user interface when native cursor is zoomed - Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4 - Removed x-scheme-handler/ftp from MozillaFirefox.desktop (bsc#1193321) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-3995=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-3995=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-3995=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-3995=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-3995=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-3995=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-3995=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3995=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-3995=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-3995=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): MozillaFirefox-91.4.0-150.9.1 MozillaFirefox-debuginfo-91.4.0-150.9.1 MozillaFirefox-debugsource-91.4.0-150.9.1 MozillaFirefox-devel-91.4.0-150.9.1 MozillaFirefox-translations-common-91.4.0-150.9.1 MozillaFirefox-translations-other-91.4.0-150.9.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): MozillaFirefox-91.4.0-150.9.1 MozillaFirefox-debuginfo-91.4.0-150.9.1 MozillaFirefox-debugsource-91.4.0-150.9.1 MozillaFirefox-devel-91.4.0-150.9.1 MozillaFirefox-translations-common-91.4.0-150.9.1 MozillaFirefox-translations-other-91.4.0-150.9.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.4.0-150.9.1 MozillaFirefox-debuginfo-91.4.0-150.9.1 MozillaFirefox-debugsource-91.4.0-150.9.1 MozillaFirefox-devel-91.4.0-150.9.1 MozillaFirefox-translations-common-91.4.0-150.9.1 MozillaFirefox-translations-other-91.4.0-150.9.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): MozillaFirefox-91.4.0-150.9.1 MozillaFirefox-debuginfo-91.4.0-150.9.1 MozillaFirefox-debugsource-91.4.0-150.9.1 MozillaFirefox-devel-91.4.0-150.9.1 MozillaFirefox-translations-common-91.4.0-150.9.1 MozillaFirefox-translations-other-91.4.0-150.9.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): MozillaFirefox-91.4.0-150.9.1 MozillaFirefox-debuginfo-91.4.0-150.9.1 MozillaFirefox-debugsource-91.4.0-150.9.1 MozillaFirefox-devel-91.4.0-150.9.1 MozillaFirefox-translations-common-91.4.0-150.9.1 MozillaFirefox-translations-other-91.4.0-150.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): MozillaFirefox-91.4.0-150.9.1 MozillaFirefox-debuginfo-91.4.0-150.9.1 MozillaFirefox-debugsource-91.4.0-150.9.1 MozillaFirefox-devel-91.4.0-150.9.1 MozillaFirefox-translations-common-91.4.0-150.9.1 MozillaFirefox-translations-other-91.4.0-150.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): MozillaFirefox-91.4.0-150.9.1 MozillaFirefox-debuginfo-91.4.0-150.9.1 MozillaFirefox-debugsource-91.4.0-150.9.1 MozillaFirefox-devel-91.4.0-150.9.1 MozillaFirefox-translations-common-91.4.0-150.9.1 MozillaFirefox-translations-other-91.4.0-150.9.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): MozillaFirefox-91.4.0-150.9.1 MozillaFirefox-debuginfo-91.4.0-150.9.1 MozillaFirefox-debugsource-91.4.0-150.9.1 MozillaFirefox-devel-91.4.0-150.9.1 MozillaFirefox-translations-common-91.4.0-150.9.1 MozillaFirefox-translations-other-91.4.0-150.9.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): MozillaFirefox-91.4.0-150.9.1 MozillaFirefox-debuginfo-91.4.0-150.9.1 MozillaFirefox-debugsource-91.4.0-150.9.1 MozillaFirefox-devel-91.4.0-150.9.1 MozillaFirefox-translations-common-91.4.0-150.9.1 MozillaFirefox-translations-other-91.4.0-150.9.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): MozillaFirefox-91.4.0-150.9.1 MozillaFirefox-debuginfo-91.4.0-150.9.1 MozillaFirefox-debugsource-91.4.0-150.9.1 MozillaFirefox-devel-91.4.0-150.9.1 MozillaFirefox-translations-common-91.4.0-150.9.1 MozillaFirefox-translations-other-91.4.0-150.9.1 - SUSE CaaS Platform 4.0 (x86_64): MozillaFirefox-91.4.0-150.9.1 MozillaFirefox-debuginfo-91.4.0-150.9.1 MozillaFirefox-debugsource-91.4.0-150.9.1 MozillaFirefox-devel-91.4.0-150.9.1 MozillaFirefox-translations-common-91.4.0-150.9.1 MozillaFirefox-translations-other-91.4.0-150.9.1 References: https://www.suse.com/security/cve/CVE-2021-43536.html https://www.suse.com/security/cve/CVE-2021-43537.html https://www.suse.com/security/cve/CVE-2021-43538.html https://www.suse.com/security/cve/CVE-2021-43539.html https://www.suse.com/security/cve/CVE-2021-43541.html https://www.suse.com/security/cve/CVE-2021-43542.html https://www.suse.com/security/cve/CVE-2021-43543.html https://www.suse.com/security/cve/CVE-2021-43545.html https://www.suse.com/security/cve/CVE-2021-43546.html https://bugzilla.suse.com/1193321 https://bugzilla.suse.com/1193485 From sle-updates at lists.suse.com Sun Dec 12 07:50:35 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 12 Dec 2021 08:50:35 +0100 (CET) Subject: SUSE-CU-2021:581-1: Security update of suse/sle15 Message-ID: <20211212075035.F3CF6FC9F@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:581-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.487 Container Release : 4.22.487 Severity : moderate Type : security References : 1192717 1192790 CVE-2021-43618 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3930-1 Released: Mon Dec 6 11:16:10 2021 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1192790 This update for curl fixes the following issues: - Fix sftp via proxy failure in curl, by preventing libssh from creating socket (bsc#1192790) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3946-1 Released: Mon Dec 6 14:57:42 2021 Summary: Security update for gmp Type: security Severity: moderate References: 1192717,CVE-2021-43618 This update for gmp fixes the following issues: - CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717). The following package changes have been done: - libcurl4-7.60.0-28.1 updated - libgmp10-6.1.2-4.9.1 updated From sle-updates at lists.suse.com Sun Dec 12 07:57:07 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 12 Dec 2021 08:57:07 +0100 (CET) Subject: SUSE-CU-2021:582-1: Recommended update of suse/sle15 Message-ID: <20211212075707.262D8FC9F@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:582-1 Container Tags : suse/sle15:15.3 , suse/sle15:15.3.17.8.44 Container Release : 17.8.44 Severity : moderate Type : recommended References : 1191592 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3980-1 Released: Thu Dec 9 16:42:19 2021 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1191592 glibc was updated to fix the following issue: - Support for new IBM Z Hardware (bsc#1191592, jsc#IBM-869) The following package changes have been done: - glibc-2.31-9.6.1 updated From sle-updates at lists.suse.com Sun Dec 12 14:18:06 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 12 Dec 2021 15:18:06 +0100 (CET) Subject: SUSE-SU-2021:4000-1: important: Security update for MozillaFirefox Message-ID: <20211212141806.DFFC6FC9F@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:4000-1 Rating: important References: #1193321 #1193485 Cross-References: CVE-2021-43536 CVE-2021-43537 CVE-2021-43538 CVE-2021-43539 CVE-2021-43541 CVE-2021-43542 CVE-2021-43543 CVE-2021-43545 CVE-2021-43546 CVSS scores: CVE-2021-43537 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-43541 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-43542 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: Update to Extended Support Release 91.4.0 (bsc#1193485): - CVE-2021-43536: URL leakage when navigating while executing asynchronous function - CVE-2021-43537: Heap buffer overflow when using structured clone - CVE-2021-43538: Missing fullscreen and pointer lock notification when requesting both - CVE-2021-43539: GC rooting failure when calling wasm instance methods - CVE-2021-43541: External protocol handler parameters were unescaped - CVE-2021-43542: XMLHttpRequest error codes could have leaked the existence of an external protocol handler - CVE-2021-43543: Bypass of CSP sandbox directive when embedding - CVE-2021-43545: Denial of Service when using the Location API in a loop - CVE-2021-43546: Cursor spoofing could overlay user interface when native cursor is zoomed - Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4 - Removed x-scheme-handler/ftp from MozillaFirefox.desktop (bsc#1193321) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-4000=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-4000=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-4000=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-4000=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-4000=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-4000=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-4000=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-4000=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-4000=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-4000=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-4000=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-4000=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-4000=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): MozillaFirefox-91.4.0-112.83.1 MozillaFirefox-debuginfo-91.4.0-112.83.1 MozillaFirefox-debugsource-91.4.0-112.83.1 MozillaFirefox-devel-91.4.0-112.83.1 MozillaFirefox-translations-common-91.4.0-112.83.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): MozillaFirefox-91.4.0-112.83.1 MozillaFirefox-debuginfo-91.4.0-112.83.1 MozillaFirefox-debugsource-91.4.0-112.83.1 MozillaFirefox-devel-91.4.0-112.83.1 MozillaFirefox-translations-common-91.4.0-112.83.1 - SUSE OpenStack Cloud 9 (x86_64): MozillaFirefox-91.4.0-112.83.1 MozillaFirefox-debuginfo-91.4.0-112.83.1 MozillaFirefox-debugsource-91.4.0-112.83.1 MozillaFirefox-devel-91.4.0-112.83.1 MozillaFirefox-translations-common-91.4.0-112.83.1 - SUSE OpenStack Cloud 8 (x86_64): MozillaFirefox-91.4.0-112.83.1 MozillaFirefox-debuginfo-91.4.0-112.83.1 MozillaFirefox-debugsource-91.4.0-112.83.1 MozillaFirefox-devel-91.4.0-112.83.1 MozillaFirefox-translations-common-91.4.0-112.83.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-91.4.0-112.83.1 MozillaFirefox-debugsource-91.4.0-112.83.1 MozillaFirefox-devel-91.4.0-112.83.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): MozillaFirefox-91.4.0-112.83.1 MozillaFirefox-debuginfo-91.4.0-112.83.1 MozillaFirefox-debugsource-91.4.0-112.83.1 MozillaFirefox-devel-91.4.0-112.83.1 MozillaFirefox-translations-common-91.4.0-112.83.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): MozillaFirefox-91.4.0-112.83.1 MozillaFirefox-debuginfo-91.4.0-112.83.1 MozillaFirefox-debugsource-91.4.0-112.83.1 MozillaFirefox-devel-91.4.0-112.83.1 MozillaFirefox-translations-common-91.4.0-112.83.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.4.0-112.83.1 MozillaFirefox-debuginfo-91.4.0-112.83.1 MozillaFirefox-debugsource-91.4.0-112.83.1 MozillaFirefox-devel-91.4.0-112.83.1 MozillaFirefox-translations-common-91.4.0-112.83.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.4.0-112.83.1 MozillaFirefox-debuginfo-91.4.0-112.83.1 MozillaFirefox-debugsource-91.4.0-112.83.1 MozillaFirefox-devel-91.4.0-112.83.1 MozillaFirefox-translations-common-91.4.0-112.83.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.4.0-112.83.1 MozillaFirefox-debuginfo-91.4.0-112.83.1 MozillaFirefox-debugsource-91.4.0-112.83.1 MozillaFirefox-devel-91.4.0-112.83.1 MozillaFirefox-translations-common-91.4.0-112.83.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): MozillaFirefox-91.4.0-112.83.1 MozillaFirefox-debuginfo-91.4.0-112.83.1 MozillaFirefox-debugsource-91.4.0-112.83.1 MozillaFirefox-devel-91.4.0-112.83.1 MozillaFirefox-translations-common-91.4.0-112.83.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): MozillaFirefox-91.4.0-112.83.1 MozillaFirefox-debuginfo-91.4.0-112.83.1 MozillaFirefox-debugsource-91.4.0-112.83.1 MozillaFirefox-devel-91.4.0-112.83.1 MozillaFirefox-translations-common-91.4.0-112.83.1 - HPE Helion Openstack 8 (x86_64): MozillaFirefox-91.4.0-112.83.1 MozillaFirefox-debuginfo-91.4.0-112.83.1 MozillaFirefox-debugsource-91.4.0-112.83.1 MozillaFirefox-devel-91.4.0-112.83.1 MozillaFirefox-translations-common-91.4.0-112.83.1 References: https://www.suse.com/security/cve/CVE-2021-43536.html https://www.suse.com/security/cve/CVE-2021-43537.html https://www.suse.com/security/cve/CVE-2021-43538.html https://www.suse.com/security/cve/CVE-2021-43539.html https://www.suse.com/security/cve/CVE-2021-43541.html https://www.suse.com/security/cve/CVE-2021-43542.html https://www.suse.com/security/cve/CVE-2021-43543.html https://www.suse.com/security/cve/CVE-2021-43545.html https://www.suse.com/security/cve/CVE-2021-43546.html https://bugzilla.suse.com/1193321 https://bugzilla.suse.com/1193485 From sle-updates at lists.suse.com Mon Dec 13 14:19:54 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Dec 2021 15:19:54 +0100 (CET) Subject: SUSE-RU-2021:4005-1: moderate: Recommended update for java-11-openjdk Message-ID: <20211213141954.B7A3EFD0A@maintenance.suse.de> SUSE Recommended Update: Recommended update for java-11-openjdk ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4005-1 Rating: moderate References: #1193314 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for java-11-openjdk fixes the following issues: - Java Cryptography was always operating in FIPS mode if crypto-policies was not used. - Allow plain key import in fips mode unless "com.suse.fips.plainKeySupport" is set to false Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-4005=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): java-11-openjdk-11.0.13.0-3.36.1 java-11-openjdk-debugsource-11.0.13.0-3.36.1 java-11-openjdk-demo-11.0.13.0-3.36.1 java-11-openjdk-devel-11.0.13.0-3.36.1 java-11-openjdk-headless-11.0.13.0-3.36.1 References: https://bugzilla.suse.com/1193314 From sle-updates at lists.suse.com Mon Dec 13 14:21:11 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Dec 2021 15:21:11 +0100 (CET) Subject: SUSE-RU-2021:4006-1: moderate: Recommended update for zlib Message-ID: <20211213142111.CA759FD0A@maintenance.suse.de> SUSE Recommended Update: Recommended update for zlib ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4006-1 Rating: moderate References: #1192688 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for zlib fixes the following issues: - Fix hardware compression incorrect result on z15 hardware (bsc#1192688) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-4006=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-4006=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): zlib-debugsource-1.2.11-11.15.1 zlib-devel-1.2.11-11.15.1 zlib-devel-static-1.2.11-11.15.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (s390x x86_64): zlib-devel-32bit-1.2.11-11.15.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libz1-1.2.11-11.15.1 libz1-debuginfo-1.2.11-11.15.1 zlib-debugsource-1.2.11-11.15.1 zlib-devel-1.2.11-11.15.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libz1-32bit-1.2.11-11.15.1 libz1-debuginfo-32bit-1.2.11-11.15.1 References: https://bugzilla.suse.com/1192688 From sle-updates at lists.suse.com Mon Dec 13 14:23:40 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Dec 2021 15:23:40 +0100 (CET) Subject: SUSE-SU-2021:4003-1: important: Security update for bcm43xx-firmware Message-ID: <20211213142340.5361BFD0A@maintenance.suse.de> SUSE Security Update: Security update for bcm43xx-firmware ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:4003-1 Rating: important References: #1167162 Cross-References: CVE-2019-15126 CVSS scores: CVE-2019-15126 (NVD) : 3.1 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2019-15126 (SUSE): 3.1 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for bcm43xx-firmware fixes the following issues: - CVE-2019-15126: Fixed a bug which could have allowed unauthorized decryption of some WPA2-encrypted traffic (bsc#1167162). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-4003=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-4003=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (noarch): bcm43xx-firmware-20180314-4.6.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): bcm43xx-firmware-20180314-4.6.1 References: https://www.suse.com/security/cve/CVE-2019-15126.html https://bugzilla.suse.com/1167162 From sle-updates at lists.suse.com Mon Dec 13 14:24:56 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Dec 2021 15:24:56 +0100 (CET) Subject: SUSE-RU-2021:4007-1: moderate: Recommended update for libstorage-ng Message-ID: <20211213142456.E61CCFD0A@maintenance.suse.de> SUSE Recommended Update: Recommended update for libstorage-ng ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4007-1 Rating: moderate References: #1186823 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libstorage-ng fixes the following issues: - Fix having an empty partition table and a filesystem directly on the logical unit number (LUN), which confuses the yast2-partitioner. The solution is to prefer file system over empty MS-DOS partition table (bsc#1186823) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-4007=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-4007=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): libstorage-ng-debuginfo-4.3.109-3.8.1 libstorage-ng-debugsource-4.3.109-3.8.1 libstorage-ng-utils-4.3.109-3.8.1 libstorage-ng-utils-debuginfo-4.3.109-3.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libstorage-ng-debuginfo-4.3.109-3.8.1 libstorage-ng-debugsource-4.3.109-3.8.1 libstorage-ng-devel-4.3.109-3.8.1 libstorage-ng-ruby-4.3.109-3.8.1 libstorage-ng-ruby-debuginfo-4.3.109-3.8.1 libstorage-ng1-4.3.109-3.8.1 libstorage-ng1-debuginfo-4.3.109-3.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): libstorage-ng-lang-4.3.109-3.8.1 References: https://bugzilla.suse.com/1186823 From sle-updates at lists.suse.com Mon Dec 13 14:26:19 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Dec 2021 15:26:19 +0100 (CET) Subject: SUSE-SU-2021:4004-1: important: Security update for glib-networking Message-ID: <20211213142619.19587FD0A@maintenance.suse.de> SUSE Security Update: Security update for glib-networking ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:4004-1 Rating: important References: #1172460 Cross-References: CVE-2020-13645 CVSS scores: CVE-2020-13645 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2020-13645 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for glib-networking fixes the following issues: - CVE-2020-13645: Fixed a connection failure when the server identity is unset (bsc#1172460). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-4004=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-4004=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-4004=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-4004=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-4004=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-4004=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-4004=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-4004=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-4004=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-4004=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-4004=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-4004=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): glib-networking-lang-2.48.2-6.3.1 - SUSE OpenStack Cloud Crowbar 9 (x86_64): glib-networking-2.48.2-6.3.1 glib-networking-debuginfo-2.48.2-6.3.1 glib-networking-debugsource-2.48.2-6.3.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): glib-networking-2.48.2-6.3.1 glib-networking-debuginfo-2.48.2-6.3.1 glib-networking-debugsource-2.48.2-6.3.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): glib-networking-lang-2.48.2-6.3.1 - SUSE OpenStack Cloud 9 (x86_64): glib-networking-2.48.2-6.3.1 glib-networking-debuginfo-2.48.2-6.3.1 glib-networking-debugsource-2.48.2-6.3.1 - SUSE OpenStack Cloud 9 (noarch): glib-networking-lang-2.48.2-6.3.1 - SUSE OpenStack Cloud 8 (x86_64): glib-networking-2.48.2-6.3.1 glib-networking-debuginfo-2.48.2-6.3.1 glib-networking-debugsource-2.48.2-6.3.1 - SUSE OpenStack Cloud 8 (noarch): glib-networking-lang-2.48.2-6.3.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): glib-networking-2.48.2-6.3.1 glib-networking-debuginfo-2.48.2-6.3.1 glib-networking-debugsource-2.48.2-6.3.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): glib-networking-lang-2.48.2-6.3.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): glib-networking-2.48.2-6.3.1 glib-networking-debuginfo-2.48.2-6.3.1 glib-networking-debugsource-2.48.2-6.3.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): glib-networking-lang-2.48.2-6.3.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): glib-networking-2.48.2-6.3.1 glib-networking-debuginfo-2.48.2-6.3.1 glib-networking-debugsource-2.48.2-6.3.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): glib-networking-lang-2.48.2-6.3.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): glib-networking-2.48.2-6.3.1 glib-networking-debuginfo-2.48.2-6.3.1 glib-networking-debugsource-2.48.2-6.3.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): glib-networking-lang-2.48.2-6.3.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): glib-networking-2.48.2-6.3.1 glib-networking-debuginfo-2.48.2-6.3.1 glib-networking-debugsource-2.48.2-6.3.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): glib-networking-lang-2.48.2-6.3.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): glib-networking-lang-2.48.2-6.3.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): glib-networking-2.48.2-6.3.1 glib-networking-debuginfo-2.48.2-6.3.1 glib-networking-debugsource-2.48.2-6.3.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): glib-networking-lang-2.48.2-6.3.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): glib-networking-2.48.2-6.3.1 glib-networking-debuginfo-2.48.2-6.3.1 glib-networking-debugsource-2.48.2-6.3.1 - HPE Helion Openstack 8 (x86_64): glib-networking-2.48.2-6.3.1 glib-networking-debuginfo-2.48.2-6.3.1 glib-networking-debugsource-2.48.2-6.3.1 - HPE Helion Openstack 8 (noarch): glib-networking-lang-2.48.2-6.3.1 References: https://www.suse.com/security/cve/CVE-2020-13645.html https://bugzilla.suse.com/1172460 From sle-updates at lists.suse.com Mon Dec 13 14:29:00 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Dec 2021 15:29:00 +0100 (CET) Subject: SUSE-SU-2021:4002-1: moderate: Security update for python-pip Message-ID: <20211213142900.9D0DAFD0A@maintenance.suse.de> SUSE Security Update: Security update for python-pip ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:4002-1 Rating: moderate References: #1186819 Cross-References: CVE-2021-3572 CVSS scores: CVE-2021-3572 (SUSE): 4.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-pip fixes the following issues: - CVE-2021-3572: Fixed incorrect handling of unicode separators in git references (bsc#1186819). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-4002=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): python3-pip-wheel-10.0.1-3.9.1 References: https://www.suse.com/security/cve/CVE-2021-3572.html https://bugzilla.suse.com/1186819 From sle-updates at lists.suse.com Mon Dec 13 14:30:18 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Dec 2021 15:30:18 +0100 (CET) Subject: SUSE-RU-2021:4008-1: Recommended update for systemd-rpm-macros Message-ID: <20211213143018.76879FD0A@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd-rpm-macros ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4008-1 Rating: low References: Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for systemd-rpm-macros fixes the following issues: - Introduce rpm macro %_systemd_util_dir Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-4008=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (noarch): systemd-rpm-macros-9-10.31.1 References: From sle-updates at lists.suse.com Mon Dec 13 14:32:41 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Dec 2021 15:32:41 +0100 (CET) Subject: SUSE-SU-2021:4001-1: moderate: Security update for python-pip Message-ID: <20211213143241.200D8FD0A@maintenance.suse.de> SUSE Security Update: Security update for python-pip ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:4001-1 Rating: moderate References: #1186819 Cross-References: CVE-2021-3572 CVSS scores: CVE-2021-3572 (SUSE): 4.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise Module for Python2 15-SP3 SUSE Linux Enterprise Module for Python2 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-pip fixes the following issues: - CVE-2021-3572: Fixed incorrect handling of unicode separators in git references (bsc#1186819). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Python2 15-SP3: zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2021-4001=1 - SUSE Linux Enterprise Module for Python2 15-SP2: zypper in -t patch SUSE-SLE-Module-Python2-15-SP2-2021-4001=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-4001=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-4001=1 Package List: - SUSE Linux Enterprise Module for Python2 15-SP3 (noarch): python2-pip-20.0.2-6.15.1 - SUSE Linux Enterprise Module for Python2 15-SP2 (noarch): python2-pip-20.0.2-6.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): python3-pip-20.0.2-6.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): python3-pip-20.0.2-6.15.1 References: https://www.suse.com/security/cve/CVE-2021-3572.html https://bugzilla.suse.com/1186819 From sle-updates at lists.suse.com Mon Dec 13 14:36:12 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Dec 2021 15:36:12 +0100 (CET) Subject: SUSE-RU-2021:4009-1: Recommended update for systemd-rpm-macros Message-ID: <20211213143612.1DF45FD0A@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd-rpm-macros ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4009-1 Rating: low References: Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for systemd-rpm-macros fixes the following issues: - Introduce rpm macro %_systemd_util_dir Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-4009=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-4009=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): systemd-rpm-macros-9-7.21.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): systemd-rpm-macros-9-7.21.1 References: From sle-updates at lists.suse.com Mon Dec 13 14:37:21 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Dec 2021 15:37:21 +0100 (CET) Subject: SUSE-RU-2021:4010-1: moderate: Recommended update for python-azure-mgmt Message-ID: <20211213143721.27498FD0A@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-azure-mgmt ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4010-1 Rating: moderate References: #1187880 #1188178 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for python-azure-mgmt fixes the following issues: - There is an incompatibility issue of python-azure-mgmt and Azure CLI currently used thus we removed all dependencies version constraints(bsc#1187880, bsc#1188178) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2021-4010=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-azure-mgmt-4.0.0-2.17.3 python3-azure-mgmt-4.0.0-2.17.3 References: https://bugzilla.suse.com/1187880 https://bugzilla.suse.com/1188178 From sle-updates at lists.suse.com Mon Dec 13 17:17:08 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Dec 2021 18:17:08 +0100 (CET) Subject: SUSE-RU-2021:4013-1: moderate: Recommended update for apparmor Message-ID: <20211213171708.3353EFC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for apparmor ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4013-1 Rating: moderate References: #1191690 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for apparmor fixes the following issue: - Fix 'Requires' of python3 module. (bsc#1191690) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-4013=1 - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-4013=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-4013=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): apparmor-debugsource-2.13.4-3.11.1 apparmor-parser-2.13.4-3.11.1 apparmor-parser-debuginfo-2.13.4-3.11.1 libapparmor-debugsource-2.13.4-3.11.1 libapparmor1-2.13.4-3.11.1 libapparmor1-debuginfo-2.13.4-3.11.1 - SUSE MicroOS 5.0 (noarch): apparmor-abstractions-2.13.4-3.11.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): apache2-mod_apparmor-2.13.4-3.11.1 apache2-mod_apparmor-debuginfo-2.13.4-3.11.1 apparmor-debugsource-2.13.4-3.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): apparmor-debugsource-2.13.4-3.11.1 apparmor-parser-2.13.4-3.11.1 apparmor-parser-debuginfo-2.13.4-3.11.1 libapparmor-debugsource-2.13.4-3.11.1 libapparmor-devel-2.13.4-3.11.1 libapparmor1-2.13.4-3.11.1 libapparmor1-debuginfo-2.13.4-3.11.1 pam_apparmor-2.13.4-3.11.1 pam_apparmor-debuginfo-2.13.4-3.11.1 perl-apparmor-2.13.4-3.11.1 perl-apparmor-debuginfo-2.13.4-3.11.1 python3-apparmor-2.13.4-3.11.1 python3-apparmor-debuginfo-2.13.4-3.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): apparmor-abstractions-2.13.4-3.11.1 apparmor-docs-2.13.4-3.11.1 apparmor-parser-lang-2.13.4-3.11.1 apparmor-profiles-2.13.4-3.11.1 apparmor-utils-2.13.4-3.11.1 apparmor-utils-lang-2.13.4-3.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libapparmor1-32bit-2.13.4-3.11.1 libapparmor1-32bit-debuginfo-2.13.4-3.11.1 pam_apparmor-32bit-2.13.4-3.11.1 pam_apparmor-32bit-debuginfo-2.13.4-3.11.1 References: https://bugzilla.suse.com/1191690 From sle-updates at lists.suse.com Mon Dec 13 17:19:44 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Dec 2021 18:19:44 +0100 (CET) Subject: SUSE-RU-2021:4014-1: moderate: Recommended update for apparmor Message-ID: <20211213171944.0C9FAFC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for apparmor ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4014-1 Rating: moderate References: #1191532 #1191690 Affected Products: SUSE MicroOS 5.1 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for apparmor fixes the following issues: Changes in apparmor: - Add a profile for 'samba-bgqd'. (bsc#1191532) - Fix 'Requires' of python3 module. (bsc#1191690) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-4014=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-4014=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-4014=1 Package List: - SUSE MicroOS 5.1 (aarch64 s390x x86_64): apparmor-debugsource-2.13.6-3.8.1 apparmor-parser-2.13.6-3.8.1 apparmor-parser-debuginfo-2.13.6-3.8.1 libapparmor-debugsource-2.13.6-3.8.1 libapparmor1-2.13.6-3.8.1 libapparmor1-debuginfo-2.13.6-3.8.1 pam_apparmor-2.13.6-3.8.1 pam_apparmor-debuginfo-2.13.6-3.8.1 - SUSE MicroOS 5.1 (noarch): apparmor-abstractions-2.13.6-3.8.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): apache2-mod_apparmor-2.13.6-3.8.1 apache2-mod_apparmor-debuginfo-2.13.6-3.8.1 apparmor-debugsource-2.13.6-3.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): apparmor-debugsource-2.13.6-3.8.1 apparmor-parser-2.13.6-3.8.1 apparmor-parser-debuginfo-2.13.6-3.8.1 libapparmor-debugsource-2.13.6-3.8.1 libapparmor-devel-2.13.6-3.8.1 libapparmor1-2.13.6-3.8.1 libapparmor1-debuginfo-2.13.6-3.8.1 pam_apparmor-2.13.6-3.8.1 pam_apparmor-debuginfo-2.13.6-3.8.1 perl-apparmor-2.13.6-3.8.1 perl-apparmor-debuginfo-2.13.6-3.8.1 python3-apparmor-2.13.6-3.8.1 python3-apparmor-debuginfo-2.13.6-3.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libapparmor1-32bit-2.13.6-3.8.1 libapparmor1-32bit-debuginfo-2.13.6-3.8.1 pam_apparmor-32bit-2.13.6-3.8.1 pam_apparmor-32bit-debuginfo-2.13.6-3.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): apparmor-abstractions-2.13.6-3.8.1 apparmor-docs-2.13.6-3.8.1 apparmor-parser-lang-2.13.6-3.8.1 apparmor-profiles-2.13.6-3.8.1 apparmor-utils-2.13.6-3.8.1 apparmor-utils-lang-2.13.6-3.8.1 References: https://bugzilla.suse.com/1191532 https://bugzilla.suse.com/1191690 From sle-updates at lists.suse.com Mon Dec 13 17:21:11 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Dec 2021 18:21:11 +0100 (CET) Subject: SUSE-SU-2021:4011-1: important: Security update for sles12sp2-docker-image Message-ID: <20211213172111.18623FC9F@maintenance.suse.de> SUSE Security Update: Security update for sles12sp2-docker-image ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:4011-1 Rating: important References: #1134524 Cross-References: CVE-2019-5021 CVSS scores: CVE-2019-5021 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-5021 (SUSE): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for sles12sp2-docker-image fixes the following issues: - Invalidate the root password (was empty before) (bsc#1134524 CVE-2019-5021) Note that SUSE does not recommend use of this image anymore, please use newer versions from the registry. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2021-4011=1 Package List: - SUSE Linux Enterprise Module for Containers 12 (ppc64le s390x x86_64): sles12sp2-docker-image-1.0.2-20211211 References: https://www.suse.com/security/cve/CVE-2019-5021.html https://bugzilla.suse.com/1134524 From sle-updates at lists.suse.com Mon Dec 13 20:17:08 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 13 Dec 2021 21:17:08 +0100 (CET) Subject: SUSE-SU-2021:4015-1: moderate: Security update for python3 Message-ID: <20211213201708.CB218FC9F@maintenance.suse.de> SUSE Security Update: Security update for python3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:4015-1 Rating: moderate References: #1180125 #1183374 #1183858 #1185588 #1187338 #1187668 #1189241 #1189287 Cross-References: CVE-2021-3426 CVE-2021-3733 CVE-2021-3737 CVSS scores: CVE-2021-3426 (NVD) : 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-3426 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-3733 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-3737 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE MicroOS 5.1 SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that solves three vulnerabilities and has 5 fixes is now available. Description: This update for python3 fixes the following issues: - CVE-2021-3737: Fixed http client infinite line reading (DoS) after a http 100. (bsc#1189241) - CVE-2021-3733: Fixed ReDoS in urllib.request. (bsc#1189287) - CVE-2021-3426: Fixed an information disclosure via pydoc. (bsc#1183374) - Rebuild to get new headers, avoid building in support for stropts.h (bsc#1187338). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-4015=1 - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-4015=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-4015=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-4015=1 Package List: - SUSE MicroOS 5.1 (aarch64 s390x x86_64): libpython3_6m1_0-3.6.15-3.91.3 libpython3_6m1_0-debuginfo-3.6.15-3.91.3 python3-3.6.15-3.91.4 python3-base-3.6.15-3.91.3 python3-base-debuginfo-3.6.15-3.91.3 python3-core-debugsource-3.6.15-3.91.3 python3-debuginfo-3.6.15-3.91.4 python3-debugsource-3.6.15-3.91.4 - SUSE MicroOS 5.0 (aarch64 x86_64): libpython3_6m1_0-3.6.15-3.91.3 libpython3_6m1_0-debuginfo-3.6.15-3.91.3 python3-3.6.15-3.91.4 python3-base-3.6.15-3.91.3 python3-base-debuginfo-3.6.15-3.91.3 python3-core-debugsource-3.6.15-3.91.3 python3-debuginfo-3.6.15-3.91.4 python3-debugsource-3.6.15-3.91.4 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): python3-tools-3.6.15-3.91.3 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.15-3.91.3 libpython3_6m1_0-debuginfo-3.6.15-3.91.3 python3-3.6.15-3.91.4 python3-base-3.6.15-3.91.3 python3-curses-3.6.15-3.91.4 python3-curses-debuginfo-3.6.15-3.91.4 python3-dbm-3.6.15-3.91.4 python3-dbm-debuginfo-3.6.15-3.91.4 python3-debuginfo-3.6.15-3.91.4 python3-debugsource-3.6.15-3.91.4 python3-devel-3.6.15-3.91.3 python3-devel-debuginfo-3.6.15-3.91.3 python3-idle-3.6.15-3.91.4 python3-tk-3.6.15-3.91.4 python3-tk-debuginfo-3.6.15-3.91.4 References: https://www.suse.com/security/cve/CVE-2021-3426.html https://www.suse.com/security/cve/CVE-2021-3733.html https://www.suse.com/security/cve/CVE-2021-3737.html https://bugzilla.suse.com/1180125 https://bugzilla.suse.com/1183374 https://bugzilla.suse.com/1183858 https://bugzilla.suse.com/1185588 https://bugzilla.suse.com/1187338 https://bugzilla.suse.com/1187668 https://bugzilla.suse.com/1189241 https://bugzilla.suse.com/1189287 From sle-updates at lists.suse.com Tue Dec 14 11:17:54 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Dec 2021 12:17:54 +0100 (CET) Subject: SUSE-RU-2021:4019-1: moderate: Recommended update for python-dockerpty, python-expects Message-ID: <20211214111754.D71F0FD0A@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-dockerpty, python-expects ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4019-1 Rating: moderate References: #1062084 SLE-22450 Affected Products: SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that has one recommended fix and contains one feature can now be installed. Description: This update for python-dockerpty, python-expects fixes the following issues: python-expects was added in 0.9.0 as dependency of python-dockerpty: python-dockerpty was updated to 0.4.2 to meet docker-compose dependency. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2021-4019=1 Package List: - SUSE Linux Enterprise Module for Containers 12 (noarch): python-dockerpty-0.4.1-8.3.1 python-expects-0.9.0-2.3.1 References: https://bugzilla.suse.com/1062084 From sle-updates at lists.suse.com Tue Dec 14 11:20:54 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Dec 2021 12:20:54 +0100 (CET) Subject: SUSE-RU-2021:4017-1: moderate: Recommended update for openssl-1_1 Message-ID: <20211214112054.19FE9FD0A@maintenance.suse.de> SUSE Recommended Update: Recommended update for openssl-1_1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4017-1 Rating: moderate References: #1180995 Affected Products: SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openssl-1_1 fixes the following issues: - Add RFC3526 and RFC7919 groups to 'openssl genpkey' so that it can output FIPS-appropriate parameters consistently with our other codestreams (bsc#1180995) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-4017=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-4017=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-4017=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-4017=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-4017=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-4017=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libopenssl-1_1-devel-1.1.0i-14.24.3 libopenssl1_1-1.1.0i-14.24.3 libopenssl1_1-debuginfo-1.1.0i-14.24.3 libopenssl1_1-hmac-1.1.0i-14.24.3 openssl-1_1-1.1.0i-14.24.3 openssl-1_1-debuginfo-1.1.0i-14.24.3 openssl-1_1-debugsource-1.1.0i-14.24.3 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libopenssl-1_1-devel-32bit-1.1.0i-14.24.3 libopenssl1_1-32bit-1.1.0i-14.24.3 libopenssl1_1-32bit-debuginfo-1.1.0i-14.24.3 libopenssl1_1-hmac-32bit-1.1.0i-14.24.3 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.0i-14.24.3 libopenssl1_1-1.1.0i-14.24.3 libopenssl1_1-debuginfo-1.1.0i-14.24.3 libopenssl1_1-hmac-1.1.0i-14.24.3 openssl-1_1-1.1.0i-14.24.3 openssl-1_1-debuginfo-1.1.0i-14.24.3 openssl-1_1-debugsource-1.1.0i-14.24.3 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libopenssl-1_1-devel-32bit-1.1.0i-14.24.3 libopenssl1_1-32bit-1.1.0i-14.24.3 libopenssl1_1-32bit-debuginfo-1.1.0i-14.24.3 libopenssl1_1-hmac-32bit-1.1.0i-14.24.3 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libopenssl-1_1-devel-1.1.0i-14.24.3 libopenssl-1_1-devel-32bit-1.1.0i-14.24.3 libopenssl1_1-1.1.0i-14.24.3 libopenssl1_1-32bit-1.1.0i-14.24.3 libopenssl1_1-32bit-debuginfo-1.1.0i-14.24.3 libopenssl1_1-debuginfo-1.1.0i-14.24.3 libopenssl1_1-hmac-1.1.0i-14.24.3 libopenssl1_1-hmac-32bit-1.1.0i-14.24.3 openssl-1_1-1.1.0i-14.24.3 openssl-1_1-debuginfo-1.1.0i-14.24.3 openssl-1_1-debugsource-1.1.0i-14.24.3 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libopenssl-1_1-devel-1.1.0i-14.24.3 libopenssl1_1-1.1.0i-14.24.3 libopenssl1_1-debuginfo-1.1.0i-14.24.3 libopenssl1_1-hmac-1.1.0i-14.24.3 openssl-1_1-1.1.0i-14.24.3 openssl-1_1-debuginfo-1.1.0i-14.24.3 openssl-1_1-debugsource-1.1.0i-14.24.3 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libopenssl-1_1-devel-32bit-1.1.0i-14.24.3 libopenssl1_1-32bit-1.1.0i-14.24.3 libopenssl1_1-32bit-debuginfo-1.1.0i-14.24.3 libopenssl1_1-hmac-32bit-1.1.0i-14.24.3 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libopenssl-1_1-devel-1.1.0i-14.24.3 libopenssl1_1-1.1.0i-14.24.3 libopenssl1_1-debuginfo-1.1.0i-14.24.3 libopenssl1_1-hmac-1.1.0i-14.24.3 openssl-1_1-1.1.0i-14.24.3 openssl-1_1-debuginfo-1.1.0i-14.24.3 openssl-1_1-debugsource-1.1.0i-14.24.3 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libopenssl-1_1-devel-32bit-1.1.0i-14.24.3 libopenssl1_1-32bit-1.1.0i-14.24.3 libopenssl1_1-32bit-debuginfo-1.1.0i-14.24.3 libopenssl1_1-hmac-32bit-1.1.0i-14.24.3 - SUSE Enterprise Storage 6 (aarch64 x86_64): libopenssl-1_1-devel-1.1.0i-14.24.3 libopenssl1_1-1.1.0i-14.24.3 libopenssl1_1-debuginfo-1.1.0i-14.24.3 libopenssl1_1-hmac-1.1.0i-14.24.3 openssl-1_1-1.1.0i-14.24.3 openssl-1_1-debuginfo-1.1.0i-14.24.3 openssl-1_1-debugsource-1.1.0i-14.24.3 - SUSE Enterprise Storage 6 (x86_64): libopenssl-1_1-devel-32bit-1.1.0i-14.24.3 libopenssl1_1-32bit-1.1.0i-14.24.3 libopenssl1_1-32bit-debuginfo-1.1.0i-14.24.3 libopenssl1_1-hmac-32bit-1.1.0i-14.24.3 - SUSE CaaS Platform 4.0 (x86_64): libopenssl-1_1-devel-1.1.0i-14.24.3 libopenssl-1_1-devel-32bit-1.1.0i-14.24.3 libopenssl1_1-1.1.0i-14.24.3 libopenssl1_1-32bit-1.1.0i-14.24.3 libopenssl1_1-32bit-debuginfo-1.1.0i-14.24.3 libopenssl1_1-debuginfo-1.1.0i-14.24.3 libopenssl1_1-hmac-1.1.0i-14.24.3 libopenssl1_1-hmac-32bit-1.1.0i-14.24.3 openssl-1_1-1.1.0i-14.24.3 openssl-1_1-debuginfo-1.1.0i-14.24.3 openssl-1_1-debugsource-1.1.0i-14.24.3 References: https://bugzilla.suse.com/1180995 From sle-updates at lists.suse.com Tue Dec 14 11:22:14 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Dec 2021 12:22:14 +0100 (CET) Subject: SUSE-SU-2021:4021-1: important: Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP5) Message-ID: <20211214112214.64A75FD0A@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP5) ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:4021-1 Rating: important References: #1191813 #1192042 #1192048 Cross-References: CVE-2021-0935 CVE-2021-0941 CVE-2021-20322 CVSS scores: CVE-2021-0935 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-0941 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-20322 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise Live Patching 12-SP5 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-122_98 fixes several issues. The following security issues were fixed: - CVE-2021-0941: In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192045). - CVE-2021-20322: Make the ipv4 and ipv6 ICMP exception caches less predictive to avoid information leaks about UDP ports in use. (bsc#1191790) - CVE-2021-0935: In ip6_xmit of ip6_output.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. (bsc#1192032) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2021-4021=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_98-default-2-2.1 References: https://www.suse.com/security/cve/CVE-2021-0935.html https://www.suse.com/security/cve/CVE-2021-0941.html https://www.suse.com/security/cve/CVE-2021-20322.html https://bugzilla.suse.com/1191813 https://bugzilla.suse.com/1192042 https://bugzilla.suse.com/1192048 From sle-updates at lists.suse.com Tue Dec 14 11:23:53 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Dec 2021 12:23:53 +0100 (CET) Subject: SUSE-SU-2021:4018-1: moderate: Security update for fetchmail Message-ID: <20211214112353.AD944FD0A@maintenance.suse.de> SUSE Security Update: Security update for fetchmail ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:4018-1 Rating: moderate References: #1152964 #1174075 #1181400 #1188875 #1190069 #1190896 SLE-17903 SLE-18059 SLE-18159 Cross-References: CVE-2021-36386 CVE-2021-39272 CVSS scores: CVE-2021-36386 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-36386 (SUSE): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2021-39272 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that solves two vulnerabilities, contains three features and has four fixes is now available. Description: This update for fetchmail fixes the following issues: - CVE-2021-36386: Fixed DoS or information disclosure in some configurations (bsc#1188875). - CVE-2021-39272: Fixed STARTTLS session encryption bypassing (fetchmail-SA-2021-02) (bsc#1190069). - Update to 6.4.22 (bsc#1152964, jsc#SLE-18159, jsc#SLE-17903, jsc#SLE-18059) - Remove all python2 dependencies (bsc#1190896). - De-hardcode /usr/lib path for launch executable (bsc#1174075). - Added hardening to systemd service(s) (bsc#1181400). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-4018=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-4018=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-4018=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-4018=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-4018=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-4018=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-4018=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-4018=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-4018=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-4018=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-4018=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-4018=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-4018=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-4018=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): fetchmail-6.4.22-20.20.1 fetchmail-debuginfo-6.4.22-20.20.1 fetchmail-debugsource-6.4.22-20.20.1 fetchmailconf-6.4.22-20.20.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): fetchmail-6.4.22-20.20.1 fetchmail-debuginfo-6.4.22-20.20.1 fetchmail-debugsource-6.4.22-20.20.1 fetchmailconf-6.4.22-20.20.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): fetchmail-6.4.22-20.20.1 fetchmail-debuginfo-6.4.22-20.20.1 fetchmail-debugsource-6.4.22-20.20.1 fetchmailconf-6.4.22-20.20.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): fetchmail-6.4.22-20.20.1 fetchmail-debuginfo-6.4.22-20.20.1 fetchmail-debugsource-6.4.22-20.20.1 fetchmailconf-6.4.22-20.20.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): fetchmail-6.4.22-20.20.1 fetchmail-debuginfo-6.4.22-20.20.1 fetchmail-debugsource-6.4.22-20.20.1 fetchmailconf-6.4.22-20.20.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): fetchmail-debuginfo-6.4.22-20.20.1 fetchmail-debugsource-6.4.22-20.20.1 fetchmailconf-6.4.22-20.20.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): fetchmail-debuginfo-6.4.22-20.20.1 fetchmail-debugsource-6.4.22-20.20.1 fetchmailconf-6.4.22-20.20.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): fetchmail-6.4.22-20.20.1 fetchmail-debuginfo-6.4.22-20.20.1 fetchmail-debugsource-6.4.22-20.20.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): fetchmail-6.4.22-20.20.1 fetchmail-debuginfo-6.4.22-20.20.1 fetchmail-debugsource-6.4.22-20.20.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): fetchmail-6.4.22-20.20.1 fetchmail-debuginfo-6.4.22-20.20.1 fetchmail-debugsource-6.4.22-20.20.1 fetchmailconf-6.4.22-20.20.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): fetchmail-6.4.22-20.20.1 fetchmail-debuginfo-6.4.22-20.20.1 fetchmail-debugsource-6.4.22-20.20.1 fetchmailconf-6.4.22-20.20.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): fetchmail-6.4.22-20.20.1 fetchmail-debuginfo-6.4.22-20.20.1 fetchmail-debugsource-6.4.22-20.20.1 fetchmailconf-6.4.22-20.20.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): fetchmail-6.4.22-20.20.1 fetchmail-debuginfo-6.4.22-20.20.1 fetchmail-debugsource-6.4.22-20.20.1 fetchmailconf-6.4.22-20.20.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): fetchmail-6.4.22-20.20.1 fetchmail-debuginfo-6.4.22-20.20.1 fetchmail-debugsource-6.4.22-20.20.1 fetchmailconf-6.4.22-20.20.1 - SUSE CaaS Platform 4.0 (x86_64): fetchmail-6.4.22-20.20.1 fetchmail-debuginfo-6.4.22-20.20.1 fetchmail-debugsource-6.4.22-20.20.1 fetchmailconf-6.4.22-20.20.1 References: https://www.suse.com/security/cve/CVE-2021-36386.html https://www.suse.com/security/cve/CVE-2021-39272.html https://bugzilla.suse.com/1152964 https://bugzilla.suse.com/1174075 https://bugzilla.suse.com/1181400 https://bugzilla.suse.com/1188875 https://bugzilla.suse.com/1190069 https://bugzilla.suse.com/1190896 From sle-updates at lists.suse.com Tue Dec 14 11:25:56 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Dec 2021 12:25:56 +0100 (CET) Subject: SUSE-SU-2021:4039-1: important: Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP1) Message-ID: <20211214112556.D4850FD0A@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:4039-1 Rating: important References: #1192042 Cross-References: CVE-2021-0935 CVSS scores: CVE-2021-0935 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Live Patching 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.12.14-197_102 fixes one issue. The following security issue was fixed: - CVE-2021-0935: In ip6_xmit of ip6_output.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. (bsc#1192032) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2021-4039=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2021-4020=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-197_102-default-2-2.1 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_103-default-2-2.1 References: https://www.suse.com/security/cve/CVE-2021-0935.html https://bugzilla.suse.com/1192042 From sle-updates at lists.suse.com Tue Dec 14 11:27:33 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Dec 2021 12:27:33 +0100 (CET) Subject: SUSE-SU-2021:4038-1: important: Security update for the Linux Kernel (Live Patch 23 for SLE 15 SP1) Message-ID: <20211214112733.28E53FD0A@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 23 for SLE 15 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:4038-1 Rating: important References: #1191813 #1192048 Cross-References: CVE-2021-0941 CVE-2021-20322 CVSS scores: CVE-2021-0941 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-20322 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise Live Patching 12-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-197_86 fixes several issues. The following security issues were fixed: - CVE-2021-0941: In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192045). - CVE-2021-20322: Make the ipv4 and ipv6 ICMP exception caches less predictive to avoid information leaks about UDP ports in use. (bsc#1191790) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2021-4040=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-4041=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-4042=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-4043=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-4044=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-4045=1 SUSE-SLE-Module-Live-Patching-15-SP1-2021-4046=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2021-4047=1 SUSE-SLE-Module-Live-Patching-15-2021-4048=1 SUSE-SLE-Module-Live-Patching-15-2021-4049=1 SUSE-SLE-Module-Live-Patching-15-2021-4050=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2021-4022=1 SUSE-SLE-Live-Patching-12-SP5-2021-4023=1 SUSE-SLE-Live-Patching-12-SP5-2021-4024=1 SUSE-SLE-Live-Patching-12-SP5-2021-4025=1 SUSE-SLE-Live-Patching-12-SP5-2021-4026=1 SUSE-SLE-Live-Patching-12-SP5-2021-4027=1 SUSE-SLE-Live-Patching-12-SP5-2021-4028=1 SUSE-SLE-Live-Patching-12-SP5-2021-4029=1 SUSE-SLE-Live-Patching-12-SP5-2021-4030=1 SUSE-SLE-Live-Patching-12-SP5-2021-4031=1 SUSE-SLE-Live-Patching-12-SP5-2021-4032=1 SUSE-SLE-Live-Patching-12-SP5-2021-4033=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2021-4034=1 SUSE-SLE-Live-Patching-12-SP4-2021-4035=1 SUSE-SLE-Live-Patching-12-SP4-2021-4036=1 SUSE-SLE-Live-Patching-12-SP4-2021-4037=1 SUSE-SLE-Live-Patching-12-SP4-2021-4038=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-197_75-default-14-2.2 kernel-livepatch-4_12_14-197_78-default-14-2.2 kernel-livepatch-4_12_14-197_83-default-13-2.2 kernel-livepatch-4_12_14-197_86-default-12-2.2 kernel-livepatch-4_12_14-197_89-default-9-2.1 kernel-livepatch-4_12_14-197_92-default-8-2.1 kernel-livepatch-4_12_14-197_99-default-6-2.1 - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-150_66-default-13-2.2 kernel-livepatch-4_12_14-150_66-default-debuginfo-13-2.2 kernel-livepatch-4_12_14-150_69-default-12-2.2 kernel-livepatch-4_12_14-150_69-default-debuginfo-12-2.2 kernel-livepatch-4_12_14-150_72-default-9-2.1 kernel-livepatch-4_12_14-150_72-default-debuginfo-9-2.1 kernel-livepatch-4_12_14-150_75-default-6-2.1 kernel-livepatch-4_12_14-150_75-default-debuginfo-6-2.1 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_54-default-14-2.2 kgraft-patch-4_12_14-122_57-default-14-2.2 kgraft-patch-4_12_14-122_60-default-13-2.2 kgraft-patch-4_12_14-122_63-default-12-2.2 kgraft-patch-4_12_14-122_66-default-10-2.1 kgraft-patch-4_12_14-122_71-default-9-2.1 kgraft-patch-4_12_14-122_74-default-7-2.1 kgraft-patch-4_12_14-122_77-default-7-2.1 kgraft-patch-4_12_14-122_80-default-6-2.1 kgraft-patch-4_12_14-122_83-default-5-2.1 kgraft-patch-4_12_14-122_88-default-3-2.1 kgraft-patch-4_12_14-122_91-default-3-2.1 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kgraft-patch-4_12_14-95_68-default-13-2.2 kgraft-patch-4_12_14-95_71-default-12-2.2 kgraft-patch-4_12_14-95_74-default-9-2.1 kgraft-patch-4_12_14-95_77-default-8-2.1 kgraft-patch-4_12_14-95_80-default-6-2.1 References: https://www.suse.com/security/cve/CVE-2021-0941.html https://www.suse.com/security/cve/CVE-2021-20322.html https://bugzilla.suse.com/1191813 https://bugzilla.suse.com/1192048 From sle-updates at lists.suse.com Tue Dec 14 14:17:46 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Dec 2021 15:17:46 +0100 (CET) Subject: SUSE-SU-2021:4057-1: important: Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) Message-ID: <20211214141746.8456CFD0A@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:4057-1 Rating: important References: #1191813 Cross-References: CVE-2021-20322 CVSS scores: CVE-2021-20322 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.4.180-94_138 fixes one issue. The following security issue was fixed: - CVE-2021-20322: Make the ipv4 and ipv6 ICMP exception caches less predictive to avoid information leaks about UDP ports in use. (bsc#1191790) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-4053=1 SUSE-SLE-SAP-12-SP3-2021-4054=1 SUSE-SLE-SAP-12-SP3-2021-4055=1 SUSE-SLE-SAP-12-SP3-2021-4057=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-4053=1 SUSE-SLE-SERVER-12-SP3-2021-4054=1 SUSE-SLE-SERVER-12-SP3-2021-4055=1 SUSE-SLE-SERVER-12-SP3-2021-4057=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_180-94_138-default-13-2.2 kgraft-patch-4_4_180-94_138-default-debuginfo-13-2.2 kgraft-patch-4_4_180-94_141-default-12-2.2 kgraft-patch-4_4_180-94_141-default-debuginfo-12-2.2 kgraft-patch-4_4_180-94_144-default-9-2.1 kgraft-patch-4_4_180-94_144-default-debuginfo-9-2.1 kgraft-patch-4_4_180-94_147-default-6-2.1 kgraft-patch-4_4_180-94_147-default-debuginfo-6-2.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64): kgraft-patch-4_4_180-94_138-default-13-2.2 kgraft-patch-4_4_180-94_138-default-debuginfo-13-2.2 kgraft-patch-4_4_180-94_141-default-12-2.2 kgraft-patch-4_4_180-94_141-default-debuginfo-12-2.2 kgraft-patch-4_4_180-94_144-default-9-2.1 kgraft-patch-4_4_180-94_144-default-debuginfo-9-2.1 kgraft-patch-4_4_180-94_147-default-6-2.1 kgraft-patch-4_4_180-94_147-default-debuginfo-6-2.1 References: https://www.suse.com/security/cve/CVE-2021-20322.html https://bugzilla.suse.com/1191813 From sle-updates at lists.suse.com Tue Dec 14 14:20:25 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Dec 2021 15:20:25 +0100 (CET) Subject: SUSE-SU-2021:4051-1: moderate: Security update for python-pip Message-ID: <20211214142025.D6F39FD0A@maintenance.suse.de> SUSE Security Update: Security update for python-pip ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:4051-1 Rating: moderate References: #1186819 Cross-References: CVE-2021-3572 CVSS scores: CVE-2021-3572 (SUSE): 4.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-pip fixes the following issues: - CVE-2021-3572: Fixed incorrect handling of unicode separators in git references (bsc#1186819). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2021-4051=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-pip-10.0.1-13.6.1 python3-pip-10.0.1-13.6.1 References: https://www.suse.com/security/cve/CVE-2021-3572.html https://bugzilla.suse.com/1186819 From sle-updates at lists.suse.com Tue Dec 14 14:21:41 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Dec 2021 15:21:41 +0100 (CET) Subject: SUSE-SU-2021:4052-1: important: Security update for the Linux Kernel (Live Patch 41 for SLE 12 SP3) Message-ID: <20211214142141.20166FD0A@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 41 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:4052-1 Rating: important References: #1182294 #1192042 Cross-References: CVE-2021-0935 CVE-2021-28688 CVSS scores: CVE-2021-0935 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28688 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28688 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.180-94_150 fixes several issues. The following security issues were fixed: - CVE-2021-0935: In ip6_xmit of ip6_output.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. (bsc#1192032) - CVE-2021-28688: The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. (bsc#1183646) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-4052=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-4052=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_180-94_150-default-2-2.1 kgraft-patch-4_4_180-94_150-default-debuginfo-2-2.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64): kgraft-patch-4_4_180-94_150-default-2-2.1 kgraft-patch-4_4_180-94_150-default-debuginfo-2-2.1 References: https://www.suse.com/security/cve/CVE-2021-0935.html https://www.suse.com/security/cve/CVE-2021-28688.html https://bugzilla.suse.com/1182294 https://bugzilla.suse.com/1192042 From sle-updates at lists.suse.com Tue Dec 14 14:23:12 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Dec 2021 15:23:12 +0100 (CET) Subject: SUSE-SU-2021:4058-1: important: Security update for postgresql10 Message-ID: <20211214142312.DD6ACFD0A@maintenance.suse.de> SUSE Security Update: Security update for postgresql10 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:4058-1 Rating: important References: #1192516 Cross-References: CVE-2021-23214 CVE-2021-23222 CVSS scores: CVE-2021-23214 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-23222 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for postgresql10 fixes the following issues: - CVE-2021-23214: Make the server reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516). - CVE-2021-23222: Make libpq reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-4058=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-4058=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-4058=1 - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-4058=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2021-4058=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-4058=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-4058=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-4058=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-4058=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): postgresql10-10.19-8.41.1 postgresql10-contrib-10.19-8.41.1 postgresql10-contrib-debuginfo-10.19-8.41.1 postgresql10-debuginfo-10.19-8.41.1 postgresql10-debugsource-10.19-8.41.1 postgresql10-devel-10.19-8.41.1 postgresql10-devel-debuginfo-10.19-8.41.1 postgresql10-plperl-10.19-8.41.1 postgresql10-plperl-debuginfo-10.19-8.41.1 postgresql10-plpython-10.19-8.41.1 postgresql10-plpython-debuginfo-10.19-8.41.1 postgresql10-pltcl-10.19-8.41.1 postgresql10-pltcl-debuginfo-10.19-8.41.1 postgresql10-server-10.19-8.41.1 postgresql10-server-debuginfo-10.19-8.41.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): postgresql10-docs-10.19-8.41.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): postgresql10-10.19-8.41.1 postgresql10-contrib-10.19-8.41.1 postgresql10-contrib-debuginfo-10.19-8.41.1 postgresql10-debuginfo-10.19-8.41.1 postgresql10-debugsource-10.19-8.41.1 postgresql10-devel-10.19-8.41.1 postgresql10-devel-debuginfo-10.19-8.41.1 postgresql10-plperl-10.19-8.41.1 postgresql10-plperl-debuginfo-10.19-8.41.1 postgresql10-plpython-10.19-8.41.1 postgresql10-plpython-debuginfo-10.19-8.41.1 postgresql10-pltcl-10.19-8.41.1 postgresql10-pltcl-debuginfo-10.19-8.41.1 postgresql10-server-10.19-8.41.1 postgresql10-server-debuginfo-10.19-8.41.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): postgresql10-docs-10.19-8.41.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): postgresql10-docs-10.19-8.41.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): postgresql10-10.19-8.41.1 postgresql10-contrib-10.19-8.41.1 postgresql10-contrib-debuginfo-10.19-8.41.1 postgresql10-debuginfo-10.19-8.41.1 postgresql10-debugsource-10.19-8.41.1 postgresql10-devel-10.19-8.41.1 postgresql10-devel-debuginfo-10.19-8.41.1 postgresql10-plperl-10.19-8.41.1 postgresql10-plperl-debuginfo-10.19-8.41.1 postgresql10-plpython-10.19-8.41.1 postgresql10-plpython-debuginfo-10.19-8.41.1 postgresql10-pltcl-10.19-8.41.1 postgresql10-pltcl-debuginfo-10.19-8.41.1 postgresql10-server-10.19-8.41.1 postgresql10-server-debuginfo-10.19-8.41.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): postgresql10-contrib-10.19-8.41.1 postgresql10-contrib-debuginfo-10.19-8.41.1 postgresql10-debuginfo-10.19-8.41.1 postgresql10-debugsource-10.19-8.41.1 postgresql10-devel-10.19-8.41.1 postgresql10-devel-debuginfo-10.19-8.41.1 postgresql10-plperl-10.19-8.41.1 postgresql10-plperl-debuginfo-10.19-8.41.1 postgresql10-plpython-10.19-8.41.1 postgresql10-plpython-debuginfo-10.19-8.41.1 postgresql10-pltcl-10.19-8.41.1 postgresql10-pltcl-debuginfo-10.19-8.41.1 postgresql10-server-10.19-8.41.1 postgresql10-server-debuginfo-10.19-8.41.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): postgresql10-docs-10.19-8.41.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64): postgresql10-10.19-8.41.1 postgresql10-contrib-10.19-8.41.1 postgresql10-contrib-debuginfo-10.19-8.41.1 postgresql10-debuginfo-10.19-8.41.1 postgresql10-debugsource-10.19-8.41.1 postgresql10-devel-10.19-8.41.1 postgresql10-devel-debuginfo-10.19-8.41.1 postgresql10-plperl-10.19-8.41.1 postgresql10-plperl-debuginfo-10.19-8.41.1 postgresql10-plpython-10.19-8.41.1 postgresql10-plpython-debuginfo-10.19-8.41.1 postgresql10-pltcl-10.19-8.41.1 postgresql10-pltcl-debuginfo-10.19-8.41.1 postgresql10-server-10.19-8.41.1 postgresql10-server-debuginfo-10.19-8.41.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): postgresql10-10.19-8.41.1 postgresql10-debuginfo-10.19-8.41.1 postgresql10-debugsource-10.19-8.41.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): postgresql10-10.19-8.41.1 postgresql10-contrib-10.19-8.41.1 postgresql10-contrib-debuginfo-10.19-8.41.1 postgresql10-debuginfo-10.19-8.41.1 postgresql10-debugsource-10.19-8.41.1 postgresql10-devel-10.19-8.41.1 postgresql10-devel-debuginfo-10.19-8.41.1 postgresql10-plperl-10.19-8.41.1 postgresql10-plperl-debuginfo-10.19-8.41.1 postgresql10-plpython-10.19-8.41.1 postgresql10-plpython-debuginfo-10.19-8.41.1 postgresql10-pltcl-10.19-8.41.1 postgresql10-pltcl-debuginfo-10.19-8.41.1 postgresql10-server-10.19-8.41.1 postgresql10-server-debuginfo-10.19-8.41.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): postgresql10-docs-10.19-8.41.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): postgresql10-10.19-8.41.1 postgresql10-contrib-10.19-8.41.1 postgresql10-contrib-debuginfo-10.19-8.41.1 postgresql10-debuginfo-10.19-8.41.1 postgresql10-debugsource-10.19-8.41.1 postgresql10-devel-10.19-8.41.1 postgresql10-devel-debuginfo-10.19-8.41.1 postgresql10-plperl-10.19-8.41.1 postgresql10-plperl-debuginfo-10.19-8.41.1 postgresql10-plpython-10.19-8.41.1 postgresql10-plpython-debuginfo-10.19-8.41.1 postgresql10-pltcl-10.19-8.41.1 postgresql10-pltcl-debuginfo-10.19-8.41.1 postgresql10-server-10.19-8.41.1 postgresql10-server-debuginfo-10.19-8.41.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): postgresql10-docs-10.19-8.41.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): postgresql10-10.19-8.41.1 postgresql10-contrib-10.19-8.41.1 postgresql10-contrib-debuginfo-10.19-8.41.1 postgresql10-debuginfo-10.19-8.41.1 postgresql10-debugsource-10.19-8.41.1 postgresql10-devel-10.19-8.41.1 postgresql10-devel-debuginfo-10.19-8.41.1 postgresql10-plperl-10.19-8.41.1 postgresql10-plperl-debuginfo-10.19-8.41.1 postgresql10-plpython-10.19-8.41.1 postgresql10-plpython-debuginfo-10.19-8.41.1 postgresql10-pltcl-10.19-8.41.1 postgresql10-pltcl-debuginfo-10.19-8.41.1 postgresql10-server-10.19-8.41.1 postgresql10-server-debuginfo-10.19-8.41.1 - SUSE Enterprise Storage 6 (noarch): postgresql10-docs-10.19-8.41.1 - SUSE CaaS Platform 4.0 (noarch): postgresql10-docs-10.19-8.41.1 - SUSE CaaS Platform 4.0 (x86_64): postgresql10-10.19-8.41.1 postgresql10-contrib-10.19-8.41.1 postgresql10-contrib-debuginfo-10.19-8.41.1 postgresql10-debuginfo-10.19-8.41.1 postgresql10-debugsource-10.19-8.41.1 postgresql10-devel-10.19-8.41.1 postgresql10-devel-debuginfo-10.19-8.41.1 postgresql10-plperl-10.19-8.41.1 postgresql10-plperl-debuginfo-10.19-8.41.1 postgresql10-plpython-10.19-8.41.1 postgresql10-plpython-debuginfo-10.19-8.41.1 postgresql10-pltcl-10.19-8.41.1 postgresql10-pltcl-debuginfo-10.19-8.41.1 postgresql10-server-10.19-8.41.1 postgresql10-server-debuginfo-10.19-8.41.1 References: https://www.suse.com/security/cve/CVE-2021-23214.html https://www.suse.com/security/cve/CVE-2021-23222.html https://bugzilla.suse.com/1192516 From sle-updates at lists.suse.com Tue Dec 14 17:21:01 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Dec 2021 18:21:01 +0100 (CET) Subject: SUSE-SU-2021:4064-1: important: Security update for xorg-x11-server Message-ID: <20211214172101.6B7B5FD0A@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:4064-1 Rating: important References: #1193030 Cross-References: CVE-2021-4008 CVSS scores: CVE-2021-4008 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2021-4008: Fixed Privilege Escalation Vulnerability via Out-Of-Bounds Access in SProcRenderCompositeGlyphs (bsc#1193030). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-4064=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-4064=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-4064=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-4064=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): xorg-x11-server-1.19.6-4.25.1 xorg-x11-server-debuginfo-1.19.6-4.25.1 xorg-x11-server-debugsource-1.19.6-4.25.1 xorg-x11-server-extra-1.19.6-4.25.1 xorg-x11-server-extra-debuginfo-1.19.6-4.25.1 - SUSE OpenStack Cloud 9 (x86_64): xorg-x11-server-1.19.6-4.25.1 xorg-x11-server-debuginfo-1.19.6-4.25.1 xorg-x11-server-debugsource-1.19.6-4.25.1 xorg-x11-server-extra-1.19.6-4.25.1 xorg-x11-server-extra-debuginfo-1.19.6-4.25.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): xorg-x11-server-1.19.6-4.25.1 xorg-x11-server-debuginfo-1.19.6-4.25.1 xorg-x11-server-debugsource-1.19.6-4.25.1 xorg-x11-server-extra-1.19.6-4.25.1 xorg-x11-server-extra-debuginfo-1.19.6-4.25.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.19.6-4.25.1 xorg-x11-server-debuginfo-1.19.6-4.25.1 xorg-x11-server-debugsource-1.19.6-4.25.1 xorg-x11-server-extra-1.19.6-4.25.1 xorg-x11-server-extra-debuginfo-1.19.6-4.25.1 References: https://www.suse.com/security/cve/CVE-2021-4008.html https://bugzilla.suse.com/1193030 From sle-updates at lists.suse.com Tue Dec 14 17:22:21 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Dec 2021 18:22:21 +0100 (CET) Subject: SUSE-SU-2021:4071-1: important: Security update for xorg-x11-server Message-ID: <20211214172221.F0D36FD0A@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:4071-1 Rating: important References: #1193030 Cross-References: CVE-2021-4008 CVSS scores: CVE-2021-4008 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2021-4008: Fixed Privilege Escalation Vulnerability via Out-Of-Bounds Access in SProcRenderCompositeGlyphs (bsc#1193030). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-4071=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-4071=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-4071=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-4071=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-4071=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-4071=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): xorg-x11-server-1.20.3-14.5.19.1 xorg-x11-server-debuginfo-1.20.3-14.5.19.1 xorg-x11-server-debugsource-1.20.3-14.5.19.1 xorg-x11-server-extra-1.20.3-14.5.19.1 xorg-x11-server-extra-debuginfo-1.20.3-14.5.19.1 xorg-x11-server-sdk-1.20.3-14.5.19.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.20.3-14.5.19.1 xorg-x11-server-debuginfo-1.20.3-14.5.19.1 xorg-x11-server-debugsource-1.20.3-14.5.19.1 xorg-x11-server-extra-1.20.3-14.5.19.1 xorg-x11-server-extra-debuginfo-1.20.3-14.5.19.1 xorg-x11-server-sdk-1.20.3-14.5.19.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): xorg-x11-server-1.20.3-14.5.19.1 xorg-x11-server-debuginfo-1.20.3-14.5.19.1 xorg-x11-server-debugsource-1.20.3-14.5.19.1 xorg-x11-server-extra-1.20.3-14.5.19.1 xorg-x11-server-extra-debuginfo-1.20.3-14.5.19.1 xorg-x11-server-sdk-1.20.3-14.5.19.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): xorg-x11-server-1.20.3-14.5.19.1 xorg-x11-server-debuginfo-1.20.3-14.5.19.1 xorg-x11-server-debugsource-1.20.3-14.5.19.1 xorg-x11-server-extra-1.20.3-14.5.19.1 xorg-x11-server-extra-debuginfo-1.20.3-14.5.19.1 xorg-x11-server-sdk-1.20.3-14.5.19.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): xorg-x11-server-1.20.3-14.5.19.1 xorg-x11-server-debuginfo-1.20.3-14.5.19.1 xorg-x11-server-debugsource-1.20.3-14.5.19.1 xorg-x11-server-extra-1.20.3-14.5.19.1 xorg-x11-server-extra-debuginfo-1.20.3-14.5.19.1 xorg-x11-server-sdk-1.20.3-14.5.19.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): xorg-x11-server-1.20.3-14.5.19.1 xorg-x11-server-debuginfo-1.20.3-14.5.19.1 xorg-x11-server-debugsource-1.20.3-14.5.19.1 xorg-x11-server-extra-1.20.3-14.5.19.1 xorg-x11-server-extra-debuginfo-1.20.3-14.5.19.1 xorg-x11-server-sdk-1.20.3-14.5.19.1 - SUSE CaaS Platform 4.0 (x86_64): xorg-x11-server-1.20.3-14.5.19.1 xorg-x11-server-debuginfo-1.20.3-14.5.19.1 xorg-x11-server-debugsource-1.20.3-14.5.19.1 xorg-x11-server-extra-1.20.3-14.5.19.1 xorg-x11-server-extra-debuginfo-1.20.3-14.5.19.1 xorg-x11-server-sdk-1.20.3-14.5.19.1 References: https://www.suse.com/security/cve/CVE-2021-4008.html https://bugzilla.suse.com/1193030 From sle-updates at lists.suse.com Tue Dec 14 17:23:41 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Dec 2021 18:23:41 +0100 (CET) Subject: SUSE-SU-2021:14863-1: important: Security update for xorg-x11-server Message-ID: <20211214172341.68E88FD0A@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14863-1 Rating: important References: #1193030 Cross-References: CVE-2021-4008 CVSS scores: CVE-2021-4008 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2021-4008: Fixed Privilege Escalation Vulnerability via Out-Of-Bounds Access in SProcRenderCompositeGlyphs (bsc#1193030). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-xorg-x11-server-14863=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-xorg-x11-server-14863=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xorg-x11-server-14863=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-xorg-x11-server-14863=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): xorg-x11-Xvnc-7.4-27.122.43.1 xorg-x11-server-7.4-27.122.43.1 xorg-x11-server-extra-7.4-27.122.43.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): xorg-x11-Xvnc-7.4-27.122.43.1 xorg-x11-server-7.4-27.122.43.1 xorg-x11-server-extra-7.4-27.122.43.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): xorg-x11-server-debuginfo-7.4-27.122.43.1 xorg-x11-server-debugsource-7.4-27.122.43.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): xorg-x11-server-debuginfo-7.4-27.122.43.1 xorg-x11-server-debugsource-7.4-27.122.43.1 References: https://www.suse.com/security/cve/CVE-2021-4008.html https://bugzilla.suse.com/1193030 From sle-updates at lists.suse.com Tue Dec 14 17:25:02 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Dec 2021 18:25:02 +0100 (CET) Subject: SUSE-SU-2021:4059-1: moderate: Security update for runc Message-ID: <20211214172502.864F5FD0A@maintenance.suse.de> SUSE Security Update: Security update for runc ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:4059-1 Rating: moderate References: #1193436 Cross-References: CVE-2021-43784 CVSS scores: CVE-2021-43784 (NVD) : 6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for runc fixes the following issues: Update to runc v1.0.3. * CVE-2021-43784: Fixed a potential vulnerability related to the internal usage of netlink, which is believed to not be exploitable with any released versions of runc (bsc#1193436) * Fixed inability to start a container with read-write bind mount of a read-only fuse host mount. * Fixed inability to start when read-only /dev in set in spec. * Fixed not removing sub-cgroups upon container delete, when rootless cgroup v2 is used with older systemd. * Fixed returning error from GetStats when hugetlb is unsupported (which causes excessive logging for kubernetes). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2021-4059=1 Package List: - SUSE Linux Enterprise Module for Containers 12 (ppc64le s390x x86_64): runc-1.0.3-16.18.1 runc-debuginfo-1.0.3-16.18.1 References: https://www.suse.com/security/cve/CVE-2021-43784.html https://bugzilla.suse.com/1193436 From sle-updates at lists.suse.com Tue Dec 14 17:26:19 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Dec 2021 18:26:19 +0100 (CET) Subject: SUSE-SU-2021:4069-1: important: Security update for xorg-x11-server Message-ID: <20211214172619.B46ECFD0A@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:4069-1 Rating: important References: #1193030 Cross-References: CVE-2021-4008 CVSS scores: CVE-2021-4008 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2021-4008: Fixed Privilege Escalation Vulnerability via Out-Of-Bounds Access in SProcRenderCompositeGlyphs (bsc#1193030). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-4069=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-4069=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-4069=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-4069=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-4069=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-4069=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-4069=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): xorg-x11-server-7.6_1.18.3-76.43.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.43.1 xorg-x11-server-debugsource-7.6_1.18.3-76.43.1 xorg-x11-server-extra-7.6_1.18.3-76.43.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.43.1 - SUSE OpenStack Cloud 8 (x86_64): xorg-x11-server-7.6_1.18.3-76.43.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.43.1 xorg-x11-server-debugsource-7.6_1.18.3-76.43.1 xorg-x11-server-extra-7.6_1.18.3-76.43.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.43.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): xorg-x11-server-7.6_1.18.3-76.43.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.43.1 xorg-x11-server-debugsource-7.6_1.18.3-76.43.1 xorg-x11-server-extra-7.6_1.18.3-76.43.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.43.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): xorg-x11-server-7.6_1.18.3-76.43.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.43.1 xorg-x11-server-debugsource-7.6_1.18.3-76.43.1 xorg-x11-server-extra-7.6_1.18.3-76.43.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.43.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): xorg-x11-server-7.6_1.18.3-76.43.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.43.1 xorg-x11-server-debugsource-7.6_1.18.3-76.43.1 xorg-x11-server-extra-7.6_1.18.3-76.43.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.43.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): xorg-x11-server-7.6_1.18.3-76.43.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.43.1 xorg-x11-server-debugsource-7.6_1.18.3-76.43.1 xorg-x11-server-extra-7.6_1.18.3-76.43.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.43.1 - HPE Helion Openstack 8 (x86_64): xorg-x11-server-7.6_1.18.3-76.43.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.43.1 xorg-x11-server-debugsource-7.6_1.18.3-76.43.1 xorg-x11-server-extra-7.6_1.18.3-76.43.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.43.1 References: https://www.suse.com/security/cve/CVE-2021-4008.html https://bugzilla.suse.com/1193030 From sle-updates at lists.suse.com Tue Dec 14 17:27:38 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Dec 2021 18:27:38 +0100 (CET) Subject: SUSE-SU-2021:4060-1: moderate: Security update for gettext-runtime Message-ID: <20211214172738.F05BDFD0A@maintenance.suse.de> SUSE Security Update: Security update for gettext-runtime ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:4060-1 Rating: moderate References: #1113719 Cross-References: CVE-2018-18751 CVSS scores: CVE-2018-18751 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-18751 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gettext-runtime fixes the following issues: - CVE-2018-18751: Fixed a double free (bsc#1113719) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-4060=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): gettext-runtime-0.19.2-3.3.6 gettext-runtime-debuginfo-0.19.2-3.3.6 gettext-runtime-debugsource-0.19.2-3.3.6 gettext-tools-0.19.2-3.3.6 gettext-tools-debuginfo-0.19.2-3.3.6 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): gettext-runtime-32bit-0.19.2-3.3.6 gettext-runtime-debuginfo-32bit-0.19.2-3.3.6 References: https://www.suse.com/security/cve/CVE-2018-18751.html https://bugzilla.suse.com/1113719 From sle-updates at lists.suse.com Tue Dec 14 17:28:58 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Dec 2021 18:28:58 +0100 (CET) Subject: SUSE-SU-2021:4066-1: important: Security update for xorg-x11-server Message-ID: <20211214172858.06C3DFD0A@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:4066-1 Rating: important References: #1193030 Cross-References: CVE-2021-4008 CVSS scores: CVE-2021-4008 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2021-4008: Fixed Privilege Escalation Vulnerability via Out-Of-Bounds Access in SProcRenderCompositeGlyphs (bsc#1193030). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-4066=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-4066=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): xorg-x11-server-debuginfo-1.19.6-10.26.1 xorg-x11-server-debugsource-1.19.6-10.26.1 xorg-x11-server-sdk-1.19.6-10.26.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.19.6-10.26.1 xorg-x11-server-debuginfo-1.19.6-10.26.1 xorg-x11-server-debugsource-1.19.6-10.26.1 xorg-x11-server-extra-1.19.6-10.26.1 xorg-x11-server-extra-debuginfo-1.19.6-10.26.1 References: https://www.suse.com/security/cve/CVE-2021-4008.html https://bugzilla.suse.com/1193030 From sle-updates at lists.suse.com Tue Dec 14 17:31:35 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Dec 2021 18:31:35 +0100 (CET) Subject: SUSE-RU-2021:4062-1: moderate: Recommended update for yast2-python-bindings Message-ID: <20211214173135.65587FD0A@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-python-bindings ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4062-1 Rating: moderate References: #1181595 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-python-bindings fixes the following issues: - Fix backtrace formatting for Python exceptions (bsc#1181595). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-4062=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-4062=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): yast2-python-bindings-debuginfo-4.2.0-3.3.1 yast2-python-bindings-debugsource-4.2.0-3.3.1 yast2-python3-bindings-4.2.0-3.3.1 yast2-python3-bindings-debuginfo-4.2.0-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): yast2-python-bindings-debuginfo-4.2.0-3.3.1 yast2-python-bindings-debugsource-4.2.0-3.3.1 yast2-python3-bindings-4.2.0-3.3.1 yast2-python3-bindings-debuginfo-4.2.0-3.3.1 References: https://bugzilla.suse.com/1181595 From sle-updates at lists.suse.com Tue Dec 14 17:32:55 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Dec 2021 18:32:55 +0100 (CET) Subject: SUSE-SU-2021:4070-1: important: Security update for xorg-x11-server Message-ID: <20211214173255.2092AFD0A@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:4070-1 Rating: important References: #1193030 Cross-References: CVE-2021-4008 CVSS scores: CVE-2021-4008 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2021-4008: Fixed Privilege Escalation Vulnerability via Out-Of-Bounds Access in SProcRenderCompositeGlyphs (bsc#1193030). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2021-4070=1 - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2021-4070=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-4070=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-4070=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-4070=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-4070=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): xorg-x11-server-debuginfo-1.20.3-22.5.39.1 xorg-x11-server-debugsource-1.20.3-22.5.39.1 xorg-x11-server-wayland-1.20.3-22.5.39.1 xorg-x11-server-wayland-debuginfo-1.20.3-22.5.39.1 - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): xorg-x11-server-debuginfo-1.20.3-22.5.39.1 xorg-x11-server-debugsource-1.20.3-22.5.39.1 xorg-x11-server-wayland-1.20.3-22.5.39.1 xorg-x11-server-wayland-debuginfo-1.20.3-22.5.39.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): xorg-x11-server-debuginfo-1.20.3-22.5.39.1 xorg-x11-server-debugsource-1.20.3-22.5.39.1 xorg-x11-server-sdk-1.20.3-22.5.39.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): xorg-x11-server-debuginfo-1.20.3-22.5.39.1 xorg-x11-server-debugsource-1.20.3-22.5.39.1 xorg-x11-server-sdk-1.20.3-22.5.39.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.20.3-22.5.39.1 xorg-x11-server-debuginfo-1.20.3-22.5.39.1 xorg-x11-server-debugsource-1.20.3-22.5.39.1 xorg-x11-server-extra-1.20.3-22.5.39.1 xorg-x11-server-extra-debuginfo-1.20.3-22.5.39.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.20.3-22.5.39.1 xorg-x11-server-debuginfo-1.20.3-22.5.39.1 xorg-x11-server-debugsource-1.20.3-22.5.39.1 xorg-x11-server-extra-1.20.3-22.5.39.1 xorg-x11-server-extra-debuginfo-1.20.3-22.5.39.1 References: https://www.suse.com/security/cve/CVE-2021-4008.html https://bugzilla.suse.com/1193030 From sle-updates at lists.suse.com Tue Dec 14 17:34:17 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Dec 2021 18:34:17 +0100 (CET) Subject: SUSE-SU-2021:4065-1: important: Security update for xorg-x11-server Message-ID: <20211214173417.3668AFD0A@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:4065-1 Rating: important References: #1193030 Cross-References: CVE-2021-4008 CVSS scores: CVE-2021-4008 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2021-4008: Fixed Privilege Escalation Vulnerability via Out-Of-Bounds Access in SProcRenderCompositeGlyphs (bsc#1193030). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-4065=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-4065=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-4065=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-4065=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): xorg-x11-server-1.19.6-8.33.1 xorg-x11-server-debuginfo-1.19.6-8.33.1 xorg-x11-server-debugsource-1.19.6-8.33.1 xorg-x11-server-extra-1.19.6-8.33.1 xorg-x11-server-extra-debuginfo-1.19.6-8.33.1 xorg-x11-server-sdk-1.19.6-8.33.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): xorg-x11-server-1.19.6-8.33.1 xorg-x11-server-debuginfo-1.19.6-8.33.1 xorg-x11-server-debugsource-1.19.6-8.33.1 xorg-x11-server-extra-1.19.6-8.33.1 xorg-x11-server-extra-debuginfo-1.19.6-8.33.1 xorg-x11-server-sdk-1.19.6-8.33.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): xorg-x11-server-1.19.6-8.33.1 xorg-x11-server-debuginfo-1.19.6-8.33.1 xorg-x11-server-debugsource-1.19.6-8.33.1 xorg-x11-server-extra-1.19.6-8.33.1 xorg-x11-server-extra-debuginfo-1.19.6-8.33.1 xorg-x11-server-sdk-1.19.6-8.33.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): xorg-x11-server-1.19.6-8.33.1 xorg-x11-server-debuginfo-1.19.6-8.33.1 xorg-x11-server-debugsource-1.19.6-8.33.1 xorg-x11-server-extra-1.19.6-8.33.1 xorg-x11-server-extra-debuginfo-1.19.6-8.33.1 xorg-x11-server-sdk-1.19.6-8.33.1 References: https://www.suse.com/security/cve/CVE-2021-4008.html https://bugzilla.suse.com/1193030 From sle-updates at lists.suse.com Tue Dec 14 17:35:34 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Dec 2021 18:35:34 +0100 (CET) Subject: SUSE-RU-2021:14862-1: Recommended update for libsatsolver and libzypp Message-ID: <20211214173534.83A83FD0A@maintenance.suse.de> SUSE Recommended Update: Recommended update for libsatsolver and libzypp ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:14862-1 Rating: low References: #1152078 MSC-253 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that has one recommended fix and contains one feature can now be installed. Description: This update for libzypp fixes the following issues: - Fixes an issue where an update for MozillaFirefox was not identified correctly (bsc#1152078) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-libzypp-14862=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-libzypp-14862=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-libzypp-14862=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): libzypp-9.41.1-20.7.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libzypp-9.41.1-20.7.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): libzypp-debuginfo-9.41.1-20.7.1 libzypp-debugsource-9.41.1-20.7.1 References: https://bugzilla.suse.com/1152078 From sle-updates at lists.suse.com Tue Dec 14 17:36:54 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Dec 2021 18:36:54 +0100 (CET) Subject: SUSE-SU-2021:4063-1: important: Security update for icu.691 Message-ID: <20211214173654.E12DEFD0A@maintenance.suse.de> SUSE Security Update: Security update for icu.691 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:4063-1 Rating: important References: #1158955 #1159131 #1161007 #1162882 #1167603 #1182252 #1182645 SLE-17893 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that contains security fixes and contains one feature can now be installed. Description: This update for icu.691 fixes the following issues: - Renamed package from icu 69.1 for SUSE:SLE-15-SP3:Update. (jsc#SLE-17893) - Fix undefined behaviour in 'ComplexUnitsConverter::applyRounder' - Update to release 69.1 - For Norwegian, "no" is back to being the canonical code, with "nb" treated as equivalent. This aligns handling of Norwegian with other macro language codes. - Binary prefixes in measurement units (KiB, MiB, etc.) - Time zone offsets from local time with new APIs. - Don't disable testsuite under 'qemu-linux-user' - Fixed an issue when ICU test on 'aarch64 fails. (bsc#1182645) - Drop 'SUSE_ASNEEDED' as the issue was in binutils. (bsc#1182252) - Fix 'pthread' dependency issue. (bsc#1182252) - Update to release 68.2 - Fix memory problem in 'FormattedStringBuilder' - Fix assertion when 'setKeywordValue w/' long value. - Fix UBSan breakage on 8bit of rbbi - fix int32_t overflow in listFormat - Fix memory handling in MemoryPool::operator=() - Fix memory leak in AliasReplacer - Add back icu.keyring. - Update to release 68.1 - PluralRules selection for ranges of numbers - Locale ID canonicalization now conforms to the CLDR spec including edge cases - DateIntervalFormat supports output options such as capitalization - Measurement units are normalized in skeleton string output - Time zone data (tzdata) version 2020d - Add the provides for libicu to Make .Net core can install successfully. (bsc#1167603, bsc#1161007) - Update to version 67.1 - Unicode 13 (ICU-20893, same as in ICU 66) - Total of 5930 new characters - 4 new scripts - 55 new emoji characters, plus additional new sequences - New CJK extension, first characters in plane 3: U+30000..U+3134A - New language at Modern coverage: Nigerian Pidgin - New languages at Basic coverage: Fulah (Adlam), Maithili, Manipuri, Santali, Sindhi (Devanagari), Sundanese - Region containment: EU no longer includes GB - Unicode 13 root collation data and Chinese data for collation and transliteration - DateTimePatternGenerator now obeys the "hc" preference in the locale identifier - Various other improvements for ECMA-402 conformance - Number skeletons have a new "concise" form that can be used in MessageFormat strings - Currency formatting options for formal and other currency display name variants - ListFormatter: new public API to select the style & type - ListFormatter now selects the proper ???and???/???or??? form for Spanish & Hebrew. - Locale ID canonicalization upgraded to implement the complete CLDR spec. - LocaleMatcher: New option to ignore one-way matches - acceptLanguage() reimplemented via LocaleMatcher - Data build tool: tzdbNames.res moved from the "zone_tree" category to the "zone_supplemental" category - Fixed uses of u8"literals" broken by the C++20 introduction of the incompatible char8_t type - and added a few API overloads to reduce the need for reinterpret_cast. - Support for manipulating CLDR 37 unit identifiers in MeasureUnit. - Drop icu-versioning. (bsc#1159131) - Update to version 66.1 - Unicode 13 support - Fix uses of u8"literals" broken by C++20 introduction of incompatible char8_t type. - Fixed an issue when Qt apps can't handle non-ASCII filesystem path. ([bsc#1162882) - Remove '/usr/lib(64)/icu/current'. (bsc#1158955) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-4063=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): icu.691-69.1-7.3.2 icu.691-debuginfo-69.1-7.3.2 icu.691-debugsource-69.1-7.3.2 icu.691-devel-69.1-7.3.2 icu.691-doc-69.1-7.3.2 libicu69-69.1-7.3.2 libicu69-debuginfo-69.1-7.3.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): libicu69-bedata-69.1-7.3.2 libicu69-ledata-69.1-7.3.2 References: https://bugzilla.suse.com/1158955 https://bugzilla.suse.com/1159131 https://bugzilla.suse.com/1161007 https://bugzilla.suse.com/1162882 https://bugzilla.suse.com/1167603 https://bugzilla.suse.com/1182252 https://bugzilla.suse.com/1182645 From sle-updates at lists.suse.com Tue Dec 14 20:17:01 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Dec 2021 21:17:01 +0100 (CET) Subject: SUSE-SU-2021:4090-1: important: Security update for the Linux Kernel (Live Patch 15 for SLE 15 SP2) Message-ID: <20211214201701.19DE5FD0A@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 15 for SLE 15 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:4090-1 Rating: important References: #1191813 #1192048 Cross-References: CVE-2021-0941 CVE-2021-20322 CVSS scores: CVE-2021-0941 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-20322 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-24_53_4 fixes several issues. The following security issues were fixed: - CVE-2021-0941: In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192045). - CVE-2021-20322: Make the ipv4 and ipv6 ICMP exception caches less predictive to avoid information leaks about UDP ports in use. (bsc#1191790) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2021-4086=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-4089=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-4090=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-4091=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-4092=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-24_43-default-14-2.2 kernel-livepatch-5_3_18-24_43-default-debuginfo-14-2.2 kernel-livepatch-5_3_18-24_46-default-14-2.2 kernel-livepatch-5_3_18-24_46-default-debuginfo-14-2.2 kernel-livepatch-5_3_18-24_49-default-13-2.2 kernel-livepatch-5_3_18-24_49-default-debuginfo-13-2.2 kernel-livepatch-5_3_18-24_52-default-12-2.2 kernel-livepatch-5_3_18-24_52-default-debuginfo-12-2.2 kernel-livepatch-5_3_18-24_53_4-default-7-2.1 kernel-livepatch-5_3_18-24_53_4-default-debuginfo-7-2.1 kernel-livepatch-SLE15-SP2_Update_10-debugsource-13-2.2 kernel-livepatch-SLE15-SP2_Update_11-debugsource-12-2.2 kernel-livepatch-SLE15-SP2_Update_15-debugsource-7-2.1 kernel-livepatch-SLE15-SP2_Update_8-debugsource-14-2.2 kernel-livepatch-SLE15-SP2_Update_9-debugsource-14-2.2 References: https://www.suse.com/security/cve/CVE-2021-0941.html https://www.suse.com/security/cve/CVE-2021-20322.html https://bugzilla.suse.com/1191813 https://bugzilla.suse.com/1192048 From sle-updates at lists.suse.com Tue Dec 14 20:20:24 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 14 Dec 2021 21:20:24 +0100 (CET) Subject: SUSE-SU-2021:4075-1: important: Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP3) Message-ID: <20211214202024.9AC8BFD0A@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:4075-1 Rating: important References: #1191813 Cross-References: CVE-2021-20322 CVSS scores: CVE-2021-20322 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Module for Live Patching 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 5.3.18-59_24 fixes one issue. The following security issue was fixed: - CVE-2021-20322: Make the ipv4 and ipv6 ICMP exception caches less predictive to avoid information leaks about UDP ports in use. (bsc#1191790) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2021-4073=1 SUSE-SLE-Module-Live-Patching-15-SP3-2021-4074=1 SUSE-SLE-Module-Live-Patching-15-SP3-2021-4075=1 SUSE-SLE-Module-Live-Patching-15-SP3-2021-4076=1 SUSE-SLE-Module-Live-Patching-15-SP3-2021-4077=1 SUSE-SLE-Module-Live-Patching-15-SP3-2021-4078=1 SUSE-SLE-Module-Live-Patching-15-SP3-2021-4079=1 SUSE-SLE-Module-Live-Patching-15-SP3-2021-4080=1 - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2021-4072=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-4081=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-4082=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-4083=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-4084=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-4085=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-4087=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-4088=1 SUSE-SLE-Module-Live-Patching-15-SP2-2021-4093=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-59_10-default-7-2.1 kernel-livepatch-5_3_18-59_10-default-debuginfo-7-2.1 kernel-livepatch-5_3_18-59_13-default-7-2.1 kernel-livepatch-5_3_18-59_13-default-debuginfo-7-2.1 kernel-livepatch-5_3_18-59_16-default-6-2.1 kernel-livepatch-5_3_18-59_16-default-debuginfo-6-2.1 kernel-livepatch-5_3_18-59_19-default-5-2.1 kernel-livepatch-5_3_18-59_19-default-debuginfo-5-2.1 kernel-livepatch-5_3_18-59_24-default-3-2.1 kernel-livepatch-5_3_18-59_24-default-debuginfo-3-2.1 kernel-livepatch-5_3_18-59_27-default-3-2.1 kernel-livepatch-5_3_18-59_27-default-debuginfo-3-2.1 kernel-livepatch-5_3_18-59_34-default-2-2.1 kernel-livepatch-5_3_18-59_34-default-debuginfo-2-2.1 kernel-livepatch-5_3_18-59_5-default-7-2.1 kernel-livepatch-5_3_18-59_5-default-debuginfo-7-2.1 kernel-livepatch-SLE15-SP3_Update_1-debugsource-7-2.1 kernel-livepatch-SLE15-SP3_Update_2-debugsource-7-2.1 kernel-livepatch-SLE15-SP3_Update_3-debugsource-7-2.1 kernel-livepatch-SLE15-SP3_Update_4-debugsource-6-2.1 kernel-livepatch-SLE15-SP3_Update_5-debugsource-5-2.1 kernel-livepatch-SLE15-SP3_Update_6-debugsource-3-2.1 kernel-livepatch-SLE15-SP3_Update_7-debugsource-3-2.1 kernel-livepatch-SLE15-SP3_Update_9-debugsource-2-2.1 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-24_61-default-9-2.1 kernel-livepatch-5_3_18-24_61-default-debuginfo-9-2.1 kernel-livepatch-5_3_18-24_64-default-9-2.1 kernel-livepatch-5_3_18-24_64-default-debuginfo-9-2.1 kernel-livepatch-5_3_18-24_67-default-7-2.1 kernel-livepatch-5_3_18-24_67-default-debuginfo-7-2.1 kernel-livepatch-5_3_18-24_70-default-7-2.1 kernel-livepatch-5_3_18-24_70-default-debuginfo-7-2.1 kernel-livepatch-5_3_18-24_75-default-6-2.1 kernel-livepatch-5_3_18-24_75-default-debuginfo-6-2.1 kernel-livepatch-5_3_18-24_78-default-5-2.1 kernel-livepatch-5_3_18-24_78-default-debuginfo-5-2.1 kernel-livepatch-5_3_18-24_83-default-3-2.1 kernel-livepatch-5_3_18-24_83-default-debuginfo-3-2.1 kernel-livepatch-5_3_18-24_86-default-3-2.1 kernel-livepatch-5_3_18-24_86-default-debuginfo-3-2.1 kernel-livepatch-5_3_18-24_93-default-2-2.1 kernel-livepatch-5_3_18-24_93-default-debuginfo-2-2.1 kernel-livepatch-SLE15-SP2_Update_12-debugsource-9-2.1 kernel-livepatch-SLE15-SP2_Update_13-debugsource-9-2.1 kernel-livepatch-SLE15-SP2_Update_14-debugsource-7-2.1 kernel-livepatch-SLE15-SP2_Update_16-debugsource-7-2.1 kernel-livepatch-SLE15-SP2_Update_17-debugsource-6-2.1 kernel-livepatch-SLE15-SP2_Update_18-debugsource-5-2.1 kernel-livepatch-SLE15-SP2_Update_19-debugsource-3-2.1 kernel-livepatch-SLE15-SP2_Update_20-debugsource-3-2.1 kernel-livepatch-SLE15-SP2_Update_21-debugsource-2-2.1 References: https://www.suse.com/security/cve/CVE-2021-20322.html https://bugzilla.suse.com/1191813 From sle-updates at lists.suse.com Wed Dec 15 07:54:54 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Dec 2021 08:54:54 +0100 (CET) Subject: SUSE-CU-2021:584-1: Recommended update of suse/sles12sp5 Message-ID: <20211215075454.9DC7CFD10@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:584-1 Container Tags : suse/sles12sp5:6.5.273 , suse/sles12sp5:latest Container Release : 6.5.273 Severity : moderate Type : recommended References : 1192688 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4006-1 Released: Mon Dec 13 11:22:59 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1192688 This update for zlib fixes the following issues: - Fix hardware compression incorrect result on z15 hardware (bsc#1192688) The following package changes have been done: - libz1-1.2.11-11.15.1 updated From sle-updates at lists.suse.com Wed Dec 15 08:13:10 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Dec 2021 09:13:10 +0100 (CET) Subject: SUSE-CU-2021:585-1: Recommended update of suse/sle15 Message-ID: <20211215081310.06D24FD2F@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:585-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.546 Container Release : 6.2.546 Severity : moderate Type : recommended References : 1180995 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4017-1 Released: Tue Dec 14 07:26:55 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1180995 This update for openssl-1_1 fixes the following issues: - Add RFC3526 and RFC7919 groups to 'openssl genpkey' so that it can output FIPS-appropriate parameters consistently with our other codestreams (bsc#1180995) The following package changes have been done: - libopenssl1_1-1.1.0i-14.24.3 updated - openssl-1_1-1.1.0i-14.24.3 updated From sle-updates at lists.suse.com Wed Dec 15 14:16:56 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Dec 2021 15:16:56 +0100 (CET) Subject: SUSE-SU-2021:4096-1: critical: Security update for storm Message-ID: <20211215141656.46237FD2F@maintenance.suse.de> SUSE Security Update: Security update for storm ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:4096-1 Rating: critical References: #1193611 #1193641 #1193662 Cross-References: CVE-2021-4104 CVE-2021-44228 CVSS scores: CVE-2021-4104 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-44228 (NVD) : 10 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVE-2021-44228 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for storm fixes the following issues: - Remove JndiLookup from log4j 2.x jars during build to prevent "log4shell" code injection. (bsc#1193641, bsc#1193611, CVE-2021-44228) - Remove JMSAppender from log4j 1.2.x jars during build to prevent attacks when JMS is enabled (bsc#1193641, bsc#1193662, CVE-2021-4104) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-4096=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-4096=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-4096=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): storm-1.2.3-3.8.2 storm-nimbus-1.2.3-3.8.2 storm-supervisor-1.2.3-3.8.2 - SUSE OpenStack Cloud 8 (noarch): venv-openstack-monasca-x86_64-2.2.2~dev1-11.32.1 - SUSE OpenStack Cloud 8 (x86_64): storm-1.2.3-3.8.2 storm-nimbus-1.2.3-3.8.2 storm-supervisor-1.2.3-3.8.2 - HPE Helion Openstack 8 (noarch): venv-openstack-monasca-x86_64-2.2.2~dev1-11.32.1 - HPE Helion Openstack 8 (x86_64): storm-1.2.3-3.8.2 storm-nimbus-1.2.3-3.8.2 storm-supervisor-1.2.3-3.8.2 References: https://www.suse.com/security/cve/CVE-2021-4104.html https://www.suse.com/security/cve/CVE-2021-44228.html https://bugzilla.suse.com/1193611 https://bugzilla.suse.com/1193641 https://bugzilla.suse.com/1193662 From sle-updates at lists.suse.com Wed Dec 15 14:18:23 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Dec 2021 15:18:23 +0100 (CET) Subject: SUSE-SU-2021:4097-1: critical: Security update for storm-kit Message-ID: <20211215141823.84249FD2F@maintenance.suse.de> SUSE Security Update: Security update for storm-kit ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:4097-1 Rating: critical References: #1193611 #1193641 #1193662 Cross-References: CVE-2021-4104 CVE-2021-44228 CVSS scores: CVE-2021-4104 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-44228 (NVD) : 10 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVE-2021-44228 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for storm-kit fixes the following issues: - Remove JndiLookup from log4j 2.x jars during build to prevent "log4shell" code injection. (bsc#1193641, bsc#1193611, CVE-2021-44228) - Remove JMSAppender from log4j 1.2.x jars during build to prevent attacks when JMS is enabled (bsc#1193641, bsc#1193662, CVE-2021-4104) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-4097=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-4097=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): storm-1.2.3-3.5.1 storm-nimbus-1.2.3-3.5.1 storm-supervisor-1.2.3-3.5.1 - SUSE OpenStack Cloud 9 (noarch): venv-openstack-monasca-x86_64-2.7.1~dev10-3.25.1 - SUSE OpenStack Cloud 9 (x86_64): storm-1.2.3-3.5.1 storm-nimbus-1.2.3-3.5.1 storm-supervisor-1.2.3-3.5.1 References: https://www.suse.com/security/cve/CVE-2021-4104.html https://www.suse.com/security/cve/CVE-2021-44228.html https://bugzilla.suse.com/1193611 https://bugzilla.suse.com/1193641 https://bugzilla.suse.com/1193662 From sle-updates at lists.suse.com Wed Dec 15 14:19:51 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Dec 2021 15:19:51 +0100 (CET) Subject: SUSE-RU-2021:4095-1: important: Recommended update for samba Message-ID: <20211215141952.080CCFD2F@maintenance.suse.de> SUSE Recommended Update: Recommended update for samba ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4095-1 Rating: important References: #1192849 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise High Availability 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for samba fixes the following issues: The username map advice from the CVE-2020-25717 advisory note has undesired side effects for the local nt token. Fallback to a SID/UID based mapping if the name based lookup fails (bsc#1192849). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-4095=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-4095=1 - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2021-4095=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libndr-devel-4.10.18+git.344.93a2ffaacec-3.44.2 libndr-krb5pac-devel-4.10.18+git.344.93a2ffaacec-3.44.2 libndr-nbt-devel-4.10.18+git.344.93a2ffaacec-3.44.2 libndr-standard-devel-4.10.18+git.344.93a2ffaacec-3.44.2 libsamba-util-devel-4.10.18+git.344.93a2ffaacec-3.44.2 libsmbclient-devel-4.10.18+git.344.93a2ffaacec-3.44.2 libwbclient-devel-4.10.18+git.344.93a2ffaacec-3.44.2 samba-core-devel-4.10.18+git.344.93a2ffaacec-3.44.2 samba-debuginfo-4.10.18+git.344.93a2ffaacec-3.44.2 samba-debugsource-4.10.18+git.344.93a2ffaacec-3.44.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.10.18+git.344.93a2ffaacec-3.44.2 libdcerpc-binding0-debuginfo-4.10.18+git.344.93a2ffaacec-3.44.2 libdcerpc0-4.10.18+git.344.93a2ffaacec-3.44.2 libdcerpc0-debuginfo-4.10.18+git.344.93a2ffaacec-3.44.2 libndr-krb5pac0-4.10.18+git.344.93a2ffaacec-3.44.2 libndr-krb5pac0-debuginfo-4.10.18+git.344.93a2ffaacec-3.44.2 libndr-nbt0-4.10.18+git.344.93a2ffaacec-3.44.2 libndr-nbt0-debuginfo-4.10.18+git.344.93a2ffaacec-3.44.2 libndr-standard0-4.10.18+git.344.93a2ffaacec-3.44.2 libndr-standard0-debuginfo-4.10.18+git.344.93a2ffaacec-3.44.2 libndr0-4.10.18+git.344.93a2ffaacec-3.44.2 libndr0-debuginfo-4.10.18+git.344.93a2ffaacec-3.44.2 libnetapi0-4.10.18+git.344.93a2ffaacec-3.44.2 libnetapi0-debuginfo-4.10.18+git.344.93a2ffaacec-3.44.2 libsamba-credentials0-4.10.18+git.344.93a2ffaacec-3.44.2 libsamba-credentials0-debuginfo-4.10.18+git.344.93a2ffaacec-3.44.2 libsamba-errors0-4.10.18+git.344.93a2ffaacec-3.44.2 libsamba-errors0-debuginfo-4.10.18+git.344.93a2ffaacec-3.44.2 libsamba-hostconfig0-4.10.18+git.344.93a2ffaacec-3.44.2 libsamba-hostconfig0-debuginfo-4.10.18+git.344.93a2ffaacec-3.44.2 libsamba-passdb0-4.10.18+git.344.93a2ffaacec-3.44.2 libsamba-passdb0-debuginfo-4.10.18+git.344.93a2ffaacec-3.44.2 libsamba-util0-4.10.18+git.344.93a2ffaacec-3.44.2 libsamba-util0-debuginfo-4.10.18+git.344.93a2ffaacec-3.44.2 libsamdb0-4.10.18+git.344.93a2ffaacec-3.44.2 libsamdb0-debuginfo-4.10.18+git.344.93a2ffaacec-3.44.2 libsmbclient0-4.10.18+git.344.93a2ffaacec-3.44.2 libsmbclient0-debuginfo-4.10.18+git.344.93a2ffaacec-3.44.2 libsmbconf0-4.10.18+git.344.93a2ffaacec-3.44.2 libsmbconf0-debuginfo-4.10.18+git.344.93a2ffaacec-3.44.2 libsmbldap2-4.10.18+git.344.93a2ffaacec-3.44.2 libsmbldap2-debuginfo-4.10.18+git.344.93a2ffaacec-3.44.2 libtevent-util0-4.10.18+git.344.93a2ffaacec-3.44.2 libtevent-util0-debuginfo-4.10.18+git.344.93a2ffaacec-3.44.2 libwbclient0-4.10.18+git.344.93a2ffaacec-3.44.2 libwbclient0-debuginfo-4.10.18+git.344.93a2ffaacec-3.44.2 samba-4.10.18+git.344.93a2ffaacec-3.44.2 samba-client-4.10.18+git.344.93a2ffaacec-3.44.2 samba-client-debuginfo-4.10.18+git.344.93a2ffaacec-3.44.2 samba-debuginfo-4.10.18+git.344.93a2ffaacec-3.44.2 samba-debugsource-4.10.18+git.344.93a2ffaacec-3.44.2 samba-libs-4.10.18+git.344.93a2ffaacec-3.44.2 samba-libs-debuginfo-4.10.18+git.344.93a2ffaacec-3.44.2 samba-libs-python3-4.10.18+git.344.93a2ffaacec-3.44.2 samba-libs-python3-debuginfo-4.10.18+git.344.93a2ffaacec-3.44.2 samba-winbind-4.10.18+git.344.93a2ffaacec-3.44.2 samba-winbind-debuginfo-4.10.18+git.344.93a2ffaacec-3.44.2 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libdcerpc-binding0-32bit-4.10.18+git.344.93a2ffaacec-3.44.2 libdcerpc-binding0-debuginfo-32bit-4.10.18+git.344.93a2ffaacec-3.44.2 libdcerpc0-32bit-4.10.18+git.344.93a2ffaacec-3.44.2 libdcerpc0-debuginfo-32bit-4.10.18+git.344.93a2ffaacec-3.44.2 libndr-krb5pac0-32bit-4.10.18+git.344.93a2ffaacec-3.44.2 libndr-krb5pac0-debuginfo-32bit-4.10.18+git.344.93a2ffaacec-3.44.2 libndr-nbt0-32bit-4.10.18+git.344.93a2ffaacec-3.44.2 libndr-nbt0-debuginfo-32bit-4.10.18+git.344.93a2ffaacec-3.44.2 libndr-standard0-32bit-4.10.18+git.344.93a2ffaacec-3.44.2 libndr-standard0-debuginfo-32bit-4.10.18+git.344.93a2ffaacec-3.44.2 libndr0-32bit-4.10.18+git.344.93a2ffaacec-3.44.2 libndr0-debuginfo-32bit-4.10.18+git.344.93a2ffaacec-3.44.2 libnetapi0-32bit-4.10.18+git.344.93a2ffaacec-3.44.2 libnetapi0-debuginfo-32bit-4.10.18+git.344.93a2ffaacec-3.44.2 libsamba-credentials0-32bit-4.10.18+git.344.93a2ffaacec-3.44.2 libsamba-credentials0-debuginfo-32bit-4.10.18+git.344.93a2ffaacec-3.44.2 libsamba-errors0-32bit-4.10.18+git.344.93a2ffaacec-3.44.2 libsamba-errors0-debuginfo-32bit-4.10.18+git.344.93a2ffaacec-3.44.2 libsamba-hostconfig0-32bit-4.10.18+git.344.93a2ffaacec-3.44.2 libsamba-hostconfig0-debuginfo-32bit-4.10.18+git.344.93a2ffaacec-3.44.2 libsamba-passdb0-32bit-4.10.18+git.344.93a2ffaacec-3.44.2 libsamba-passdb0-debuginfo-32bit-4.10.18+git.344.93a2ffaacec-3.44.2 libsamba-util0-32bit-4.10.18+git.344.93a2ffaacec-3.44.2 libsamba-util0-debuginfo-32bit-4.10.18+git.344.93a2ffaacec-3.44.2 libsamdb0-32bit-4.10.18+git.344.93a2ffaacec-3.44.2 libsamdb0-debuginfo-32bit-4.10.18+git.344.93a2ffaacec-3.44.2 libsmbclient0-32bit-4.10.18+git.344.93a2ffaacec-3.44.2 libsmbclient0-debuginfo-32bit-4.10.18+git.344.93a2ffaacec-3.44.2 libsmbconf0-32bit-4.10.18+git.344.93a2ffaacec-3.44.2 libsmbconf0-debuginfo-32bit-4.10.18+git.344.93a2ffaacec-3.44.2 libsmbldap2-32bit-4.10.18+git.344.93a2ffaacec-3.44.2 libsmbldap2-debuginfo-32bit-4.10.18+git.344.93a2ffaacec-3.44.2 libtevent-util0-32bit-4.10.18+git.344.93a2ffaacec-3.44.2 libtevent-util0-debuginfo-32bit-4.10.18+git.344.93a2ffaacec-3.44.2 libwbclient0-32bit-4.10.18+git.344.93a2ffaacec-3.44.2 libwbclient0-debuginfo-32bit-4.10.18+git.344.93a2ffaacec-3.44.2 samba-client-32bit-4.10.18+git.344.93a2ffaacec-3.44.2 samba-client-debuginfo-32bit-4.10.18+git.344.93a2ffaacec-3.44.2 samba-libs-32bit-4.10.18+git.344.93a2ffaacec-3.44.2 samba-libs-debuginfo-32bit-4.10.18+git.344.93a2ffaacec-3.44.2 samba-libs-python3-32bit-4.10.18+git.344.93a2ffaacec-3.44.2 samba-libs-python3-debuginfo-32bit-4.10.18+git.344.93a2ffaacec-3.44.2 samba-winbind-32bit-4.10.18+git.344.93a2ffaacec-3.44.2 samba-winbind-debuginfo-32bit-4.10.18+git.344.93a2ffaacec-3.44.2 - SUSE Linux Enterprise Server 12-SP5 (noarch): samba-doc-4.10.18+git.344.93a2ffaacec-3.44.2 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): ctdb-4.10.18+git.344.93a2ffaacec-3.44.2 ctdb-debuginfo-4.10.18+git.344.93a2ffaacec-3.44.2 samba-debuginfo-4.10.18+git.344.93a2ffaacec-3.44.2 samba-debugsource-4.10.18+git.344.93a2ffaacec-3.44.2 References: https://www.suse.com/security/cve/CVE-2020-25717.html https://bugzilla.suse.com/1192849 From sle-updates at lists.suse.com Wed Dec 15 17:17:07 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Dec 2021 18:17:07 +0100 (CET) Subject: SUSE-RU-2021:4100-1: moderate: Recommended update for susemanager-sync-data Message-ID: <20211215171707.87C76FD2F@maintenance.suse.de> SUSE Recommended Update: Recommended update for susemanager-sync-data ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4100-1 Rating: moderate References: Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for susemanager-sync-data fixes the following issues: Update susemanager-sync-data to version 4.1.17-1 - Add support for SUSE Linux Enterprise Server 15 SP2 LTSS Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2021-4100=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch): susemanager-sync-data-4.1.17-3.32.1 References: From sle-updates at lists.suse.com Wed Dec 15 17:18:16 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 15 Dec 2021 18:18:16 +0100 (CET) Subject: SUSE-SU-2021:4099-1: important: Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP3) Message-ID: <20211215171816.6D5F7FD2F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:4099-1 Rating: important References: #1191813 #1192048 Cross-References: CVE-2021-0941 CVE-2021-20322 CVSS scores: CVE-2021-0941 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-20322 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-57 fixes several issues. The following security issues were fixed: - CVE-2021-0941: In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192045). - CVE-2021-20322: Make the ipv4 and ipv6 ICMP exception caches less predictive to avoid information leaks about UDP ports in use. (bsc#1191790) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2021-4099=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-57-default-9-3.1 kernel-livepatch-5_3_18-57-default-debuginfo-9-3.1 kernel-livepatch-SLE15-SP3_Update_0-debugsource-9-3.1 References: https://www.suse.com/security/cve/CVE-2021-0941.html https://www.suse.com/security/cve/CVE-2021-20322.html https://bugzilla.suse.com/1191813 https://bugzilla.suse.com/1192048 From sle-updates at lists.suse.com Thu Dec 16 02:17:42 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Dec 2021 03:17:42 +0100 (CET) Subject: SUSE-FU-2021:4101-1: moderate: Feature update for kiwi-templates-JeOS Message-ID: <20211216021742.8D0C6FE20@maintenance.suse.de> SUSE Feature Update: Feature update for kiwi-templates-JeOS ______________________________________________________________________________ Announcement ID: SUSE-FU-2021:4101-1 Rating: moderate References: SLE-22705 SLE-23028 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP3 ______________________________________________________________________________ An update that has 0 feature fixes and contains two features can now be installed. Description: This feature update for kiwi-templates-JeOS fixes the following issues: - Install AppArmor pattern and audit (jsc#SLE-22705, jsc#SLE-23028) Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-4101=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): kiwi-templates-JeOS-15.3-4.4.1 References: From sle-updates at lists.suse.com Thu Dec 16 14:16:45 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Dec 2021 15:16:45 +0100 (CET) Subject: SUSE-RU-2021:4105-1: critical: Recommended update for release-notes-sles-for-sap Message-ID: <20211216141645.0B70AFC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles-for-sap ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4105-1 Rating: critical References: #933411 PM-3168 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP3 ______________________________________________________________________________ An update that has one recommended fix and contains one feature can now be installed. Description: This update for release-notes-sles-for-sap fixes the following issues: - 15.3.20211213 (tracked in bsc#933411) - Added technical preview disclaimer for Trento (jsc#PM-3168) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP3-2021-4105=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP3 (noarch): release-notes-sles-for-sap-15.3.20211213-3.9.1 References: https://bugzilla.suse.com/933411 From sle-updates at lists.suse.com Thu Dec 16 14:19:45 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Dec 2021 15:19:45 +0100 (CET) Subject: SUSE-RU-2021:4106-1: moderate: Recommended update for adcli Message-ID: <20211216141945.24CE4FC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for adcli ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4106-1 Rating: moderate References: SLE-21223 SLE-22893 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has 0 recommended fixes and contains two features can now be installed. Description: This update for adcli fixes the following issues: - Add 'dont-expire-password' option. (jsc#SLE-21223, jsc#SLE-22893) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-4106=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): adcli-0.8.2-3.14.1 adcli-debuginfo-0.8.2-3.14.1 adcli-debugsource-0.8.2-3.14.1 References: From sle-updates at lists.suse.com Thu Dec 16 14:20:56 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 16 Dec 2021 15:20:56 +0100 (CET) Subject: SUSE-SU-2021:4104-1: moderate: Security update for python3 Message-ID: <20211216142056.31A72FC9F@maintenance.suse.de> SUSE Security Update: Security update for python3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:4104-1 Rating: moderate References: #1180125 #1183374 #1183858 #1185588 #1187668 #1189241 #1189287 Cross-References: CVE-2021-3426 CVE-2021-3733 CVE-2021-3737 CVSS scores: CVE-2021-3426 (NVD) : 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-3426 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-3733 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-3737 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that solves three vulnerabilities and has four fixes is now available. Description: This update for python3 fixes the following issues: - CVE-2021-3426: Fixed information disclosure via pydoc (bsc#1183374). - CVE-2021-3733: Fixed infinitely reading potential HTTP headers after a 100 Continue status response from the server (bsc#1189241). - CVE-2021-3737: Fixed ReDoS in urllib.request (bsc#1189287). - We do not require python-rpm-macros package (bsc#1180125). - Use versioned python-Sphinx to avoid dependency on other version of Python (bsc#1183858). - Stop providing "python" symbol, which means python2 currently (bsc#1185588). - Modify Lib/ensurepip/__init__.py to contain the same version numbers as are in reality the ones in the bundled wheels (bsc#1187668). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-4104=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-4104=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): python3-core-debugsource-3.6.15-10.9.1 python3-tools-3.6.15-10.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.15-10.9.1 libpython3_6m1_0-debuginfo-3.6.15-10.9.1 python3-3.6.15-10.9.1 python3-base-3.6.15-10.9.1 python3-base-debuginfo-3.6.15-10.9.1 python3-core-debugsource-3.6.15-10.9.1 python3-curses-3.6.15-10.9.1 python3-curses-debuginfo-3.6.15-10.9.1 python3-dbm-3.6.15-10.9.1 python3-dbm-debuginfo-3.6.15-10.9.1 python3-debuginfo-3.6.15-10.9.1 python3-debugsource-3.6.15-10.9.1 python3-devel-3.6.15-10.9.1 python3-devel-debuginfo-3.6.15-10.9.1 python3-idle-3.6.15-10.9.1 python3-tk-3.6.15-10.9.1 python3-tk-debuginfo-3.6.15-10.9.1 References: https://www.suse.com/security/cve/CVE-2021-3426.html https://www.suse.com/security/cve/CVE-2021-3733.html https://www.suse.com/security/cve/CVE-2021-3737.html https://bugzilla.suse.com/1180125 https://bugzilla.suse.com/1183374 https://bugzilla.suse.com/1183858 https://bugzilla.suse.com/1185588 https://bugzilla.suse.com/1187668 https://bugzilla.suse.com/1189241 https://bugzilla.suse.com/1189287 From sle-updates at lists.suse.com Fri Dec 17 08:16:56 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Dec 2021 09:16:56 +0100 (CET) Subject: SUSE-RU-2021:4108-1: moderate: Recommended update for openssl-1_0_0 Message-ID: <20211217081656.79FA9FD0A@maintenance.suse.de> SUSE Recommended Update: Recommended update for openssl-1_0_0 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4108-1 Rating: moderate References: #1180995 #1190885 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for openssl-1_0_0 fixes the following issues: - Fix parameters by name ffdheXXXX and modp_XXXX sometimes result in "not found" (bsc#1190885) - Add RFC3526 and RFC7919 groups to 'openssl genpkey' so that it can output FIPS-appropriate parameter (bsc#1180995) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-4108=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-4108=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-4108=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-4108=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-4108=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-4108=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libopenssl-1_0_0-devel-1.0.2p-3.45.1 libopenssl1_0_0-1.0.2p-3.45.1 libopenssl1_0_0-32bit-1.0.2p-3.45.1 libopenssl1_0_0-debuginfo-1.0.2p-3.45.1 libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.45.1 libopenssl1_0_0-hmac-1.0.2p-3.45.1 libopenssl1_0_0-hmac-32bit-1.0.2p-3.45.1 openssl-1_0_0-1.0.2p-3.45.1 openssl-1_0_0-debuginfo-1.0.2p-3.45.1 openssl-1_0_0-debugsource-1.0.2p-3.45.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): openssl-1_0_0-doc-1.0.2p-3.45.1 - SUSE OpenStack Cloud 9 (x86_64): libopenssl-1_0_0-devel-1.0.2p-3.45.1 libopenssl1_0_0-1.0.2p-3.45.1 libopenssl1_0_0-32bit-1.0.2p-3.45.1 libopenssl1_0_0-debuginfo-1.0.2p-3.45.1 libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.45.1 libopenssl1_0_0-hmac-1.0.2p-3.45.1 libopenssl1_0_0-hmac-32bit-1.0.2p-3.45.1 openssl-1_0_0-1.0.2p-3.45.1 openssl-1_0_0-debuginfo-1.0.2p-3.45.1 openssl-1_0_0-debugsource-1.0.2p-3.45.1 - SUSE OpenStack Cloud 9 (noarch): openssl-1_0_0-doc-1.0.2p-3.45.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-3.45.1 openssl-1_0_0-debuginfo-1.0.2p-3.45.1 openssl-1_0_0-debugsource-1.0.2p-3.45.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libopenssl-1_0_0-devel-1.0.2p-3.45.1 libopenssl1_0_0-1.0.2p-3.45.1 libopenssl1_0_0-debuginfo-1.0.2p-3.45.1 libopenssl1_0_0-hmac-1.0.2p-3.45.1 openssl-1_0_0-1.0.2p-3.45.1 openssl-1_0_0-debuginfo-1.0.2p-3.45.1 openssl-1_0_0-debugsource-1.0.2p-3.45.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): openssl-1_0_0-doc-1.0.2p-3.45.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libopenssl1_0_0-32bit-1.0.2p-3.45.1 libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.45.1 libopenssl1_0_0-hmac-32bit-1.0.2p-3.45.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-3.45.1 libopenssl1_0_0-1.0.2p-3.45.1 libopenssl1_0_0-debuginfo-1.0.2p-3.45.1 libopenssl1_0_0-hmac-1.0.2p-3.45.1 openssl-1_0_0-1.0.2p-3.45.1 openssl-1_0_0-debuginfo-1.0.2p-3.45.1 openssl-1_0_0-debugsource-1.0.2p-3.45.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libopenssl1_0_0-32bit-1.0.2p-3.45.1 libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.45.1 libopenssl1_0_0-hmac-32bit-1.0.2p-3.45.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): openssl-1_0_0-doc-1.0.2p-3.45.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-3.45.1 libopenssl1_0_0-1.0.2p-3.45.1 libopenssl1_0_0-debuginfo-1.0.2p-3.45.1 libopenssl1_0_0-hmac-1.0.2p-3.45.1 openssl-1_0_0-1.0.2p-3.45.1 openssl-1_0_0-debuginfo-1.0.2p-3.45.1 openssl-1_0_0-debugsource-1.0.2p-3.45.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libopenssl1_0_0-32bit-1.0.2p-3.45.1 libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.45.1 libopenssl1_0_0-hmac-32bit-1.0.2p-3.45.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): openssl-1_0_0-doc-1.0.2p-3.45.1 References: https://bugzilla.suse.com/1180995 https://bugzilla.suse.com/1190885 From sle-updates at lists.suse.com Fri Dec 17 14:17:12 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Dec 2021 15:17:12 +0100 (CET) Subject: SUSE-SU-2021:14866-1: important: Security update for log4j Message-ID: <20211217141712.8508CFC9F@maintenance.suse.de> SUSE Security Update: Security update for log4j ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14866-1 Rating: important References: #1193662 Cross-References: CVE-2021-4104 CVSS scores: CVE-2021-4104 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for log4j fixes the following issues: - CVE-2021-4104: Disable the JMSAppender class from log4j to protect against the log4jshell vulnerability. [bsc#1193662] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-log4j-14866=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-log4j-14866=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (noarch): log4j-1.2.15-26.32.17.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (noarch): log4j-1.2.15-26.32.17.1 References: https://www.suse.com/security/cve/CVE-2021-4104.html https://bugzilla.suse.com/1193662 From sle-updates at lists.suse.com Fri Dec 17 14:21:19 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Dec 2021 15:21:19 +0100 (CET) Subject: SUSE-SU-2021:4112-1: important: Security update for log4j12 Message-ID: <20211217142119.85D8DFC9F@maintenance.suse.de> SUSE Security Update: Security update for log4j12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:4112-1 Rating: important References: #1193662 Cross-References: CVE-2021-4104 CVSS scores: CVE-2021-4104 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for log4j12 fixes the following issues: - CVE-2021-4104: Disable the JMSAppender class from log4j to protect against the log4jshell vulnerability. [bsc#1193662] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-4112=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-4112=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-4112=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-4112=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): log4j12-javadoc-1.2.17-4.3.1 log4j12-manual-1.2.17-4.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch): log4j12-javadoc-1.2.17-4.3.1 log4j12-manual-1.2.17-4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): log4j12-1.2.17-4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): log4j12-1.2.17-4.3.1 References: https://www.suse.com/security/cve/CVE-2021-4104.html https://bugzilla.suse.com/1193662 From sle-updates at lists.suse.com Fri Dec 17 14:25:03 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Dec 2021 15:25:03 +0100 (CET) Subject: SUSE-SU-2021:4111-1: important: Security update for log4j Message-ID: <20211217142503.B8FF3FC9F@maintenance.suse.de> SUSE Security Update: Security update for log4j ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:4111-1 Rating: important References: #1193662 Cross-References: CVE-2021-4104 CVSS scores: CVE-2021-4104 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for log4j fixes the following issue: - CVE-2021-4104: Disable the JMSAppender class from log4j to protect against the log4jshell vulnerability. [bsc#1193662] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-4111=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-4111=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-4111=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-4111=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-4111=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-4111=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-4111=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-4111=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-4111=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-4111=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): log4j-1.2.17-5.6.1 log4j-manual-1.2.17-5.6.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): log4j-1.2.17-5.6.1 log4j-manual-1.2.17-5.6.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): log4j-1.2.17-5.6.1 log4j-manual-1.2.17-5.6.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): log4j-1.2.17-5.6.1 log4j-manual-1.2.17-5.6.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): log4j-1.2.17-5.6.1 log4j-manual-1.2.17-5.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): log4j-1.2.17-5.6.1 log4j-manual-1.2.17-5.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): log4j-1.2.17-5.6.1 log4j-manual-1.2.17-5.6.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): log4j-1.2.17-5.6.1 log4j-manual-1.2.17-5.6.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): log4j-1.2.17-5.6.1 log4j-manual-1.2.17-5.6.1 - SUSE Enterprise Storage 6 (noarch): log4j-1.2.17-5.6.1 log4j-manual-1.2.17-5.6.1 - SUSE CaaS Platform 4.0 (noarch): log4j-1.2.17-5.6.1 log4j-manual-1.2.17-5.6.1 References: https://www.suse.com/security/cve/CVE-2021-4104.html https://bugzilla.suse.com/1193662 From sle-updates at lists.suse.com Fri Dec 17 17:16:28 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Dec 2021 18:16:28 +0100 (CET) Subject: SUSE-RU-2021:4113-1: critical: Recommended update for release-notes-sles-for-sap Message-ID: <20211217171628.0B84CFC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles-for-sap ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4113-1 Rating: critical References: #933411 PM-3168 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP2 ______________________________________________________________________________ An update that has one recommended fix and contains one feature can now be installed. Description: This update for release-notes-sles-for-sap fixes the following issues: - 15.2.20211213 (tracked in bsc#933411) - Adding disclaimer for Trento in tech preview section (jsc#PM-3168) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2021-4113=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP2 (noarch): release-notes-sles-for-sap-15.2.20211213-3.6.1 References: https://bugzilla.suse.com/933411 From sle-updates at lists.suse.com Fri Dec 17 17:17:47 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Dec 2021 18:17:47 +0100 (CET) Subject: SUSE-SU-2021:4115-1: important: Security update for log4j Message-ID: <20211217171747.8F907FC9F@maintenance.suse.de> SUSE Security Update: Security update for log4j ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:4115-1 Rating: important References: #1193662 Cross-References: CVE-2021-4104 CVSS scores: CVE-2021-4104 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for log4j fixes the following issue: - CVE-2021-4104: Disable the JMSAppender class from log4j to protect against the log4jshell vulnerability. [bsc#1193662] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-4115=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-4115=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-4115=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-4115=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-4115=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-4115=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-4115=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-4115=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-4115=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-4115=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-4115=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-4115=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-4115=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): log4j-1.2.15-126.6.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): log4j-1.2.15-126.6.1 - SUSE OpenStack Cloud 9 (noarch): log4j-1.2.15-126.6.1 - SUSE OpenStack Cloud 8 (noarch): log4j-1.2.15-126.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): log4j-1.2.15-126.6.1 log4j-manual-1.2.15-126.6.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): log4j-1.2.15-126.6.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): log4j-1.2.15-126.6.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): log4j-1.2.15-126.6.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): log4j-1.2.15-126.6.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): log4j-1.2.15-126.6.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): log4j-1.2.15-126.6.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): log4j-1.2.15-126.6.1 - HPE Helion Openstack 8 (noarch): log4j-1.2.15-126.6.1 References: https://www.suse.com/security/cve/CVE-2021-4104.html https://bugzilla.suse.com/1193662 From sle-updates at lists.suse.com Fri Dec 17 17:19:06 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 17 Dec 2021 18:19:06 +0100 (CET) Subject: SUSE-RU-2021:4114-1: important: Initial shipment of package sles-ltss-release Message-ID: <20211217171906.3FE40FC9F@maintenance.suse.de> SUSE Recommended Update: Initial shipment of package sles-ltss-release ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4114-1 Rating: important References: #1193567 MSC-251 Affected Products: SUSE Manager Server 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Proxy 4.1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Enterprise Storage 7 SUSE CaaS Platform 4.5 ______________________________________________________________________________ An update that has one recommended fix and contains one feature can now be installed. Description: This patch ships the sles-ltss-release package to SUSE Linux Enterprise Server 15 SP2 customers Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2021-4114=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2021-4114=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2021-4114=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2021-4114=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2021-4114=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2021-4114=1 - SUSE CaaS Platform 4.5: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): sles-ltss-release-15.2-7.3.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): sles-ltss-release-15.2-7.3.1 - SUSE Manager Proxy 4.1 (x86_64): sles-ltss-release-15.2-7.3.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): sles-ltss-release-15.2-7.3.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): sles-ltss-release-15.2-7.3.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): sles-ltss-release-15.2-7.3.1 - SUSE CaaS Platform 4.5 (aarch64 x86_64): sles-ltss-release-15.2-7.3.1 References: https://bugzilla.suse.com/1193567 From sle-updates at lists.suse.com Sat Dec 18 07:43:43 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 18 Dec 2021 08:43:43 +0100 (CET) Subject: SUSE-CU-2021:589-1: Recommended update of suse/sles12sp4 Message-ID: <20211218074343.689AAFC9F@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:589-1 Container Tags : suse/sles12sp4:26.393 , suse/sles12sp4:latest Container Release : 26.393 Severity : moderate Type : recommended References : 1180995 1190885 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4108-1 Released: Fri Dec 17 06:08:28 2021 Summary: Recommended update for openssl-1_0_0 Type: recommended Severity: moderate References: 1180995,1190885 This update for openssl-1_0_0 fixes the following issues: - Fix parameters by name ffdheXXXX and modp_XXXX sometimes result in 'not found' (bsc#1190885) - Add RFC3526 and RFC7919 groups to 'openssl genpkey' so that it can output FIPS-appropriate parameter (bsc#1180995) The following package changes have been done: - base-container-licenses-3.0-1.260 updated - container-suseconnect-2.0.0-1.154 updated - libopenssl1_0_0-1.0.2p-3.45.1 updated - openssl-1_0_0-1.0.2p-3.45.1 updated From sle-updates at lists.suse.com Sat Dec 18 07:54:33 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 18 Dec 2021 08:54:33 +0100 (CET) Subject: SUSE-CU-2021:590-1: Recommended update of suse/sles12sp5 Message-ID: <20211218075433.05690FC9F@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:590-1 Container Tags : suse/sles12sp5:6.5.275 , suse/sles12sp5:latest Container Release : 6.5.275 Severity : moderate Type : recommended References : 1180995 1190885 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4108-1 Released: Fri Dec 17 06:08:28 2021 Summary: Recommended update for openssl-1_0_0 Type: recommended Severity: moderate References: 1180995,1190885 This update for openssl-1_0_0 fixes the following issues: - Fix parameters by name ffdheXXXX and modp_XXXX sometimes result in 'not found' (bsc#1190885) - Add RFC3526 and RFC7919 groups to 'openssl genpkey' so that it can output FIPS-appropriate parameter (bsc#1180995) The following package changes have been done: - libopenssl1_0_0-1.0.2p-3.45.1 updated - openssl-1_0_0-1.0.2p-3.45.1 updated From sle-updates at lists.suse.com Mon Dec 20 11:16:57 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Dec 2021 12:16:57 +0100 (CET) Subject: SUSE-RU-2021:4116-1: moderate: Recommended update for corosync Message-ID: <20211220111657.BF0B5FC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for corosync ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4116-1 Rating: moderate References: #1192467 Affected Products: SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for corosync fixes the following issues: - Fix corosync not recognizing isolated nodes when interface is down (bsc#1192467) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-4116=1 Package List: - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): corosync-2.4.5-10.14.9.1 corosync-debuginfo-2.4.5-10.14.9.1 corosync-debugsource-2.4.5-10.14.9.1 corosync-qdevice-2.4.5-10.14.9.1 corosync-qdevice-debuginfo-2.4.5-10.14.9.1 corosync-qnetd-2.4.5-10.14.9.1 corosync-qnetd-debuginfo-2.4.5-10.14.9.1 corosync-testagents-2.4.5-10.14.9.1 corosync-testagents-debuginfo-2.4.5-10.14.9.1 libcfg6-2.4.5-10.14.9.1 libcfg6-debuginfo-2.4.5-10.14.9.1 libcmap4-2.4.5-10.14.9.1 libcmap4-debuginfo-2.4.5-10.14.9.1 libcorosync-devel-2.4.5-10.14.9.1 libcorosync_common4-2.4.5-10.14.9.1 libcorosync_common4-debuginfo-2.4.5-10.14.9.1 libcpg4-2.4.5-10.14.9.1 libcpg4-debuginfo-2.4.5-10.14.9.1 libquorum5-2.4.5-10.14.9.1 libquorum5-debuginfo-2.4.5-10.14.9.1 libsam4-2.4.5-10.14.9.1 libsam4-debuginfo-2.4.5-10.14.9.1 libtotem_pg5-2.4.5-10.14.9.1 libtotem_pg5-debuginfo-2.4.5-10.14.9.1 libvotequorum8-2.4.5-10.14.9.1 libvotequorum8-debuginfo-2.4.5-10.14.9.1 References: https://bugzilla.suse.com/1192467 From sle-updates at lists.suse.com Mon Dec 20 11:18:11 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Dec 2021 12:18:11 +0100 (CET) Subject: SUSE-RU-2021:4117-1: important: Recommended update for samba Message-ID: <20211220111811.8497EFC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for samba ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4117-1 Rating: important References: #1192849 Affected Products: SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Availability 15-SP1 SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for samba fixes the following issues: The username map advice from the CVE-2020-25717 advisory note has undesired side effects for the local nt token. Fallback to a SID/UID based mapping if the name based lookup fails (bsc#1192849). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-4117=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-4117=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-4117=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-4117=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-4117=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2021-4117=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-4117=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libdcerpc-binding0-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc-binding0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc-devel-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc-samr-devel-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc-samr0-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc-samr0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc0-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libndr-devel-4.9.5+git.477.8163dd03413-3.61.1 libndr-krb5pac-devel-4.9.5+git.477.8163dd03413-3.61.1 libndr-krb5pac0-4.9.5+git.477.8163dd03413-3.61.1 libndr-krb5pac0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libndr-nbt-devel-4.9.5+git.477.8163dd03413-3.61.1 libndr-nbt0-4.9.5+git.477.8163dd03413-3.61.1 libndr-nbt0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libndr-standard-devel-4.9.5+git.477.8163dd03413-3.61.1 libndr-standard0-4.9.5+git.477.8163dd03413-3.61.1 libndr-standard0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libndr0-4.9.5+git.477.8163dd03413-3.61.1 libndr0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libnetapi-devel-4.9.5+git.477.8163dd03413-3.61.1 libnetapi0-4.9.5+git.477.8163dd03413-3.61.1 libnetapi0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-credentials-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamba-credentials0-4.9.5+git.477.8163dd03413-3.61.1 libsamba-credentials0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-errors-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamba-errors0-4.9.5+git.477.8163dd03413-3.61.1 libsamba-errors0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-hostconfig-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamba-hostconfig0-4.9.5+git.477.8163dd03413-3.61.1 libsamba-hostconfig0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-passdb-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamba-passdb0-4.9.5+git.477.8163dd03413-3.61.1 libsamba-passdb0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-policy-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamba-policy-python3-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamba-policy0-4.9.5+git.477.8163dd03413-3.61.1 libsamba-policy0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-policy0-python3-4.9.5+git.477.8163dd03413-3.61.1 libsamba-policy0-python3-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-util-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamba-util0-4.9.5+git.477.8163dd03413-3.61.1 libsamba-util0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamdb-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamdb0-4.9.5+git.477.8163dd03413-3.61.1 libsamdb0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsmbclient-devel-4.9.5+git.477.8163dd03413-3.61.1 libsmbclient0-4.9.5+git.477.8163dd03413-3.61.1 libsmbclient0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsmbconf-devel-4.9.5+git.477.8163dd03413-3.61.1 libsmbconf0-4.9.5+git.477.8163dd03413-3.61.1 libsmbconf0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsmbldap-devel-4.9.5+git.477.8163dd03413-3.61.1 libsmbldap2-4.9.5+git.477.8163dd03413-3.61.1 libsmbldap2-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libtevent-util-devel-4.9.5+git.477.8163dd03413-3.61.1 libtevent-util0-4.9.5+git.477.8163dd03413-3.61.1 libtevent-util0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libwbclient-devel-4.9.5+git.477.8163dd03413-3.61.1 libwbclient0-4.9.5+git.477.8163dd03413-3.61.1 libwbclient0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-4.9.5+git.477.8163dd03413-3.61.1 samba-ad-dc-4.9.5+git.477.8163dd03413-3.61.1 samba-ad-dc-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-client-4.9.5+git.477.8163dd03413-3.61.1 samba-client-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-core-devel-4.9.5+git.477.8163dd03413-3.61.1 samba-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-debugsource-4.9.5+git.477.8163dd03413-3.61.1 samba-dsdb-modules-4.9.5+git.477.8163dd03413-3.61.1 samba-dsdb-modules-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-python-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-python-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-python3-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-python3-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-python-4.9.5+git.477.8163dd03413-3.61.1 samba-python-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-python3-4.9.5+git.477.8163dd03413-3.61.1 samba-python3-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-winbind-4.9.5+git.477.8163dd03413-3.61.1 samba-winbind-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libdcerpc-binding0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc-binding0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libndr-krb5pac0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libndr-krb5pac0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libndr-nbt0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libndr-nbt0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libndr-standard0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libndr-standard0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libndr0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libndr0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libnetapi0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libnetapi0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-credentials0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libsamba-credentials0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-errors0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libsamba-errors0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-hostconfig0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-passdb0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libsamba-passdb0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-util0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libsamba-util0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamdb0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libsamdb0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsmbconf0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libsmbconf0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsmbldap2-32bit-4.9.5+git.477.8163dd03413-3.61.1 libsmbldap2-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libtevent-util0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libtevent-util0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libwbclient0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libwbclient0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-32bit-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-winbind-32bit-4.9.5+git.477.8163dd03413-3.61.1 samba-winbind-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc-binding0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc-devel-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc-samr-devel-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc-samr0-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc-samr0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc0-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libndr-devel-4.9.5+git.477.8163dd03413-3.61.1 libndr-krb5pac-devel-4.9.5+git.477.8163dd03413-3.61.1 libndr-krb5pac0-4.9.5+git.477.8163dd03413-3.61.1 libndr-krb5pac0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libndr-nbt-devel-4.9.5+git.477.8163dd03413-3.61.1 libndr-nbt0-4.9.5+git.477.8163dd03413-3.61.1 libndr-nbt0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libndr-standard-devel-4.9.5+git.477.8163dd03413-3.61.1 libndr-standard0-4.9.5+git.477.8163dd03413-3.61.1 libndr-standard0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libndr0-4.9.5+git.477.8163dd03413-3.61.1 libndr0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libnetapi-devel-4.9.5+git.477.8163dd03413-3.61.1 libnetapi0-4.9.5+git.477.8163dd03413-3.61.1 libnetapi0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-credentials-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamba-credentials0-4.9.5+git.477.8163dd03413-3.61.1 libsamba-credentials0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-errors-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamba-errors0-4.9.5+git.477.8163dd03413-3.61.1 libsamba-errors0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-hostconfig-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamba-hostconfig0-4.9.5+git.477.8163dd03413-3.61.1 libsamba-hostconfig0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-passdb-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamba-passdb0-4.9.5+git.477.8163dd03413-3.61.1 libsamba-passdb0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-policy-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamba-policy-python3-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamba-policy0-4.9.5+git.477.8163dd03413-3.61.1 libsamba-policy0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-policy0-python3-4.9.5+git.477.8163dd03413-3.61.1 libsamba-policy0-python3-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-util-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamba-util0-4.9.5+git.477.8163dd03413-3.61.1 libsamba-util0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamdb-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamdb0-4.9.5+git.477.8163dd03413-3.61.1 libsamdb0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsmbclient-devel-4.9.5+git.477.8163dd03413-3.61.1 libsmbclient0-4.9.5+git.477.8163dd03413-3.61.1 libsmbclient0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsmbconf-devel-4.9.5+git.477.8163dd03413-3.61.1 libsmbconf0-4.9.5+git.477.8163dd03413-3.61.1 libsmbconf0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsmbldap-devel-4.9.5+git.477.8163dd03413-3.61.1 libsmbldap2-4.9.5+git.477.8163dd03413-3.61.1 libsmbldap2-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libtevent-util-devel-4.9.5+git.477.8163dd03413-3.61.1 libtevent-util0-4.9.5+git.477.8163dd03413-3.61.1 libtevent-util0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libwbclient-devel-4.9.5+git.477.8163dd03413-3.61.1 libwbclient0-4.9.5+git.477.8163dd03413-3.61.1 libwbclient0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-4.9.5+git.477.8163dd03413-3.61.1 samba-ad-dc-4.9.5+git.477.8163dd03413-3.61.1 samba-ad-dc-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-client-4.9.5+git.477.8163dd03413-3.61.1 samba-client-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-core-devel-4.9.5+git.477.8163dd03413-3.61.1 samba-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-debugsource-4.9.5+git.477.8163dd03413-3.61.1 samba-dsdb-modules-4.9.5+git.477.8163dd03413-3.61.1 samba-dsdb-modules-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-python-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-python-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-python3-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-python3-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-python-4.9.5+git.477.8163dd03413-3.61.1 samba-python-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-python3-4.9.5+git.477.8163dd03413-3.61.1 samba-python3-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-winbind-4.9.5+git.477.8163dd03413-3.61.1 samba-winbind-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libdcerpc-binding0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc-binding0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libndr-krb5pac0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libndr-krb5pac0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libndr-nbt0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libndr-nbt0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libndr-standard0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libndr-standard0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libndr0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libndr0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libnetapi0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libnetapi0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-credentials0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libsamba-credentials0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-errors0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libsamba-errors0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-hostconfig0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-passdb0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libsamba-passdb0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-util0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libsamba-util0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamdb0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libsamdb0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsmbconf0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libsmbconf0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsmbldap2-32bit-4.9.5+git.477.8163dd03413-3.61.1 libsmbldap2-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libtevent-util0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libtevent-util0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libwbclient0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libwbclient0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-32bit-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-winbind-32bit-4.9.5+git.477.8163dd03413-3.61.1 samba-winbind-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libdcerpc-binding0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc-binding0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc-binding0-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc-binding0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc-devel-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc-samr-devel-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc-samr0-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc-samr0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc0-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libndr-devel-4.9.5+git.477.8163dd03413-3.61.1 libndr-krb5pac-devel-4.9.5+git.477.8163dd03413-3.61.1 libndr-krb5pac0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libndr-krb5pac0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libndr-krb5pac0-4.9.5+git.477.8163dd03413-3.61.1 libndr-krb5pac0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libndr-nbt-devel-4.9.5+git.477.8163dd03413-3.61.1 libndr-nbt0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libndr-nbt0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libndr-nbt0-4.9.5+git.477.8163dd03413-3.61.1 libndr-nbt0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libndr-standard-devel-4.9.5+git.477.8163dd03413-3.61.1 libndr-standard0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libndr-standard0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libndr-standard0-4.9.5+git.477.8163dd03413-3.61.1 libndr-standard0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libndr0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libndr0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libndr0-4.9.5+git.477.8163dd03413-3.61.1 libndr0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libnetapi-devel-4.9.5+git.477.8163dd03413-3.61.1 libnetapi0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libnetapi0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libnetapi0-4.9.5+git.477.8163dd03413-3.61.1 libnetapi0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-credentials-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamba-credentials0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libsamba-credentials0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-credentials0-4.9.5+git.477.8163dd03413-3.61.1 libsamba-credentials0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-errors-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamba-errors0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libsamba-errors0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-errors0-4.9.5+git.477.8163dd03413-3.61.1 libsamba-errors0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-hostconfig-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamba-hostconfig0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-hostconfig0-4.9.5+git.477.8163dd03413-3.61.1 libsamba-hostconfig0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-passdb-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamba-passdb0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libsamba-passdb0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-passdb0-4.9.5+git.477.8163dd03413-3.61.1 libsamba-passdb0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-policy-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamba-policy-python3-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamba-policy0-4.9.5+git.477.8163dd03413-3.61.1 libsamba-policy0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-policy0-python3-4.9.5+git.477.8163dd03413-3.61.1 libsamba-policy0-python3-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-util-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamba-util0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libsamba-util0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-util0-4.9.5+git.477.8163dd03413-3.61.1 libsamba-util0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamdb-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamdb0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libsamdb0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamdb0-4.9.5+git.477.8163dd03413-3.61.1 libsamdb0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsmbclient-devel-4.9.5+git.477.8163dd03413-3.61.1 libsmbclient0-4.9.5+git.477.8163dd03413-3.61.1 libsmbclient0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsmbconf-devel-4.9.5+git.477.8163dd03413-3.61.1 libsmbconf0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libsmbconf0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsmbconf0-4.9.5+git.477.8163dd03413-3.61.1 libsmbconf0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsmbldap-devel-4.9.5+git.477.8163dd03413-3.61.1 libsmbldap2-32bit-4.9.5+git.477.8163dd03413-3.61.1 libsmbldap2-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsmbldap2-4.9.5+git.477.8163dd03413-3.61.1 libsmbldap2-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libtevent-util-devel-4.9.5+git.477.8163dd03413-3.61.1 libtevent-util0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libtevent-util0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libtevent-util0-4.9.5+git.477.8163dd03413-3.61.1 libtevent-util0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libwbclient-devel-4.9.5+git.477.8163dd03413-3.61.1 libwbclient0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libwbclient0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libwbclient0-4.9.5+git.477.8163dd03413-3.61.1 libwbclient0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-4.9.5+git.477.8163dd03413-3.61.1 samba-ad-dc-4.9.5+git.477.8163dd03413-3.61.1 samba-ad-dc-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-client-4.9.5+git.477.8163dd03413-3.61.1 samba-client-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-core-devel-4.9.5+git.477.8163dd03413-3.61.1 samba-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-debugsource-4.9.5+git.477.8163dd03413-3.61.1 samba-dsdb-modules-4.9.5+git.477.8163dd03413-3.61.1 samba-dsdb-modules-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-32bit-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-python-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-python-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-python3-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-python3-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-python-4.9.5+git.477.8163dd03413-3.61.1 samba-python-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-python3-4.9.5+git.477.8163dd03413-3.61.1 samba-python3-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-winbind-32bit-4.9.5+git.477.8163dd03413-3.61.1 samba-winbind-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-winbind-4.9.5+git.477.8163dd03413-3.61.1 samba-winbind-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libdcerpc-binding0-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc-binding0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc-devel-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc-samr-devel-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc-samr0-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc-samr0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc0-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libndr-devel-4.9.5+git.477.8163dd03413-3.61.1 libndr-krb5pac-devel-4.9.5+git.477.8163dd03413-3.61.1 libndr-krb5pac0-4.9.5+git.477.8163dd03413-3.61.1 libndr-krb5pac0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libndr-nbt-devel-4.9.5+git.477.8163dd03413-3.61.1 libndr-nbt0-4.9.5+git.477.8163dd03413-3.61.1 libndr-nbt0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libndr-standard-devel-4.9.5+git.477.8163dd03413-3.61.1 libndr-standard0-4.9.5+git.477.8163dd03413-3.61.1 libndr-standard0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libndr0-4.9.5+git.477.8163dd03413-3.61.1 libndr0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libnetapi-devel-4.9.5+git.477.8163dd03413-3.61.1 libnetapi0-4.9.5+git.477.8163dd03413-3.61.1 libnetapi0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-credentials-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamba-credentials0-4.9.5+git.477.8163dd03413-3.61.1 libsamba-credentials0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-errors-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamba-errors0-4.9.5+git.477.8163dd03413-3.61.1 libsamba-errors0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-hostconfig-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamba-hostconfig0-4.9.5+git.477.8163dd03413-3.61.1 libsamba-hostconfig0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-passdb-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamba-passdb0-4.9.5+git.477.8163dd03413-3.61.1 libsamba-passdb0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-policy-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamba-policy-python3-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamba-policy0-4.9.5+git.477.8163dd03413-3.61.1 libsamba-policy0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-policy0-python3-4.9.5+git.477.8163dd03413-3.61.1 libsamba-policy0-python3-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-util-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamba-util0-4.9.5+git.477.8163dd03413-3.61.1 libsamba-util0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamdb-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamdb0-4.9.5+git.477.8163dd03413-3.61.1 libsamdb0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsmbclient-devel-4.9.5+git.477.8163dd03413-3.61.1 libsmbclient0-4.9.5+git.477.8163dd03413-3.61.1 libsmbclient0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsmbconf-devel-4.9.5+git.477.8163dd03413-3.61.1 libsmbconf0-4.9.5+git.477.8163dd03413-3.61.1 libsmbconf0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsmbldap-devel-4.9.5+git.477.8163dd03413-3.61.1 libsmbldap2-4.9.5+git.477.8163dd03413-3.61.1 libsmbldap2-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libtevent-util-devel-4.9.5+git.477.8163dd03413-3.61.1 libtevent-util0-4.9.5+git.477.8163dd03413-3.61.1 libtevent-util0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libwbclient-devel-4.9.5+git.477.8163dd03413-3.61.1 libwbclient0-4.9.5+git.477.8163dd03413-3.61.1 libwbclient0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-4.9.5+git.477.8163dd03413-3.61.1 samba-ad-dc-4.9.5+git.477.8163dd03413-3.61.1 samba-ad-dc-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-client-4.9.5+git.477.8163dd03413-3.61.1 samba-client-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-core-devel-4.9.5+git.477.8163dd03413-3.61.1 samba-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-debugsource-4.9.5+git.477.8163dd03413-3.61.1 samba-dsdb-modules-4.9.5+git.477.8163dd03413-3.61.1 samba-dsdb-modules-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-python-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-python-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-python3-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-python3-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-python-4.9.5+git.477.8163dd03413-3.61.1 samba-python-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-python3-4.9.5+git.477.8163dd03413-3.61.1 samba-python3-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-winbind-4.9.5+git.477.8163dd03413-3.61.1 samba-winbind-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libdcerpc-binding0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc-binding0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libndr-krb5pac0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libndr-krb5pac0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libndr-nbt0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libndr-nbt0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libndr-standard0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libndr-standard0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libndr0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libndr0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libnetapi0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libnetapi0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-credentials0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libsamba-credentials0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-errors0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libsamba-errors0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-hostconfig0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-passdb0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libsamba-passdb0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-util0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libsamba-util0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamdb0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libsamdb0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsmbconf0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libsmbconf0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsmbldap2-32bit-4.9.5+git.477.8163dd03413-3.61.1 libsmbldap2-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libtevent-util0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libtevent-util0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libwbclient0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libwbclient0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-32bit-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-winbind-32bit-4.9.5+git.477.8163dd03413-3.61.1 samba-winbind-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libdcerpc-binding0-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc-binding0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc-devel-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc-samr-devel-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc-samr0-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc-samr0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc0-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libndr-devel-4.9.5+git.477.8163dd03413-3.61.1 libndr-krb5pac-devel-4.9.5+git.477.8163dd03413-3.61.1 libndr-krb5pac0-4.9.5+git.477.8163dd03413-3.61.1 libndr-krb5pac0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libndr-nbt-devel-4.9.5+git.477.8163dd03413-3.61.1 libndr-nbt0-4.9.5+git.477.8163dd03413-3.61.1 libndr-nbt0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libndr-standard-devel-4.9.5+git.477.8163dd03413-3.61.1 libndr-standard0-4.9.5+git.477.8163dd03413-3.61.1 libndr-standard0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libndr0-4.9.5+git.477.8163dd03413-3.61.1 libndr0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libnetapi-devel-4.9.5+git.477.8163dd03413-3.61.1 libnetapi0-4.9.5+git.477.8163dd03413-3.61.1 libnetapi0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-credentials-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamba-credentials0-4.9.5+git.477.8163dd03413-3.61.1 libsamba-credentials0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-errors-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamba-errors0-4.9.5+git.477.8163dd03413-3.61.1 libsamba-errors0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-hostconfig-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamba-hostconfig0-4.9.5+git.477.8163dd03413-3.61.1 libsamba-hostconfig0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-passdb-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamba-passdb0-4.9.5+git.477.8163dd03413-3.61.1 libsamba-passdb0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-policy-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamba-policy-python3-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamba-policy0-4.9.5+git.477.8163dd03413-3.61.1 libsamba-policy0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-policy0-python3-4.9.5+git.477.8163dd03413-3.61.1 libsamba-policy0-python3-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-util-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamba-util0-4.9.5+git.477.8163dd03413-3.61.1 libsamba-util0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamdb-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamdb0-4.9.5+git.477.8163dd03413-3.61.1 libsamdb0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsmbclient-devel-4.9.5+git.477.8163dd03413-3.61.1 libsmbclient0-4.9.5+git.477.8163dd03413-3.61.1 libsmbclient0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsmbconf-devel-4.9.5+git.477.8163dd03413-3.61.1 libsmbconf0-4.9.5+git.477.8163dd03413-3.61.1 libsmbconf0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsmbldap-devel-4.9.5+git.477.8163dd03413-3.61.1 libsmbldap2-4.9.5+git.477.8163dd03413-3.61.1 libsmbldap2-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libtevent-util-devel-4.9.5+git.477.8163dd03413-3.61.1 libtevent-util0-4.9.5+git.477.8163dd03413-3.61.1 libtevent-util0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libwbclient-devel-4.9.5+git.477.8163dd03413-3.61.1 libwbclient0-4.9.5+git.477.8163dd03413-3.61.1 libwbclient0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-4.9.5+git.477.8163dd03413-3.61.1 samba-ad-dc-4.9.5+git.477.8163dd03413-3.61.1 samba-ad-dc-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-client-4.9.5+git.477.8163dd03413-3.61.1 samba-client-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-core-devel-4.9.5+git.477.8163dd03413-3.61.1 samba-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-debugsource-4.9.5+git.477.8163dd03413-3.61.1 samba-dsdb-modules-4.9.5+git.477.8163dd03413-3.61.1 samba-dsdb-modules-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-python-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-python-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-python3-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-python3-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-python-4.9.5+git.477.8163dd03413-3.61.1 samba-python-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-python3-4.9.5+git.477.8163dd03413-3.61.1 samba-python3-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-winbind-4.9.5+git.477.8163dd03413-3.61.1 samba-winbind-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libdcerpc-binding0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc-binding0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libndr-krb5pac0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libndr-krb5pac0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libndr-nbt0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libndr-nbt0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libndr-standard0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libndr-standard0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libndr0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libndr0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libnetapi0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libnetapi0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-credentials0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libsamba-credentials0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-errors0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libsamba-errors0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-hostconfig0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-passdb0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libsamba-passdb0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-util0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libsamba-util0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamdb0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libsamdb0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsmbconf0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libsmbconf0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsmbldap2-32bit-4.9.5+git.477.8163dd03413-3.61.1 libsmbldap2-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libtevent-util0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libtevent-util0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libwbclient0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libwbclient0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-32bit-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-winbind-32bit-4.9.5+git.477.8163dd03413-3.61.1 samba-winbind-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): ctdb-4.9.5+git.477.8163dd03413-3.61.1 ctdb-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-debugsource-4.9.5+git.477.8163dd03413-3.61.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64_ilp32): libdcerpc-binding0-64bit-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc-binding0-64bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc-samr0-64bit-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc-samr0-64bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc0-64bit-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc0-64bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libndr-krb5pac0-64bit-4.9.5+git.477.8163dd03413-3.61.1 libndr-krb5pac0-64bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libndr-nbt0-64bit-4.9.5+git.477.8163dd03413-3.61.1 libndr-nbt0-64bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libndr-standard0-64bit-4.9.5+git.477.8163dd03413-3.61.1 libndr-standard0-64bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libndr0-64bit-4.9.5+git.477.8163dd03413-3.61.1 libndr0-64bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libnetapi-devel-64bit-4.9.5+git.477.8163dd03413-3.61.1 libnetapi0-64bit-4.9.5+git.477.8163dd03413-3.61.1 libnetapi0-64bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-credentials0-64bit-4.9.5+git.477.8163dd03413-3.61.1 libsamba-credentials0-64bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-errors0-64bit-4.9.5+git.477.8163dd03413-3.61.1 libsamba-errors0-64bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-hostconfig0-64bit-4.9.5+git.477.8163dd03413-3.61.1 libsamba-hostconfig0-64bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-passdb0-64bit-4.9.5+git.477.8163dd03413-3.61.1 libsamba-passdb0-64bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-policy0-64bit-4.9.5+git.477.8163dd03413-3.61.1 libsamba-policy0-64bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-policy0-python3-64bit-4.9.5+git.477.8163dd03413-3.61.1 libsamba-policy0-python3-64bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-util0-64bit-4.9.5+git.477.8163dd03413-3.61.1 libsamba-util0-64bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamdb0-64bit-4.9.5+git.477.8163dd03413-3.61.1 libsamdb0-64bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsmbclient0-64bit-4.9.5+git.477.8163dd03413-3.61.1 libsmbclient0-64bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsmbconf0-64bit-4.9.5+git.477.8163dd03413-3.61.1 libsmbconf0-64bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsmbldap2-64bit-4.9.5+git.477.8163dd03413-3.61.1 libsmbldap2-64bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libtevent-util0-64bit-4.9.5+git.477.8163dd03413-3.61.1 libtevent-util0-64bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libwbclient0-64bit-4.9.5+git.477.8163dd03413-3.61.1 libwbclient0-64bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-ad-dc-64bit-4.9.5+git.477.8163dd03413-3.61.1 samba-ad-dc-64bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-client-64bit-4.9.5+git.477.8163dd03413-3.61.1 samba-client-64bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-64bit-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-64bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-python-64bit-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-python-64bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-python3-64bit-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-python3-64bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-winbind-64bit-4.9.5+git.477.8163dd03413-3.61.1 samba-winbind-64bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64): ctdb-pcp-pmda-4.9.5+git.477.8163dd03413-3.61.1 ctdb-pcp-pmda-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 ctdb-tests-4.9.5+git.477.8163dd03413-3.61.1 ctdb-tests-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc-binding0-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc-binding0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc-devel-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc-samr-devel-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc-samr0-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc-samr0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc0-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libndr-devel-4.9.5+git.477.8163dd03413-3.61.1 libndr-krb5pac-devel-4.9.5+git.477.8163dd03413-3.61.1 libndr-krb5pac0-4.9.5+git.477.8163dd03413-3.61.1 libndr-krb5pac0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libndr-nbt-devel-4.9.5+git.477.8163dd03413-3.61.1 libndr-nbt0-4.9.5+git.477.8163dd03413-3.61.1 libndr-nbt0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libndr-standard-devel-4.9.5+git.477.8163dd03413-3.61.1 libndr-standard0-4.9.5+git.477.8163dd03413-3.61.1 libndr-standard0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libndr0-4.9.5+git.477.8163dd03413-3.61.1 libndr0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libnetapi-devel-4.9.5+git.477.8163dd03413-3.61.1 libnetapi0-4.9.5+git.477.8163dd03413-3.61.1 libnetapi0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-credentials-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamba-credentials0-4.9.5+git.477.8163dd03413-3.61.1 libsamba-credentials0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-errors-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamba-errors0-4.9.5+git.477.8163dd03413-3.61.1 libsamba-errors0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-hostconfig-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamba-hostconfig0-4.9.5+git.477.8163dd03413-3.61.1 libsamba-hostconfig0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-passdb-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamba-passdb0-4.9.5+git.477.8163dd03413-3.61.1 libsamba-passdb0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-policy-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamba-policy-python-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamba-policy-python3-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamba-policy0-4.9.5+git.477.8163dd03413-3.61.1 libsamba-policy0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-policy0-python3-4.9.5+git.477.8163dd03413-3.61.1 libsamba-policy0-python3-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-util-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamba-util0-4.9.5+git.477.8163dd03413-3.61.1 libsamba-util0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamdb-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamdb0-4.9.5+git.477.8163dd03413-3.61.1 libsamdb0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsmbclient-devel-4.9.5+git.477.8163dd03413-3.61.1 libsmbclient0-4.9.5+git.477.8163dd03413-3.61.1 libsmbclient0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsmbconf-devel-4.9.5+git.477.8163dd03413-3.61.1 libsmbconf0-4.9.5+git.477.8163dd03413-3.61.1 libsmbconf0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsmbldap-devel-4.9.5+git.477.8163dd03413-3.61.1 libsmbldap2-4.9.5+git.477.8163dd03413-3.61.1 libsmbldap2-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libtevent-util-devel-4.9.5+git.477.8163dd03413-3.61.1 libtevent-util0-4.9.5+git.477.8163dd03413-3.61.1 libtevent-util0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libwbclient-devel-4.9.5+git.477.8163dd03413-3.61.1 libwbclient0-4.9.5+git.477.8163dd03413-3.61.1 libwbclient0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-4.9.5+git.477.8163dd03413-3.61.1 samba-ad-dc-4.9.5+git.477.8163dd03413-3.61.1 samba-ad-dc-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-ceph-4.9.5+git.477.8163dd03413-3.61.1 samba-ceph-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-client-4.9.5+git.477.8163dd03413-3.61.1 samba-client-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-core-devel-4.9.5+git.477.8163dd03413-3.61.1 samba-dsdb-modules-4.9.5+git.477.8163dd03413-3.61.1 samba-dsdb-modules-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-python-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-python-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-python3-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-python3-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-python-4.9.5+git.477.8163dd03413-3.61.1 samba-python-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-python3-4.9.5+git.477.8163dd03413-3.61.1 samba-python3-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-test-4.9.5+git.477.8163dd03413-3.61.1 samba-test-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-winbind-4.9.5+git.477.8163dd03413-3.61.1 samba-winbind-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 - SUSE Linux Enterprise High Availability 15-SP1 (noarch): samba-doc-4.9.5+git.477.8163dd03413-3.61.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libdcerpc-binding0-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc-binding0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc-devel-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc-samr-devel-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc-samr0-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc-samr0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc0-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libndr-devel-4.9.5+git.477.8163dd03413-3.61.1 libndr-krb5pac-devel-4.9.5+git.477.8163dd03413-3.61.1 libndr-krb5pac0-4.9.5+git.477.8163dd03413-3.61.1 libndr-krb5pac0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libndr-nbt-devel-4.9.5+git.477.8163dd03413-3.61.1 libndr-nbt0-4.9.5+git.477.8163dd03413-3.61.1 libndr-nbt0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libndr-standard-devel-4.9.5+git.477.8163dd03413-3.61.1 libndr-standard0-4.9.5+git.477.8163dd03413-3.61.1 libndr-standard0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libndr0-4.9.5+git.477.8163dd03413-3.61.1 libndr0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libnetapi-devel-4.9.5+git.477.8163dd03413-3.61.1 libnetapi0-4.9.5+git.477.8163dd03413-3.61.1 libnetapi0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-credentials-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamba-credentials0-4.9.5+git.477.8163dd03413-3.61.1 libsamba-credentials0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-errors-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamba-errors0-4.9.5+git.477.8163dd03413-3.61.1 libsamba-errors0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-hostconfig-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamba-hostconfig0-4.9.5+git.477.8163dd03413-3.61.1 libsamba-hostconfig0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-passdb-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamba-passdb0-4.9.5+git.477.8163dd03413-3.61.1 libsamba-passdb0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-policy-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamba-policy-python3-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamba-policy0-4.9.5+git.477.8163dd03413-3.61.1 libsamba-policy0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-policy0-python3-4.9.5+git.477.8163dd03413-3.61.1 libsamba-policy0-python3-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-util-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamba-util0-4.9.5+git.477.8163dd03413-3.61.1 libsamba-util0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamdb-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamdb0-4.9.5+git.477.8163dd03413-3.61.1 libsamdb0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsmbclient-devel-4.9.5+git.477.8163dd03413-3.61.1 libsmbclient0-4.9.5+git.477.8163dd03413-3.61.1 libsmbclient0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsmbconf-devel-4.9.5+git.477.8163dd03413-3.61.1 libsmbconf0-4.9.5+git.477.8163dd03413-3.61.1 libsmbconf0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsmbldap-devel-4.9.5+git.477.8163dd03413-3.61.1 libsmbldap2-4.9.5+git.477.8163dd03413-3.61.1 libsmbldap2-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libtevent-util-devel-4.9.5+git.477.8163dd03413-3.61.1 libtevent-util0-4.9.5+git.477.8163dd03413-3.61.1 libtevent-util0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libwbclient-devel-4.9.5+git.477.8163dd03413-3.61.1 libwbclient0-4.9.5+git.477.8163dd03413-3.61.1 libwbclient0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-4.9.5+git.477.8163dd03413-3.61.1 samba-ad-dc-4.9.5+git.477.8163dd03413-3.61.1 samba-ad-dc-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-ceph-4.9.5+git.477.8163dd03413-3.61.1 samba-ceph-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-client-4.9.5+git.477.8163dd03413-3.61.1 samba-client-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-core-devel-4.9.5+git.477.8163dd03413-3.61.1 samba-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-debugsource-4.9.5+git.477.8163dd03413-3.61.1 samba-dsdb-modules-4.9.5+git.477.8163dd03413-3.61.1 samba-dsdb-modules-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-python-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-python-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-python3-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-python3-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-python-4.9.5+git.477.8163dd03413-3.61.1 samba-python-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-python3-4.9.5+git.477.8163dd03413-3.61.1 samba-python3-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-winbind-4.9.5+git.477.8163dd03413-3.61.1 samba-winbind-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 - SUSE Enterprise Storage 6 (x86_64): libdcerpc-binding0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc-binding0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libndr-krb5pac0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libndr-krb5pac0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libndr-nbt0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libndr-nbt0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libndr-standard0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libndr-standard0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libndr0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libndr0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libnetapi0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libnetapi0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-credentials0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libsamba-credentials0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-errors0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libsamba-errors0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-hostconfig0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-passdb0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libsamba-passdb0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-util0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libsamba-util0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamdb0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libsamdb0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsmbconf0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libsmbconf0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsmbldap2-32bit-4.9.5+git.477.8163dd03413-3.61.1 libsmbldap2-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libtevent-util0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libtevent-util0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libwbclient0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libwbclient0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-32bit-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-winbind-32bit-4.9.5+git.477.8163dd03413-3.61.1 samba-winbind-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 - SUSE CaaS Platform 4.0 (x86_64): libdcerpc-binding0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc-binding0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc-binding0-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc-binding0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc-devel-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc-samr-devel-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc-samr0-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc-samr0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc0-4.9.5+git.477.8163dd03413-3.61.1 libdcerpc0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libndr-devel-4.9.5+git.477.8163dd03413-3.61.1 libndr-krb5pac-devel-4.9.5+git.477.8163dd03413-3.61.1 libndr-krb5pac0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libndr-krb5pac0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libndr-krb5pac0-4.9.5+git.477.8163dd03413-3.61.1 libndr-krb5pac0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libndr-nbt-devel-4.9.5+git.477.8163dd03413-3.61.1 libndr-nbt0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libndr-nbt0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libndr-nbt0-4.9.5+git.477.8163dd03413-3.61.1 libndr-nbt0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libndr-standard-devel-4.9.5+git.477.8163dd03413-3.61.1 libndr-standard0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libndr-standard0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libndr-standard0-4.9.5+git.477.8163dd03413-3.61.1 libndr-standard0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libndr0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libndr0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libndr0-4.9.5+git.477.8163dd03413-3.61.1 libndr0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libnetapi-devel-4.9.5+git.477.8163dd03413-3.61.1 libnetapi0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libnetapi0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libnetapi0-4.9.5+git.477.8163dd03413-3.61.1 libnetapi0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-credentials-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamba-credentials0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libsamba-credentials0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-credentials0-4.9.5+git.477.8163dd03413-3.61.1 libsamba-credentials0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-errors-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamba-errors0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libsamba-errors0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-errors0-4.9.5+git.477.8163dd03413-3.61.1 libsamba-errors0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-hostconfig-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamba-hostconfig0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-hostconfig0-4.9.5+git.477.8163dd03413-3.61.1 libsamba-hostconfig0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-passdb-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamba-passdb0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libsamba-passdb0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-passdb0-4.9.5+git.477.8163dd03413-3.61.1 libsamba-passdb0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-policy-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamba-policy-python3-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamba-policy0-4.9.5+git.477.8163dd03413-3.61.1 libsamba-policy0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-policy0-python3-4.9.5+git.477.8163dd03413-3.61.1 libsamba-policy0-python3-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-util-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamba-util0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libsamba-util0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamba-util0-4.9.5+git.477.8163dd03413-3.61.1 libsamba-util0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamdb-devel-4.9.5+git.477.8163dd03413-3.61.1 libsamdb0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libsamdb0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsamdb0-4.9.5+git.477.8163dd03413-3.61.1 libsamdb0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsmbclient-devel-4.9.5+git.477.8163dd03413-3.61.1 libsmbclient0-4.9.5+git.477.8163dd03413-3.61.1 libsmbclient0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsmbconf-devel-4.9.5+git.477.8163dd03413-3.61.1 libsmbconf0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libsmbconf0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsmbconf0-4.9.5+git.477.8163dd03413-3.61.1 libsmbconf0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsmbldap-devel-4.9.5+git.477.8163dd03413-3.61.1 libsmbldap2-32bit-4.9.5+git.477.8163dd03413-3.61.1 libsmbldap2-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libsmbldap2-4.9.5+git.477.8163dd03413-3.61.1 libsmbldap2-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libtevent-util-devel-4.9.5+git.477.8163dd03413-3.61.1 libtevent-util0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libtevent-util0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libtevent-util0-4.9.5+git.477.8163dd03413-3.61.1 libtevent-util0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libwbclient-devel-4.9.5+git.477.8163dd03413-3.61.1 libwbclient0-32bit-4.9.5+git.477.8163dd03413-3.61.1 libwbclient0-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 libwbclient0-4.9.5+git.477.8163dd03413-3.61.1 libwbclient0-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-4.9.5+git.477.8163dd03413-3.61.1 samba-ad-dc-4.9.5+git.477.8163dd03413-3.61.1 samba-ad-dc-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-client-4.9.5+git.477.8163dd03413-3.61.1 samba-client-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-core-devel-4.9.5+git.477.8163dd03413-3.61.1 samba-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-debugsource-4.9.5+git.477.8163dd03413-3.61.1 samba-dsdb-modules-4.9.5+git.477.8163dd03413-3.61.1 samba-dsdb-modules-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-32bit-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-python-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-python-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-python3-4.9.5+git.477.8163dd03413-3.61.1 samba-libs-python3-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-python-4.9.5+git.477.8163dd03413-3.61.1 samba-python-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-python3-4.9.5+git.477.8163dd03413-3.61.1 samba-python3-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-winbind-32bit-4.9.5+git.477.8163dd03413-3.61.1 samba-winbind-32bit-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 samba-winbind-4.9.5+git.477.8163dd03413-3.61.1 samba-winbind-debuginfo-4.9.5+git.477.8163dd03413-3.61.1 References: https://www.suse.com/security/cve/CVE-2020-25717.html https://bugzilla.suse.com/1192849 From sle-updates at lists.suse.com Mon Dec 20 17:16:59 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Dec 2021 18:16:59 +0100 (CET) Subject: SUSE-SU-2021:4120-1: important: Security update for xorg-x11-server Message-ID: <20211220171659.110FFFC9F@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:4120-1 Rating: important References: #1190487 #1190489 Cross-References: CVE-2021-4009 CVE-2021-4011 CVSS scores: CVE-2021-4009 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-4011 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2021-4009: The handler for the CreatePointerBarrier request of the XFixes extension does not properly validate the request length leading to out of bounds memory write. (bsc#1190487) - CVE-2021-4011: The handlers for the RecordCreateContext and RecordRegisterClients requests of the Record extension do not properly validate the request length leading to out of bounds memory write. (bsc#1190489) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-4120=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-4120=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-4120=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-4120=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): xorg-x11-server-1.19.6-4.28.1 xorg-x11-server-debuginfo-1.19.6-4.28.1 xorg-x11-server-debugsource-1.19.6-4.28.1 xorg-x11-server-extra-1.19.6-4.28.1 xorg-x11-server-extra-debuginfo-1.19.6-4.28.1 - SUSE OpenStack Cloud 9 (x86_64): xorg-x11-server-1.19.6-4.28.1 xorg-x11-server-debuginfo-1.19.6-4.28.1 xorg-x11-server-debugsource-1.19.6-4.28.1 xorg-x11-server-extra-1.19.6-4.28.1 xorg-x11-server-extra-debuginfo-1.19.6-4.28.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): xorg-x11-server-1.19.6-4.28.1 xorg-x11-server-debuginfo-1.19.6-4.28.1 xorg-x11-server-debugsource-1.19.6-4.28.1 xorg-x11-server-extra-1.19.6-4.28.1 xorg-x11-server-extra-debuginfo-1.19.6-4.28.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.19.6-4.28.1 xorg-x11-server-debuginfo-1.19.6-4.28.1 xorg-x11-server-debugsource-1.19.6-4.28.1 xorg-x11-server-extra-1.19.6-4.28.1 xorg-x11-server-extra-debuginfo-1.19.6-4.28.1 References: https://www.suse.com/security/cve/CVE-2021-4009.html https://www.suse.com/security/cve/CVE-2021-4011.html https://bugzilla.suse.com/1190487 https://bugzilla.suse.com/1190489 From sle-updates at lists.suse.com Mon Dec 20 17:18:20 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Dec 2021 18:18:20 +0100 (CET) Subject: SUSE-SU-2021:4124-1: important: Security update for xorg-x11-server Message-ID: <20211220171820.0EC2FFC9F@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:4124-1 Rating: important References: #1190487 #1190489 Cross-References: CVE-2021-4009 CVE-2021-4011 CVSS scores: CVE-2021-4009 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-4011 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2021-4009: The handler for the CreatePointerBarrier request of the XFixes extension does not properly validate the request length leading to out of bounds memory write. (bsc#1190487) - CVE-2021-4011: The handlers for the RecordCreateContext and RecordRegisterClients requests of the Record extension do not properly validate the request length leading to out of bounds memory write. (bsc#1190489) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-4124=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-4124=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-4124=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-4124=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-4124=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-4124=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-4124=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): xorg-x11-server-7.6_1.18.3-76.46.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.46.1 xorg-x11-server-debugsource-7.6_1.18.3-76.46.1 xorg-x11-server-extra-7.6_1.18.3-76.46.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.46.1 - SUSE OpenStack Cloud 8 (x86_64): xorg-x11-server-7.6_1.18.3-76.46.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.46.1 xorg-x11-server-debugsource-7.6_1.18.3-76.46.1 xorg-x11-server-extra-7.6_1.18.3-76.46.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.46.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): xorg-x11-server-7.6_1.18.3-76.46.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.46.1 xorg-x11-server-debugsource-7.6_1.18.3-76.46.1 xorg-x11-server-extra-7.6_1.18.3-76.46.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.46.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): xorg-x11-server-7.6_1.18.3-76.46.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.46.1 xorg-x11-server-debugsource-7.6_1.18.3-76.46.1 xorg-x11-server-extra-7.6_1.18.3-76.46.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.46.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): xorg-x11-server-7.6_1.18.3-76.46.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.46.1 xorg-x11-server-debugsource-7.6_1.18.3-76.46.1 xorg-x11-server-extra-7.6_1.18.3-76.46.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.46.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): xorg-x11-server-7.6_1.18.3-76.46.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.46.1 xorg-x11-server-debugsource-7.6_1.18.3-76.46.1 xorg-x11-server-extra-7.6_1.18.3-76.46.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.46.1 - HPE Helion Openstack 8 (x86_64): xorg-x11-server-7.6_1.18.3-76.46.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.46.1 xorg-x11-server-debugsource-7.6_1.18.3-76.46.1 xorg-x11-server-extra-7.6_1.18.3-76.46.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.46.1 References: https://www.suse.com/security/cve/CVE-2021-4009.html https://www.suse.com/security/cve/CVE-2021-4011.html https://bugzilla.suse.com/1190487 https://bugzilla.suse.com/1190489 From sle-updates at lists.suse.com Mon Dec 20 17:19:41 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Dec 2021 18:19:41 +0100 (CET) Subject: SUSE-SU-2021:4122-1: important: Security update for xorg-x11-server Message-ID: <20211220171941.DB5FCFC9F@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:4122-1 Rating: important References: #1190487 #1190488 #1190489 Cross-References: CVE-2021-4009 CVE-2021-4010 CVE-2021-4011 CVSS scores: CVE-2021-4009 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-4010 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-4011 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2021-4009: The handler for the CreatePointerBarrier request of the XFixes extension does not properly validate the request length leading to out of bounds memory write. (bsc#1190487) - CVE-2021-4010: The handler for the Suspend request of the Screen Saver extension does not properly validate the request length leading to out of bounds memory write. (bsc#1190488) - CVE-2021-4011: The handlers for the RecordCreateContext and RecordRegisterClients requests of the Record extension do not properly validate the request length leading to out of bounds memory write. (bsc#1190489) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-4122=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-4122=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-4122=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-4122=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-4122=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-4122=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): xorg-x11-server-1.20.3-14.5.22.1 xorg-x11-server-debuginfo-1.20.3-14.5.22.1 xorg-x11-server-debugsource-1.20.3-14.5.22.1 xorg-x11-server-extra-1.20.3-14.5.22.1 xorg-x11-server-extra-debuginfo-1.20.3-14.5.22.1 xorg-x11-server-sdk-1.20.3-14.5.22.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.20.3-14.5.22.1 xorg-x11-server-debuginfo-1.20.3-14.5.22.1 xorg-x11-server-debugsource-1.20.3-14.5.22.1 xorg-x11-server-extra-1.20.3-14.5.22.1 xorg-x11-server-extra-debuginfo-1.20.3-14.5.22.1 xorg-x11-server-sdk-1.20.3-14.5.22.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): xorg-x11-server-1.20.3-14.5.22.1 xorg-x11-server-debuginfo-1.20.3-14.5.22.1 xorg-x11-server-debugsource-1.20.3-14.5.22.1 xorg-x11-server-extra-1.20.3-14.5.22.1 xorg-x11-server-extra-debuginfo-1.20.3-14.5.22.1 xorg-x11-server-sdk-1.20.3-14.5.22.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): xorg-x11-server-1.20.3-14.5.22.1 xorg-x11-server-debuginfo-1.20.3-14.5.22.1 xorg-x11-server-debugsource-1.20.3-14.5.22.1 xorg-x11-server-extra-1.20.3-14.5.22.1 xorg-x11-server-extra-debuginfo-1.20.3-14.5.22.1 xorg-x11-server-sdk-1.20.3-14.5.22.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): xorg-x11-server-1.20.3-14.5.22.1 xorg-x11-server-debuginfo-1.20.3-14.5.22.1 xorg-x11-server-debugsource-1.20.3-14.5.22.1 xorg-x11-server-extra-1.20.3-14.5.22.1 xorg-x11-server-extra-debuginfo-1.20.3-14.5.22.1 xorg-x11-server-sdk-1.20.3-14.5.22.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): xorg-x11-server-1.20.3-14.5.22.1 xorg-x11-server-debuginfo-1.20.3-14.5.22.1 xorg-x11-server-debugsource-1.20.3-14.5.22.1 xorg-x11-server-extra-1.20.3-14.5.22.1 xorg-x11-server-extra-debuginfo-1.20.3-14.5.22.1 xorg-x11-server-sdk-1.20.3-14.5.22.1 - SUSE CaaS Platform 4.0 (x86_64): xorg-x11-server-1.20.3-14.5.22.1 xorg-x11-server-debuginfo-1.20.3-14.5.22.1 xorg-x11-server-debugsource-1.20.3-14.5.22.1 xorg-x11-server-extra-1.20.3-14.5.22.1 xorg-x11-server-extra-debuginfo-1.20.3-14.5.22.1 xorg-x11-server-sdk-1.20.3-14.5.22.1 References: https://www.suse.com/security/cve/CVE-2021-4009.html https://www.suse.com/security/cve/CVE-2021-4010.html https://www.suse.com/security/cve/CVE-2021-4011.html https://bugzilla.suse.com/1190487 https://bugzilla.suse.com/1190488 https://bugzilla.suse.com/1190489 From sle-updates at lists.suse.com Mon Dec 20 17:22:22 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Dec 2021 18:22:22 +0100 (CET) Subject: SUSE-SU-2021:4121-1: important: Security update for xorg-x11-server Message-ID: <20211220172222.5D641FC9F@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:4121-1 Rating: important References: #1190487 #1190489 Cross-References: CVE-2021-4009 CVE-2021-4011 CVSS scores: CVE-2021-4009 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-4011 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2021-4009: The handler for the CreatePointerBarrier request of the XFixes extension does not properly validate the request length leading to out of bounds memory write. (bsc#1190487) - CVE-2021-4011: The handlers for the RecordCreateContext and RecordRegisterClients requests of the Record extension do not properly validate the request length leading to out of bounds memory write. (bsc#1190489) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-4121=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-4121=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-4121=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-4121=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): xorg-x11-server-1.19.6-8.36.1 xorg-x11-server-debuginfo-1.19.6-8.36.1 xorg-x11-server-debugsource-1.19.6-8.36.1 xorg-x11-server-extra-1.19.6-8.36.1 xorg-x11-server-extra-debuginfo-1.19.6-8.36.1 xorg-x11-server-sdk-1.19.6-8.36.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): xorg-x11-server-1.19.6-8.36.1 xorg-x11-server-debuginfo-1.19.6-8.36.1 xorg-x11-server-debugsource-1.19.6-8.36.1 xorg-x11-server-extra-1.19.6-8.36.1 xorg-x11-server-extra-debuginfo-1.19.6-8.36.1 xorg-x11-server-sdk-1.19.6-8.36.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): xorg-x11-server-1.19.6-8.36.1 xorg-x11-server-debuginfo-1.19.6-8.36.1 xorg-x11-server-debugsource-1.19.6-8.36.1 xorg-x11-server-extra-1.19.6-8.36.1 xorg-x11-server-extra-debuginfo-1.19.6-8.36.1 xorg-x11-server-sdk-1.19.6-8.36.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): xorg-x11-server-1.19.6-8.36.1 xorg-x11-server-debuginfo-1.19.6-8.36.1 xorg-x11-server-debugsource-1.19.6-8.36.1 xorg-x11-server-extra-1.19.6-8.36.1 xorg-x11-server-extra-debuginfo-1.19.6-8.36.1 xorg-x11-server-sdk-1.19.6-8.36.1 References: https://www.suse.com/security/cve/CVE-2021-4009.html https://www.suse.com/security/cve/CVE-2021-4011.html https://bugzilla.suse.com/1190487 https://bugzilla.suse.com/1190489 From sle-updates at lists.suse.com Mon Dec 20 17:23:43 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Dec 2021 18:23:43 +0100 (CET) Subject: SUSE-SU-2021:4119-1: important: Security update for xorg-x11-server Message-ID: <20211220172343.B9909FC9F@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:4119-1 Rating: important References: #1190487 #1190489 Cross-References: CVE-2021-4009 CVE-2021-4011 CVSS scores: CVE-2021-4009 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-4011 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2021-4009: The handler for the CreatePointerBarrier request of the XFixes extension does not properly validate the request length leading to out of bounds memory write. (bsc#1190487) - CVE-2021-4011: The handlers for the RecordCreateContext and RecordRegisterClients requests of the Record extension do not properly validate the request length leading to out of bounds memory write. (bsc#1190489) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-4119=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-4119=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): xorg-x11-server-debuginfo-1.19.6-10.29.1 xorg-x11-server-debugsource-1.19.6-10.29.1 xorg-x11-server-sdk-1.19.6-10.29.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.19.6-10.29.1 xorg-x11-server-debuginfo-1.19.6-10.29.1 xorg-x11-server-debugsource-1.19.6-10.29.1 xorg-x11-server-extra-1.19.6-10.29.1 xorg-x11-server-extra-debuginfo-1.19.6-10.29.1 References: https://www.suse.com/security/cve/CVE-2021-4009.html https://www.suse.com/security/cve/CVE-2021-4011.html https://bugzilla.suse.com/1190487 https://bugzilla.suse.com/1190489 From sle-updates at lists.suse.com Mon Dec 20 17:25:05 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Dec 2021 18:25:05 +0100 (CET) Subject: SUSE-SU-2021:14867-1: important: Security update for xorg-x11-server Message-ID: <20211220172505.5A400FC9F@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14867-1 Rating: important References: #1190489 Cross-References: CVE-2021-4011 CVSS scores: CVE-2021-4011 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2021-4011: The handlers for the RecordCreateContext and RecordRegisterClients requests of the Record extension do not properly validate the request length leading to out of bounds memory write. (bsc#1190489) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-xorg-x11-server-14867=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-xorg-x11-server-14867=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xorg-x11-server-14867=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-xorg-x11-server-14867=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): xorg-x11-Xvnc-7.4-27.122.46.1 xorg-x11-server-7.4-27.122.46.1 xorg-x11-server-extra-7.4-27.122.46.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): xorg-x11-Xvnc-7.4-27.122.46.1 xorg-x11-server-7.4-27.122.46.1 xorg-x11-server-extra-7.4-27.122.46.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): xorg-x11-server-debuginfo-7.4-27.122.46.1 xorg-x11-server-debugsource-7.4-27.122.46.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): xorg-x11-server-debuginfo-7.4-27.122.46.1 xorg-x11-server-debugsource-7.4-27.122.46.1 References: https://www.suse.com/security/cve/CVE-2021-4011.html https://bugzilla.suse.com/1190489 From sle-updates at lists.suse.com Mon Dec 20 17:26:17 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Dec 2021 18:26:17 +0100 (CET) Subject: SUSE-RU-2021:3965-2: important: Recommended update for nghttp2 Message-ID: <20211220172617.E1DF5FC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for nghttp2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:3965-2 Rating: important References: #1192681 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for nghttp2 fixes the following issue: - libnghttp2-devel was missing from the SDK. (bsc#1192681) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-3965=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64): libnghttp2-devel-1.39.2-3.7.1 References: https://bugzilla.suse.com/1192681 From sle-updates at lists.suse.com Mon Dec 20 20:17:03 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Dec 2021 21:17:03 +0100 (CET) Subject: SUSE-RU-2021:4126-1: important: Recommended update for samba Message-ID: <20211220201703.34DFFFD0A@maintenance.suse.de> SUSE Recommended Update: Recommended update for samba ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4126-1 Rating: important References: #1192849 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise High Availability 12-SP3 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for samba fixes the following issues: The username map advice from the CVE-2020-25717 advisory note has undesired side effects for the local nt token. Fallback to a SID/UID based mapping if the name based lookup fails (bsc#1192849). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-4126=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-4126=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-4126=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-4126=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-4126=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-4126=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-4126=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-4126=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-4126=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2021-4126=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2021-4126=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-4126=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): samba-doc-4.6.16+git.313.502515a5bfc-3.67.2 - SUSE OpenStack Cloud Crowbar 9 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc-binding0-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc-binding0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc0-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libndr-krb5pac0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr-krb5pac0-4.6.16+git.313.502515a5bfc-3.67.2 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr-krb5pac0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libndr-nbt0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr-nbt0-4.6.16+git.313.502515a5bfc-3.67.2 libndr-nbt0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr-nbt0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libndr-standard0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr-standard0-4.6.16+git.313.502515a5bfc-3.67.2 libndr-standard0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr-standard0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libndr0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr0-4.6.16+git.313.502515a5bfc-3.67.2 libndr0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libnetapi0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libnetapi0-4.6.16+git.313.502515a5bfc-3.67.2 libnetapi0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libnetapi0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-credentials0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-credentials0-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-credentials0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-credentials0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-errors0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-errors0-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-errors0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-errors0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-hostconfig0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-hostconfig0-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-hostconfig0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-passdb0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-passdb0-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-passdb0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-passdb0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-util0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-util0-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-util0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-util0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsamdb0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamdb0-4.6.16+git.313.502515a5bfc-3.67.2 libsamdb0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamdb0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsmbclient0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsmbclient0-4.6.16+git.313.502515a5bfc-3.67.2 libsmbclient0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsmbclient0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsmbconf0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsmbconf0-4.6.16+git.313.502515a5bfc-3.67.2 libsmbconf0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsmbconf0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsmbldap0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsmbldap0-4.6.16+git.313.502515a5bfc-3.67.2 libsmbldap0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsmbldap0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libtevent-util0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libtevent-util0-4.6.16+git.313.502515a5bfc-3.67.2 libtevent-util0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libtevent-util0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libwbclient0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libwbclient0-4.6.16+git.313.502515a5bfc-3.67.2 libwbclient0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libwbclient0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 samba-4.6.16+git.313.502515a5bfc-3.67.2 samba-client-32bit-4.6.16+git.313.502515a5bfc-3.67.2 samba-client-4.6.16+git.313.502515a5bfc-3.67.2 samba-client-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 samba-client-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 samba-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 samba-debugsource-4.6.16+git.313.502515a5bfc-3.67.2 samba-libs-32bit-4.6.16+git.313.502515a5bfc-3.67.2 samba-libs-4.6.16+git.313.502515a5bfc-3.67.2 samba-libs-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 samba-libs-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 samba-winbind-32bit-4.6.16+git.313.502515a5bfc-3.67.2 samba-winbind-4.6.16+git.313.502515a5bfc-3.67.2 samba-winbind-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 samba-winbind-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 - SUSE OpenStack Cloud Crowbar 8 (noarch): samba-doc-4.6.16+git.313.502515a5bfc-3.67.2 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc-binding0-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc-binding0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc0-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libndr-krb5pac0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr-krb5pac0-4.6.16+git.313.502515a5bfc-3.67.2 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr-krb5pac0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libndr-nbt0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr-nbt0-4.6.16+git.313.502515a5bfc-3.67.2 libndr-nbt0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr-nbt0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libndr-standard0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr-standard0-4.6.16+git.313.502515a5bfc-3.67.2 libndr-standard0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr-standard0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libndr0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr0-4.6.16+git.313.502515a5bfc-3.67.2 libndr0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libnetapi0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libnetapi0-4.6.16+git.313.502515a5bfc-3.67.2 libnetapi0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libnetapi0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-credentials0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-credentials0-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-credentials0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-credentials0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-errors0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-errors0-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-errors0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-errors0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-hostconfig0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-hostconfig0-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-hostconfig0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-passdb0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-passdb0-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-passdb0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-passdb0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-util0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-util0-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-util0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-util0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsamdb0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamdb0-4.6.16+git.313.502515a5bfc-3.67.2 libsamdb0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamdb0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsmbclient0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsmbclient0-4.6.16+git.313.502515a5bfc-3.67.2 libsmbclient0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsmbclient0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsmbconf0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsmbconf0-4.6.16+git.313.502515a5bfc-3.67.2 libsmbconf0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsmbconf0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsmbldap0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsmbldap0-4.6.16+git.313.502515a5bfc-3.67.2 libsmbldap0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsmbldap0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libtevent-util0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libtevent-util0-4.6.16+git.313.502515a5bfc-3.67.2 libtevent-util0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libtevent-util0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libwbclient0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libwbclient0-4.6.16+git.313.502515a5bfc-3.67.2 libwbclient0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libwbclient0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 samba-4.6.16+git.313.502515a5bfc-3.67.2 samba-client-32bit-4.6.16+git.313.502515a5bfc-3.67.2 samba-client-4.6.16+git.313.502515a5bfc-3.67.2 samba-client-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 samba-client-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 samba-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 samba-debugsource-4.6.16+git.313.502515a5bfc-3.67.2 samba-libs-32bit-4.6.16+git.313.502515a5bfc-3.67.2 samba-libs-4.6.16+git.313.502515a5bfc-3.67.2 samba-libs-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 samba-libs-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 samba-winbind-32bit-4.6.16+git.313.502515a5bfc-3.67.2 samba-winbind-4.6.16+git.313.502515a5bfc-3.67.2 samba-winbind-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 samba-winbind-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 - SUSE OpenStack Cloud 9 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc-binding0-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc-binding0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc0-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libndr-krb5pac0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr-krb5pac0-4.6.16+git.313.502515a5bfc-3.67.2 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr-krb5pac0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libndr-nbt0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr-nbt0-4.6.16+git.313.502515a5bfc-3.67.2 libndr-nbt0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr-nbt0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libndr-standard0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr-standard0-4.6.16+git.313.502515a5bfc-3.67.2 libndr-standard0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr-standard0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libndr0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr0-4.6.16+git.313.502515a5bfc-3.67.2 libndr0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libnetapi0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libnetapi0-4.6.16+git.313.502515a5bfc-3.67.2 libnetapi0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libnetapi0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-credentials0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-credentials0-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-credentials0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-credentials0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-errors0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-errors0-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-errors0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-errors0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-hostconfig0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-hostconfig0-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-hostconfig0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-passdb0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-passdb0-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-passdb0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-passdb0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-util0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-util0-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-util0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-util0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsamdb0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamdb0-4.6.16+git.313.502515a5bfc-3.67.2 libsamdb0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamdb0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsmbclient0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsmbclient0-4.6.16+git.313.502515a5bfc-3.67.2 libsmbclient0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsmbclient0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsmbconf0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsmbconf0-4.6.16+git.313.502515a5bfc-3.67.2 libsmbconf0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsmbconf0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsmbldap0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsmbldap0-4.6.16+git.313.502515a5bfc-3.67.2 libsmbldap0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsmbldap0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libtevent-util0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libtevent-util0-4.6.16+git.313.502515a5bfc-3.67.2 libtevent-util0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libtevent-util0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libwbclient0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libwbclient0-4.6.16+git.313.502515a5bfc-3.67.2 libwbclient0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libwbclient0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 samba-4.6.16+git.313.502515a5bfc-3.67.2 samba-client-32bit-4.6.16+git.313.502515a5bfc-3.67.2 samba-client-4.6.16+git.313.502515a5bfc-3.67.2 samba-client-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 samba-client-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 samba-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 samba-debugsource-4.6.16+git.313.502515a5bfc-3.67.2 samba-libs-32bit-4.6.16+git.313.502515a5bfc-3.67.2 samba-libs-4.6.16+git.313.502515a5bfc-3.67.2 samba-libs-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 samba-libs-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 samba-winbind-32bit-4.6.16+git.313.502515a5bfc-3.67.2 samba-winbind-4.6.16+git.313.502515a5bfc-3.67.2 samba-winbind-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 samba-winbind-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 - SUSE OpenStack Cloud 9 (noarch): samba-doc-4.6.16+git.313.502515a5bfc-3.67.2 - SUSE OpenStack Cloud 8 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc-binding0-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc-binding0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc0-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libndr-krb5pac0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr-krb5pac0-4.6.16+git.313.502515a5bfc-3.67.2 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr-krb5pac0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libndr-nbt0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr-nbt0-4.6.16+git.313.502515a5bfc-3.67.2 libndr-nbt0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr-nbt0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libndr-standard0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr-standard0-4.6.16+git.313.502515a5bfc-3.67.2 libndr-standard0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr-standard0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libndr0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr0-4.6.16+git.313.502515a5bfc-3.67.2 libndr0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libnetapi0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libnetapi0-4.6.16+git.313.502515a5bfc-3.67.2 libnetapi0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libnetapi0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-credentials0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-credentials0-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-credentials0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-credentials0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-errors0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-errors0-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-errors0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-errors0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-hostconfig0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-hostconfig0-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-hostconfig0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-passdb0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-passdb0-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-passdb0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-passdb0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-util0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-util0-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-util0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-util0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsamdb0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamdb0-4.6.16+git.313.502515a5bfc-3.67.2 libsamdb0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamdb0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsmbclient0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsmbclient0-4.6.16+git.313.502515a5bfc-3.67.2 libsmbclient0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsmbclient0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsmbconf0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsmbconf0-4.6.16+git.313.502515a5bfc-3.67.2 libsmbconf0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsmbconf0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsmbldap0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsmbldap0-4.6.16+git.313.502515a5bfc-3.67.2 libsmbldap0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsmbldap0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libtevent-util0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libtevent-util0-4.6.16+git.313.502515a5bfc-3.67.2 libtevent-util0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libtevent-util0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libwbclient0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libwbclient0-4.6.16+git.313.502515a5bfc-3.67.2 libwbclient0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libwbclient0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 samba-4.6.16+git.313.502515a5bfc-3.67.2 samba-client-32bit-4.6.16+git.313.502515a5bfc-3.67.2 samba-client-4.6.16+git.313.502515a5bfc-3.67.2 samba-client-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 samba-client-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 samba-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 samba-debugsource-4.6.16+git.313.502515a5bfc-3.67.2 samba-libs-32bit-4.6.16+git.313.502515a5bfc-3.67.2 samba-libs-4.6.16+git.313.502515a5bfc-3.67.2 samba-libs-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 samba-libs-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 samba-winbind-32bit-4.6.16+git.313.502515a5bfc-3.67.2 samba-winbind-4.6.16+git.313.502515a5bfc-3.67.2 samba-winbind-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 samba-winbind-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 - SUSE OpenStack Cloud 8 (noarch): samba-doc-4.6.16+git.313.502515a5bfc-3.67.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libdcerpc-binding0-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc-binding0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc0-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libndr-krb5pac0-4.6.16+git.313.502515a5bfc-3.67.2 libndr-krb5pac0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libndr-nbt0-4.6.16+git.313.502515a5bfc-3.67.2 libndr-nbt0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libndr-standard0-4.6.16+git.313.502515a5bfc-3.67.2 libndr-standard0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libndr0-4.6.16+git.313.502515a5bfc-3.67.2 libndr0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libnetapi0-4.6.16+git.313.502515a5bfc-3.67.2 libnetapi0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-credentials0-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-credentials0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-errors0-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-errors0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-hostconfig0-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-hostconfig0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-passdb0-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-passdb0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-util0-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-util0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsamdb0-4.6.16+git.313.502515a5bfc-3.67.2 libsamdb0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsmbclient0-4.6.16+git.313.502515a5bfc-3.67.2 libsmbclient0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsmbconf0-4.6.16+git.313.502515a5bfc-3.67.2 libsmbconf0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsmbldap0-4.6.16+git.313.502515a5bfc-3.67.2 libsmbldap0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libtevent-util0-4.6.16+git.313.502515a5bfc-3.67.2 libtevent-util0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libwbclient0-4.6.16+git.313.502515a5bfc-3.67.2 libwbclient0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 samba-4.6.16+git.313.502515a5bfc-3.67.2 samba-client-4.6.16+git.313.502515a5bfc-3.67.2 samba-client-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 samba-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 samba-debugsource-4.6.16+git.313.502515a5bfc-3.67.2 samba-libs-4.6.16+git.313.502515a5bfc-3.67.2 samba-libs-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 samba-winbind-4.6.16+git.313.502515a5bfc-3.67.2 samba-winbind-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): samba-doc-4.6.16+git.313.502515a5bfc-3.67.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr-krb5pac0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr-nbt0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr-nbt0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr-standard0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr-standard0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libnetapi0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libnetapi0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-credentials0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-credentials0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-errors0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-errors0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-hostconfig0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-passdb0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-passdb0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-util0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-util0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamdb0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamdb0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsmbclient0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsmbclient0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsmbconf0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsmbconf0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsmbldap0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsmbldap0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libtevent-util0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libtevent-util0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libwbclient0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libwbclient0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 samba-client-32bit-4.6.16+git.313.502515a5bfc-3.67.2 samba-client-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 samba-libs-32bit-4.6.16+git.313.502515a5bfc-3.67.2 samba-libs-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 samba-winbind-32bit-4.6.16+git.313.502515a5bfc-3.67.2 samba-winbind-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libdcerpc-binding0-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc-binding0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc0-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libndr-krb5pac0-4.6.16+git.313.502515a5bfc-3.67.2 libndr-krb5pac0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libndr-nbt0-4.6.16+git.313.502515a5bfc-3.67.2 libndr-nbt0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libndr-standard0-4.6.16+git.313.502515a5bfc-3.67.2 libndr-standard0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libndr0-4.6.16+git.313.502515a5bfc-3.67.2 libndr0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libnetapi0-4.6.16+git.313.502515a5bfc-3.67.2 libnetapi0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-credentials0-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-credentials0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-errors0-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-errors0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-hostconfig0-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-hostconfig0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-passdb0-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-passdb0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-util0-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-util0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsamdb0-4.6.16+git.313.502515a5bfc-3.67.2 libsamdb0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsmbclient0-4.6.16+git.313.502515a5bfc-3.67.2 libsmbclient0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsmbconf0-4.6.16+git.313.502515a5bfc-3.67.2 libsmbconf0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsmbldap0-4.6.16+git.313.502515a5bfc-3.67.2 libsmbldap0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libtevent-util0-4.6.16+git.313.502515a5bfc-3.67.2 libtevent-util0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libwbclient0-4.6.16+git.313.502515a5bfc-3.67.2 libwbclient0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 samba-4.6.16+git.313.502515a5bfc-3.67.2 samba-client-4.6.16+git.313.502515a5bfc-3.67.2 samba-client-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 samba-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 samba-debugsource-4.6.16+git.313.502515a5bfc-3.67.2 samba-libs-4.6.16+git.313.502515a5bfc-3.67.2 samba-libs-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 samba-winbind-4.6.16+git.313.502515a5bfc-3.67.2 samba-winbind-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr-krb5pac0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr-nbt0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr-nbt0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr-standard0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr-standard0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libnetapi0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libnetapi0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-credentials0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-credentials0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-errors0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-errors0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-hostconfig0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-passdb0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-passdb0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-util0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-util0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamdb0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamdb0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsmbclient0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsmbclient0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsmbconf0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsmbconf0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsmbldap0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsmbldap0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libtevent-util0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libtevent-util0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libwbclient0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libwbclient0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 samba-client-32bit-4.6.16+git.313.502515a5bfc-3.67.2 samba-client-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 samba-libs-32bit-4.6.16+git.313.502515a5bfc-3.67.2 samba-libs-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 samba-winbind-32bit-4.6.16+git.313.502515a5bfc-3.67.2 samba-winbind-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): samba-doc-4.6.16+git.313.502515a5bfc-3.67.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc-binding0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc0-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libndr-krb5pac0-4.6.16+git.313.502515a5bfc-3.67.2 libndr-krb5pac0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libndr-nbt0-4.6.16+git.313.502515a5bfc-3.67.2 libndr-nbt0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libndr-standard0-4.6.16+git.313.502515a5bfc-3.67.2 libndr-standard0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libndr0-4.6.16+git.313.502515a5bfc-3.67.2 libndr0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libnetapi0-4.6.16+git.313.502515a5bfc-3.67.2 libnetapi0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-credentials0-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-credentials0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-errors0-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-errors0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-hostconfig0-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-hostconfig0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-passdb0-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-passdb0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-util0-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-util0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsamdb0-4.6.16+git.313.502515a5bfc-3.67.2 libsamdb0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsmbclient0-4.6.16+git.313.502515a5bfc-3.67.2 libsmbclient0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsmbconf0-4.6.16+git.313.502515a5bfc-3.67.2 libsmbconf0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsmbldap0-4.6.16+git.313.502515a5bfc-3.67.2 libsmbldap0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libtevent-util0-4.6.16+git.313.502515a5bfc-3.67.2 libtevent-util0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libwbclient0-4.6.16+git.313.502515a5bfc-3.67.2 libwbclient0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 samba-4.6.16+git.313.502515a5bfc-3.67.2 samba-client-4.6.16+git.313.502515a5bfc-3.67.2 samba-client-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 samba-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 samba-debugsource-4.6.16+git.313.502515a5bfc-3.67.2 samba-libs-4.6.16+git.313.502515a5bfc-3.67.2 samba-libs-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 samba-winbind-4.6.16+git.313.502515a5bfc-3.67.2 samba-winbind-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libdcerpc-binding0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr-krb5pac0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr-nbt0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr-nbt0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr-standard0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr-standard0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libnetapi0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libnetapi0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-credentials0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-credentials0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-errors0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-errors0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-hostconfig0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-passdb0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-passdb0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-util0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-util0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamdb0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamdb0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsmbclient0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsmbclient0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsmbconf0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsmbconf0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsmbldap0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsmbldap0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libtevent-util0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libtevent-util0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libwbclient0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libwbclient0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 samba-client-32bit-4.6.16+git.313.502515a5bfc-3.67.2 samba-client-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 samba-libs-32bit-4.6.16+git.313.502515a5bfc-3.67.2 samba-libs-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 samba-winbind-32bit-4.6.16+git.313.502515a5bfc-3.67.2 samba-winbind-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): samba-doc-4.6.16+git.313.502515a5bfc-3.67.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc-binding0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc0-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libndr-krb5pac0-4.6.16+git.313.502515a5bfc-3.67.2 libndr-krb5pac0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libndr-nbt0-4.6.16+git.313.502515a5bfc-3.67.2 libndr-nbt0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libndr-standard0-4.6.16+git.313.502515a5bfc-3.67.2 libndr-standard0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libndr0-4.6.16+git.313.502515a5bfc-3.67.2 libndr0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libnetapi0-4.6.16+git.313.502515a5bfc-3.67.2 libnetapi0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-credentials0-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-credentials0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-errors0-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-errors0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-hostconfig0-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-hostconfig0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-passdb0-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-passdb0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-util0-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-util0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsamdb0-4.6.16+git.313.502515a5bfc-3.67.2 libsamdb0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsmbclient0-4.6.16+git.313.502515a5bfc-3.67.2 libsmbclient0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsmbconf0-4.6.16+git.313.502515a5bfc-3.67.2 libsmbconf0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsmbldap0-4.6.16+git.313.502515a5bfc-3.67.2 libsmbldap0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libtevent-util0-4.6.16+git.313.502515a5bfc-3.67.2 libtevent-util0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libwbclient0-4.6.16+git.313.502515a5bfc-3.67.2 libwbclient0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 samba-4.6.16+git.313.502515a5bfc-3.67.2 samba-client-4.6.16+git.313.502515a5bfc-3.67.2 samba-client-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 samba-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 samba-debugsource-4.6.16+git.313.502515a5bfc-3.67.2 samba-libs-4.6.16+git.313.502515a5bfc-3.67.2 samba-libs-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 samba-winbind-4.6.16+git.313.502515a5bfc-3.67.2 samba-winbind-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libdcerpc-binding0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr-krb5pac0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr-nbt0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr-nbt0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr-standard0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr-standard0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libnetapi0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libnetapi0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-credentials0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-credentials0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-errors0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-errors0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-hostconfig0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-passdb0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-passdb0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-util0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-util0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamdb0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamdb0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsmbclient0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsmbclient0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsmbconf0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsmbconf0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsmbldap0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsmbldap0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libtevent-util0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libtevent-util0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libwbclient0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libwbclient0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 samba-client-32bit-4.6.16+git.313.502515a5bfc-3.67.2 samba-client-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 samba-libs-32bit-4.6.16+git.313.502515a5bfc-3.67.2 samba-libs-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 samba-winbind-32bit-4.6.16+git.313.502515a5bfc-3.67.2 samba-winbind-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): samba-doc-4.6.16+git.313.502515a5bfc-3.67.2 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libdcerpc-binding0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc-binding0-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc-binding0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc0-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libndr-krb5pac0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr-krb5pac0-4.6.16+git.313.502515a5bfc-3.67.2 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr-krb5pac0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libndr-nbt0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr-nbt0-4.6.16+git.313.502515a5bfc-3.67.2 libndr-nbt0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr-nbt0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libndr-standard0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr-standard0-4.6.16+git.313.502515a5bfc-3.67.2 libndr-standard0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr-standard0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libndr0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr0-4.6.16+git.313.502515a5bfc-3.67.2 libndr0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libnetapi0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libnetapi0-4.6.16+git.313.502515a5bfc-3.67.2 libnetapi0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libnetapi0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-credentials0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-credentials0-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-credentials0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-credentials0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-errors0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-errors0-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-errors0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-errors0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-hostconfig0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-hostconfig0-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-hostconfig0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-passdb0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-passdb0-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-passdb0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-passdb0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-util0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-util0-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-util0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-util0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsamdb0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamdb0-4.6.16+git.313.502515a5bfc-3.67.2 libsamdb0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamdb0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsmbclient0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsmbclient0-4.6.16+git.313.502515a5bfc-3.67.2 libsmbclient0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsmbclient0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsmbconf0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsmbconf0-4.6.16+git.313.502515a5bfc-3.67.2 libsmbconf0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsmbconf0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsmbldap0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsmbldap0-4.6.16+git.313.502515a5bfc-3.67.2 libsmbldap0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsmbldap0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libtevent-util0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libtevent-util0-4.6.16+git.313.502515a5bfc-3.67.2 libtevent-util0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libtevent-util0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libwbclient0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libwbclient0-4.6.16+git.313.502515a5bfc-3.67.2 libwbclient0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libwbclient0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 samba-4.6.16+git.313.502515a5bfc-3.67.2 samba-client-32bit-4.6.16+git.313.502515a5bfc-3.67.2 samba-client-4.6.16+git.313.502515a5bfc-3.67.2 samba-client-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 samba-client-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 samba-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 samba-debugsource-4.6.16+git.313.502515a5bfc-3.67.2 samba-libs-32bit-4.6.16+git.313.502515a5bfc-3.67.2 samba-libs-4.6.16+git.313.502515a5bfc-3.67.2 samba-libs-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 samba-libs-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 samba-winbind-32bit-4.6.16+git.313.502515a5bfc-3.67.2 samba-winbind-4.6.16+git.313.502515a5bfc-3.67.2 samba-winbind-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 samba-winbind-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): samba-doc-4.6.16+git.313.502515a5bfc-3.67.2 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): ctdb-4.6.16+git.313.502515a5bfc-3.67.2 ctdb-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 samba-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 samba-debugsource-4.6.16+git.313.502515a5bfc-3.67.2 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): ctdb-4.6.16+git.313.502515a5bfc-3.67.2 ctdb-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 samba-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 samba-debugsource-4.6.16+git.313.502515a5bfc-3.67.2 - HPE Helion Openstack 8 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc-binding0-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc-binding0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc0-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libdcerpc0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libndr-krb5pac0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr-krb5pac0-4.6.16+git.313.502515a5bfc-3.67.2 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr-krb5pac0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libndr-nbt0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr-nbt0-4.6.16+git.313.502515a5bfc-3.67.2 libndr-nbt0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr-nbt0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libndr-standard0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr-standard0-4.6.16+git.313.502515a5bfc-3.67.2 libndr-standard0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr-standard0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libndr0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr0-4.6.16+git.313.502515a5bfc-3.67.2 libndr0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libndr0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libnetapi0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libnetapi0-4.6.16+git.313.502515a5bfc-3.67.2 libnetapi0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libnetapi0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-credentials0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-credentials0-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-credentials0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-credentials0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-errors0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-errors0-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-errors0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-errors0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-hostconfig0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-hostconfig0-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-hostconfig0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-passdb0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-passdb0-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-passdb0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-passdb0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-util0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-util0-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-util0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamba-util0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsamdb0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamdb0-4.6.16+git.313.502515a5bfc-3.67.2 libsamdb0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsamdb0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsmbclient0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsmbclient0-4.6.16+git.313.502515a5bfc-3.67.2 libsmbclient0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsmbclient0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsmbconf0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsmbconf0-4.6.16+git.313.502515a5bfc-3.67.2 libsmbconf0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsmbconf0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libsmbldap0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsmbldap0-4.6.16+git.313.502515a5bfc-3.67.2 libsmbldap0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libsmbldap0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libtevent-util0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libtevent-util0-4.6.16+git.313.502515a5bfc-3.67.2 libtevent-util0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libtevent-util0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 libwbclient0-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libwbclient0-4.6.16+git.313.502515a5bfc-3.67.2 libwbclient0-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 libwbclient0-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 samba-4.6.16+git.313.502515a5bfc-3.67.2 samba-client-32bit-4.6.16+git.313.502515a5bfc-3.67.2 samba-client-4.6.16+git.313.502515a5bfc-3.67.2 samba-client-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 samba-client-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 samba-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 samba-debugsource-4.6.16+git.313.502515a5bfc-3.67.2 samba-libs-32bit-4.6.16+git.313.502515a5bfc-3.67.2 samba-libs-4.6.16+git.313.502515a5bfc-3.67.2 samba-libs-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 samba-libs-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 samba-winbind-32bit-4.6.16+git.313.502515a5bfc-3.67.2 samba-winbind-4.6.16+git.313.502515a5bfc-3.67.2 samba-winbind-debuginfo-32bit-4.6.16+git.313.502515a5bfc-3.67.2 samba-winbind-debuginfo-4.6.16+git.313.502515a5bfc-3.67.2 - HPE Helion Openstack 8 (noarch): samba-doc-4.6.16+git.313.502515a5bfc-3.67.2 References: https://www.suse.com/security/cve/CVE-2020-25717.html https://bugzilla.suse.com/1192849 From sle-updates at lists.suse.com Mon Dec 20 20:19:17 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Dec 2021 21:19:17 +0100 (CET) Subject: SUSE-RU-2021:4127-1: important: Recommended update for samba Message-ID: <20211220201917.BD255FD0A@maintenance.suse.de> SUSE Recommended Update: Recommended update for samba ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4127-1 Rating: important References: #1192849 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for samba fixes the following issues: The username map advice from the CVE-2020-25717 advisory note has undesired side effects for the local nt token. Fallback to a SID/UID based mapping if the name based lookup fails (bsc#1192849). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-4127=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-4127=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-4127=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-4127=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2021-4127=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libdcerpc-binding0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libdcerpc-binding0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libdcerpc-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libdcerpc-samr-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libdcerpc-samr0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libdcerpc-samr0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libdcerpc0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libdcerpc0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr-krb5pac-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr-krb5pac0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr-krb5pac0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr-nbt-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr-nbt0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr-nbt0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr-standard-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr-standard0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr-standard0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libnetapi-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libnetapi0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libnetapi0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-credentials-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-credentials0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-credentials0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-errors-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-errors0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-errors0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-hostconfig-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-hostconfig0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-hostconfig0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-passdb-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-passdb0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-passdb0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-policy-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-policy0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-util-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-util0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-util0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamdb-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamdb0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamdb0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsmbclient-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsmbclient0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsmbclient0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsmbconf-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsmbconf0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsmbconf0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsmbldap-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsmbldap2-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsmbldap2-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libtevent-util-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libtevent-util0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libtevent-util0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libwbclient-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libwbclient0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libwbclient0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 samba-4.7.11+git.358.cb5ede6f1e5-4.60.2 samba-client-4.7.11+git.358.cb5ede6f1e5-4.60.2 samba-client-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 samba-core-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 samba-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 samba-debugsource-4.7.11+git.358.cb5ede6f1e5-4.60.2 samba-libs-4.7.11+git.358.cb5ede6f1e5-4.60.2 samba-libs-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 samba-winbind-4.7.11+git.358.cb5ede6f1e5-4.60.2 samba-winbind-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libdcerpc-binding0-32bit-4.7.11+git.358.cb5ede6f1e5-4.60.2 libdcerpc-binding0-32bit-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libdcerpc0-32bit-4.7.11+git.358.cb5ede6f1e5-4.60.2 libdcerpc0-32bit-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr-krb5pac0-32bit-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr-krb5pac0-32bit-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr-nbt0-32bit-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr-nbt0-32bit-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr-standard0-32bit-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr-standard0-32bit-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr0-32bit-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr0-32bit-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libnetapi0-32bit-4.7.11+git.358.cb5ede6f1e5-4.60.2 libnetapi0-32bit-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-credentials0-32bit-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-credentials0-32bit-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-errors0-32bit-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-errors0-32bit-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-hostconfig0-32bit-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-hostconfig0-32bit-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-passdb0-32bit-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-passdb0-32bit-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-util0-32bit-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-util0-32bit-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamdb0-32bit-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamdb0-32bit-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsmbclient0-32bit-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsmbclient0-32bit-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsmbconf0-32bit-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsmbconf0-32bit-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsmbldap2-32bit-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsmbldap2-32bit-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libtevent-util0-32bit-4.7.11+git.358.cb5ede6f1e5-4.60.2 libtevent-util0-32bit-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libwbclient0-32bit-4.7.11+git.358.cb5ede6f1e5-4.60.2 libwbclient0-32bit-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 samba-client-32bit-4.7.11+git.358.cb5ede6f1e5-4.60.2 samba-client-32bit-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 samba-libs-32bit-4.7.11+git.358.cb5ede6f1e5-4.60.2 samba-libs-32bit-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 samba-winbind-32bit-4.7.11+git.358.cb5ede6f1e5-4.60.2 samba-winbind-32bit-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libdcerpc-binding0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libdcerpc-binding0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libdcerpc-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libdcerpc-samr-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libdcerpc-samr0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libdcerpc-samr0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libdcerpc0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libdcerpc0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr-krb5pac-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr-krb5pac0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr-krb5pac0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr-nbt-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr-nbt0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr-nbt0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr-standard-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr-standard0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr-standard0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libnetapi-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libnetapi0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libnetapi0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-credentials-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-credentials0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-credentials0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-errors-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-errors0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-errors0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-hostconfig-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-hostconfig0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-hostconfig0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-passdb-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-passdb0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-passdb0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-policy-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-policy0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-util-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-util0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-util0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamdb-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamdb0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamdb0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsmbclient-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsmbclient0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsmbclient0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsmbconf-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsmbconf0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsmbconf0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsmbldap-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsmbldap2-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsmbldap2-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libtevent-util-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libtevent-util0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libtevent-util0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libwbclient-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libwbclient0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libwbclient0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 samba-4.7.11+git.358.cb5ede6f1e5-4.60.2 samba-client-4.7.11+git.358.cb5ede6f1e5-4.60.2 samba-client-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 samba-core-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 samba-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 samba-debugsource-4.7.11+git.358.cb5ede6f1e5-4.60.2 samba-libs-4.7.11+git.358.cb5ede6f1e5-4.60.2 samba-libs-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 samba-winbind-4.7.11+git.358.cb5ede6f1e5-4.60.2 samba-winbind-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libdcerpc-binding0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libdcerpc-binding0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libdcerpc-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libdcerpc-samr-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libdcerpc-samr0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libdcerpc-samr0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libdcerpc0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libdcerpc0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr-krb5pac-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr-krb5pac0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr-krb5pac0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr-nbt-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr-nbt0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr-nbt0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr-standard-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr-standard0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr-standard0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libnetapi-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libnetapi0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libnetapi0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-credentials-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-credentials0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-credentials0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-errors-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-errors0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-errors0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-hostconfig-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-hostconfig0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-hostconfig0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-passdb-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-passdb0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-passdb0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-policy-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-policy0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-util-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-util0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-util0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamdb-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamdb0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamdb0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsmbclient-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsmbclient0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsmbclient0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsmbconf-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsmbconf0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsmbconf0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsmbldap-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsmbldap2-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsmbldap2-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libtevent-util-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libtevent-util0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libtevent-util0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libwbclient-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libwbclient0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libwbclient0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 samba-4.7.11+git.358.cb5ede6f1e5-4.60.2 samba-client-4.7.11+git.358.cb5ede6f1e5-4.60.2 samba-client-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 samba-core-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 samba-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 samba-debugsource-4.7.11+git.358.cb5ede6f1e5-4.60.2 samba-libs-4.7.11+git.358.cb5ede6f1e5-4.60.2 samba-libs-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 samba-winbind-4.7.11+git.358.cb5ede6f1e5-4.60.2 samba-winbind-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libdcerpc-binding0-32bit-4.7.11+git.358.cb5ede6f1e5-4.60.2 libdcerpc-binding0-32bit-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libdcerpc0-32bit-4.7.11+git.358.cb5ede6f1e5-4.60.2 libdcerpc0-32bit-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr-krb5pac0-32bit-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr-krb5pac0-32bit-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr-nbt0-32bit-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr-nbt0-32bit-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr-standard0-32bit-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr-standard0-32bit-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr0-32bit-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr0-32bit-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libnetapi0-32bit-4.7.11+git.358.cb5ede6f1e5-4.60.2 libnetapi0-32bit-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-credentials0-32bit-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-credentials0-32bit-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-errors0-32bit-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-errors0-32bit-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-hostconfig0-32bit-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-hostconfig0-32bit-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-passdb0-32bit-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-passdb0-32bit-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-util0-32bit-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-util0-32bit-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamdb0-32bit-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamdb0-32bit-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsmbclient0-32bit-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsmbclient0-32bit-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsmbconf0-32bit-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsmbconf0-32bit-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsmbldap2-32bit-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsmbldap2-32bit-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libtevent-util0-32bit-4.7.11+git.358.cb5ede6f1e5-4.60.2 libtevent-util0-32bit-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libwbclient0-32bit-4.7.11+git.358.cb5ede6f1e5-4.60.2 libwbclient0-32bit-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 samba-client-32bit-4.7.11+git.358.cb5ede6f1e5-4.60.2 samba-client-32bit-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 samba-libs-32bit-4.7.11+git.358.cb5ede6f1e5-4.60.2 samba-libs-32bit-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 samba-winbind-32bit-4.7.11+git.358.cb5ede6f1e5-4.60.2 samba-winbind-32bit-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libdcerpc-binding0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libdcerpc-binding0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libdcerpc-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libdcerpc-samr-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libdcerpc-samr0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libdcerpc-samr0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libdcerpc0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libdcerpc0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr-krb5pac-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr-krb5pac0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr-krb5pac0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr-nbt-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr-nbt0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr-nbt0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr-standard-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr-standard0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr-standard0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libnetapi-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libnetapi0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libnetapi0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-credentials-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-credentials0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-credentials0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-errors-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-errors0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-errors0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-hostconfig-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-hostconfig0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-hostconfig0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-passdb-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-passdb0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-passdb0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-policy-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-policy0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-util-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-util0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-util0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamdb-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamdb0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamdb0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsmbclient-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsmbclient0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsmbclient0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsmbconf-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsmbconf0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsmbconf0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsmbldap-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsmbldap2-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsmbldap2-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libtevent-util-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libtevent-util0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libtevent-util0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libwbclient-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 libwbclient0-4.7.11+git.358.cb5ede6f1e5-4.60.2 libwbclient0-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 samba-4.7.11+git.358.cb5ede6f1e5-4.60.2 samba-client-4.7.11+git.358.cb5ede6f1e5-4.60.2 samba-client-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 samba-core-devel-4.7.11+git.358.cb5ede6f1e5-4.60.2 samba-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 samba-debugsource-4.7.11+git.358.cb5ede6f1e5-4.60.2 samba-libs-4.7.11+git.358.cb5ede6f1e5-4.60.2 samba-libs-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 samba-winbind-4.7.11+git.358.cb5ede6f1e5-4.60.2 samba-winbind-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libdcerpc-binding0-32bit-4.7.11+git.358.cb5ede6f1e5-4.60.2 libdcerpc-binding0-32bit-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libdcerpc0-32bit-4.7.11+git.358.cb5ede6f1e5-4.60.2 libdcerpc0-32bit-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr-krb5pac0-32bit-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr-krb5pac0-32bit-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr-nbt0-32bit-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr-nbt0-32bit-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr-standard0-32bit-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr-standard0-32bit-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr0-32bit-4.7.11+git.358.cb5ede6f1e5-4.60.2 libndr0-32bit-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libnetapi0-32bit-4.7.11+git.358.cb5ede6f1e5-4.60.2 libnetapi0-32bit-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-credentials0-32bit-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-credentials0-32bit-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-errors0-32bit-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-errors0-32bit-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-hostconfig0-32bit-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-hostconfig0-32bit-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-passdb0-32bit-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-passdb0-32bit-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-util0-32bit-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamba-util0-32bit-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamdb0-32bit-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsamdb0-32bit-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsmbclient0-32bit-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsmbclient0-32bit-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsmbconf0-32bit-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsmbconf0-32bit-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsmbldap2-32bit-4.7.11+git.358.cb5ede6f1e5-4.60.2 libsmbldap2-32bit-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libtevent-util0-32bit-4.7.11+git.358.cb5ede6f1e5-4.60.2 libtevent-util0-32bit-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 libwbclient0-32bit-4.7.11+git.358.cb5ede6f1e5-4.60.2 libwbclient0-32bit-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 samba-client-32bit-4.7.11+git.358.cb5ede6f1e5-4.60.2 samba-client-32bit-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 samba-libs-32bit-4.7.11+git.358.cb5ede6f1e5-4.60.2 samba-libs-32bit-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 samba-winbind-32bit-4.7.11+git.358.cb5ede6f1e5-4.60.2 samba-winbind-32bit-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): ctdb-4.7.11+git.358.cb5ede6f1e5-4.60.2 ctdb-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 samba-debuginfo-4.7.11+git.358.cb5ede6f1e5-4.60.2 samba-debugsource-4.7.11+git.358.cb5ede6f1e5-4.60.2 References: https://www.suse.com/security/cve/CVE-2020-25717.html https://bugzilla.suse.com/1192849 From sle-updates at lists.suse.com Mon Dec 20 20:21:22 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Dec 2021 21:21:22 +0100 (CET) Subject: SUSE-RU-2021:4130-1: Recommended update for release-notes-sles Message-ID: <20211220202122.AFF9FFD0A@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4130-1 Rating: low References: #1176440 #1181589 #1188965 #933411 SLE-22593 Affected Products: SUSE Linux Enterprise Server Installer 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has four recommended fixes and contains one feature can now be installed. Description: This update for release-notes-sles fixes the following issues: Update release notes to version 12.5.20211208 (bsc#933411) - Added note about unprivileged eBPF (jsc#SLE-22593) - Added note about `schedutil` (bsc#1176440) - Added note about 32-bit applications (bsc#1181589) - Updated source code info (bsc#1188965) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server Installer 12-SP5: zypper in -t patch SUSE-SLE-SERVER-INSTALLER-12-SP5-2021-4130=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-4130=1 Package List: - SUSE Linux Enterprise Server Installer 12-SP5 (noarch): release-notes-sles-12.5.20211208-3.25.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): release-notes-sles-12.5.20211208-3.25.1 References: https://bugzilla.suse.com/1176440 https://bugzilla.suse.com/1181589 https://bugzilla.suse.com/1188965 https://bugzilla.suse.com/933411 From sle-updates at lists.suse.com Mon Dec 20 20:27:12 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Dec 2021 21:27:12 +0100 (CET) Subject: SUSE-RU-2021:4129-1: Recommended update for release-notes-sles Message-ID: <20211220202712.C6684FD0A@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4129-1 Rating: low References: #933411 SLE-22593 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Installer 15 ______________________________________________________________________________ An update that has one recommended fix and contains one feature can now be installed. Description: This update for release-notes-sles fixes the following issue: Update release notes to version 15.0.20211208 (bsc#933411) - Added a note about unprivileged eBPF (jsc#SLE-22593) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-4129=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-4129=1 - SUSE Linux Enterprise Installer 15: zypper in -t patch SUSE-SLE-INSTALLER-15-2021-4129=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (noarch): release-notes-sles-15.0.20211208-3.27.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): release-notes-sles-15.0.20211208-3.27.1 - SUSE Linux Enterprise Installer 15 (noarch): release-notes-sles-15.0.20211208-3.27.1 References: https://bugzilla.suse.com/933411 From sle-updates at lists.suse.com Mon Dec 20 20:34:37 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 20 Dec 2021 21:34:37 +0100 (CET) Subject: SUSE-RU-2021:4128-1: Recommended update for release-notes-sles Message-ID: <20211220203437.83DA3FD0A@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4128-1 Rating: low References: #933411 SLE-11270 SLE-22593 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server Installer 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that has one recommended fix and contains two features can now be installed. Description: This update for release-notes-sles fixes the following issues: Update release notes to version 12.4.20211208 (bsc#933411) - Added note about unprivileged eBPF (jsc#SLE-22593) - Added note about nested VMX (jsc#SLE-11270) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-4128=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-4128=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-4128=1 - SUSE Linux Enterprise Server Installer 12-SP4: zypper in -t patch SUSE-SLE-SERVER-INSTALLER-12-SP4-2021-4128=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-4128=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): release-notes-sles-12.4.20211208-2.19.1 - SUSE OpenStack Cloud 9 (noarch): release-notes-sles-12.4.20211208-2.19.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): release-notes-sles-12.4.20211208-2.19.1 - SUSE Linux Enterprise Server Installer 12-SP4 (noarch): release-notes-sles-12.4.20211208-2.19.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): release-notes-sles-12.4.20211208-2.19.1 References: https://bugzilla.suse.com/933411 From sle-updates at lists.suse.com Tue Dec 21 05:17:05 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Dec 2021 06:17:05 +0100 (CET) Subject: SUSE-RU-2021:4134-1: moderate: Recommended update for open-lldp Message-ID: <20211221051705.D48EEFC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-lldp ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4134-1 Rating: moderate References: SLE-19263 Affected Products: SUSE MicroOS 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for open-lldp fixes the following issues: Backport fixes: - agent: reset frame status on message delete - Avoiding null pointer dereference Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-4134=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-4134=1 Package List: - SUSE MicroOS 5.1 (aarch64 s390x x86_64): liblldp_clif1-1.1+44.0f781b4162d3-3.3.1 liblldp_clif1-debuginfo-1.1+44.0f781b4162d3-3.3.1 open-lldp-1.1+44.0f781b4162d3-3.3.1 open-lldp-debuginfo-1.1+44.0f781b4162d3-3.3.1 open-lldp-debugsource-1.1+44.0f781b4162d3-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): liblldp_clif1-1.1+44.0f781b4162d3-3.3.1 liblldp_clif1-debuginfo-1.1+44.0f781b4162d3-3.3.1 open-lldp-1.1+44.0f781b4162d3-3.3.1 open-lldp-debuginfo-1.1+44.0f781b4162d3-3.3.1 open-lldp-debugsource-1.1+44.0f781b4162d3-3.3.1 open-lldp-devel-1.1+44.0f781b4162d3-3.3.1 References: From sle-updates at lists.suse.com Tue Dec 21 05:18:09 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Dec 2021 06:18:09 +0100 (CET) Subject: SUSE-RU-2021:4133-1: moderate: Recommended update for ses-manual_en Message-ID: <20211221051809.B5C2BFC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for ses-manual_en ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4133-1 Rating: moderate References: #1149166 #1183760 #1189781 #1192317 Affected Products: SUSE Enterprise Storage 6 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for ses-manual_en fixes the following issues: Improved size of recommended RAM for MONs. Fixed commands generating dashboard certificates (bsc#1192317) (#970) Decreasing number of PGs is possible with Nautilus (#961) Added command to synchronize Salt modules first (bsc#1149166) (#958) CI: only run on DocBook/AsciiDoc paths, make upload fails nonfatal Fixed syntax of disks.deploy command (bsc#1189781) (#953) Pool name should be specified first (#948) DC: Update to suse2021 stylesheets Fix only migrate data to an EC Pool command (#943) CI: Use GitHub Actions Merge pull request #940 from SUSE/nfs-active-passive leaving out an empty line to trigger the xmlformat adding PULL to keep the changes currrent before xmlformat minor language updates (#938) OSD panic due to directory split (bsc#1183760) (#936) Reformatted all XML files as a start point before using the auto-xmlformat GH action (#935) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-4133=1 Package List: - SUSE Enterprise Storage 6 (noarch): ses-admin_en-pdf-6+git399.g7e7623fa-3.37.1 ses-deployment_en-pdf-6+git399.g7e7623fa-3.37.1 ses-manual_en-6+git399.g7e7623fa-3.37.1 References: https://bugzilla.suse.com/1149166 https://bugzilla.suse.com/1183760 https://bugzilla.suse.com/1189781 https://bugzilla.suse.com/1192317 From sle-updates at lists.suse.com Tue Dec 21 05:20:39 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Dec 2021 06:20:39 +0100 (CET) Subject: SUSE-RU-2021:4131-1: moderate: Recommended update for deepsea Message-ID: <20211221052039.73FDAFC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for deepsea ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4131-1 Rating: moderate References: #1192520 Affected Products: SUSE Enterprise Storage 6 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for deepsea fixes the following issues: - Version: 0.9.37 - Bump OSD available timeout to 10mins, make it configurable (bsc#1192520) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-4131=1 Package List: - SUSE Enterprise Storage 6 (noarch): deepsea-0.9.37+git.0.c95a6019-3.41.1 deepsea-cli-0.9.37+git.0.c95a6019-3.41.1 References: https://bugzilla.suse.com/1192520 From sle-updates at lists.suse.com Tue Dec 21 05:21:50 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Dec 2021 06:21:50 +0100 (CET) Subject: SUSE-RU-2021:4132-1: moderate: Recommended update for ses-manual_en Message-ID: <20211221052150.20191FC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for ses-manual_en ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4132-1 Rating: moderate References: #1182681 #1183867 #1186263 #1189648 #1190318 #1191153 #1192222 #1192317 #1193293 Affected Products: SUSE Enterprise Storage 7 ______________________________________________________________________________ An update that has 9 recommended fixes can now be installed. Description: This update for ses-manual_en fixes the following issues: l10n: make translations validate again Fixed PTF process (bsc#1193293) (#973) Revert update to v1.0.1 in Node-Exporter (#971) Fixed commands generating dashboard certificates (bsc#1192317) (#970) Update Node-Exporter version (#969) Update Dashboard SSO information (#967) Fixed a command for restoring MON quorum (bsc#1192222) (#966) Added link to bare and full host name explanation (bsc#1182681) (#959) Added registry credentials (gh#952) (#960) Aligned wrong commands in Rook deployment process (bsc#1191153) (#957) skopeo examples for syncing images (bsc#1190318) (#955) Update user info command syntax (#954) Removed confusing note (bsc#1189648) Improve RGW multisite (#949) Restructuring of deployment guide (bsc#1189648) (#951) trouble chapter: remove literal from screen, fix validation error SEO: remove editurls from translated SES 7 docs translation DCs: Update to 2021 stylesheets translation: add missing .ent + issue template,remove DC-tuning added SES7 translations, w missin missing ent files DC: Update to suse2021 stylesheets Fix xml:id/linkend handling (#946) Add missing -i option (#945) HTTPS proxy & local container registry (bsc#1183867) (#941) Replaced with radosgw-admin zone 'delete' instead of 'rm' (bsc#1186263) (#942) highlight existence of formatting tool for contributors (#923) Minor language improvements suggested by Liam (#937) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2021-4132=1 Package List: - SUSE Enterprise Storage 7 (noarch): ses-admin_en-pdf-7locdrop+git102.g57815fee-3.15.1 ses-deployment_en-pdf-7locdrop+git102.g57815fee-3.15.1 ses-manual_en-7locdrop+git102.g57815fee-3.15.1 ses-troubleshooting_en-pdf-7locdrop+git102.g57815fee-3.15.1 ses-windows_en-pdf-7locdrop+git102.g57815fee-3.15.1 References: https://bugzilla.suse.com/1182681 https://bugzilla.suse.com/1183867 https://bugzilla.suse.com/1186263 https://bugzilla.suse.com/1189648 https://bugzilla.suse.com/1190318 https://bugzilla.suse.com/1191153 https://bugzilla.suse.com/1192222 https://bugzilla.suse.com/1192317 https://bugzilla.suse.com/1193293 From sle-updates at lists.suse.com Tue Dec 21 14:17:57 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Dec 2021 15:17:57 +0100 (CET) Subject: SUSE-RU-2021:4135-1: moderate: Recommended update for bluez Message-ID: <20211221141757.301B6FC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for bluez ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4135-1 Rating: moderate References: #1192151 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: bluez was updated to fix the following issue: - The bluez-deprecated package is readded to the Basesystem module as it was removed unexpectedly. In future SPs it might move to the Legacy module. (bsc#1192151) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2021-4135=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-4135=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-4135=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): bluez-cups-5.55-3.8.1 bluez-cups-debuginfo-5.55-3.8.1 bluez-debuginfo-5.55-3.8.1 bluez-debugsource-5.55-3.8.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): bluez-debuginfo-5.55-3.8.1 bluez-debugsource-5.55-3.8.1 bluez-devel-5.55-3.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): bluez-5.55-3.8.1 bluez-debuginfo-5.55-3.8.1 bluez-debugsource-5.55-3.8.1 bluez-deprecated-5.55-3.8.1 bluez-deprecated-debuginfo-5.55-3.8.1 libbluetooth3-5.55-3.8.1 libbluetooth3-debuginfo-5.55-3.8.1 References: https://bugzilla.suse.com/1192151 From sle-updates at lists.suse.com Tue Dec 21 20:18:05 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Dec 2021 21:18:05 +0100 (CET) Subject: SUSE-SU-2021:4136-1: important: Security update for xorg-x11-server Message-ID: <20211221201805.04D04FC9F@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:4136-1 Rating: important References: #1190487 #1190488 #1190489 Cross-References: CVE-2021-4009 CVE-2021-4010 CVE-2021-4011 CVSS scores: CVE-2021-4009 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-4010 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-4011 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Manager Server 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Proxy 4.1 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Enterprise Storage 7 SUSE CaaS Platform 4.5 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2021-4009: The handler for the CreatePointerBarrier request of the XFixes extension does not properly validate the request length leading to out of bounds memory write. (bsc#1190487) - CVE-2021-4010: The handler for the Suspend request of the Screen Saver extension does not properly validate the request length leading to out of bounds memory write. (bsc#1190488) - CVE-2021-4011: The handlers for the RecordCreateContext and RecordRegisterClients requests of the Record extension do not properly validate the request length leading to out of bounds memory write. (bsc#1190489) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2021-4136=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2021-4136=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2021-4136=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2021-4136=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2021-4136=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2021-4136=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2021-4136=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-4136=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-4136=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2021-4136=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2021-4136=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2021-4136=1 - SUSE CaaS Platform 4.5: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): xorg-x11-server-1.20.3-22.5.42.1 xorg-x11-server-debuginfo-1.20.3-22.5.42.1 xorg-x11-server-debugsource-1.20.3-22.5.42.1 xorg-x11-server-extra-1.20.3-22.5.42.1 xorg-x11-server-extra-debuginfo-1.20.3-22.5.42.1 xorg-x11-server-sdk-1.20.3-22.5.42.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): xorg-x11-server-1.20.3-22.5.42.1 xorg-x11-server-debuginfo-1.20.3-22.5.42.1 xorg-x11-server-debugsource-1.20.3-22.5.42.1 xorg-x11-server-extra-1.20.3-22.5.42.1 xorg-x11-server-extra-debuginfo-1.20.3-22.5.42.1 xorg-x11-server-sdk-1.20.3-22.5.42.1 - SUSE Manager Proxy 4.1 (x86_64): xorg-x11-server-1.20.3-22.5.42.1 xorg-x11-server-debuginfo-1.20.3-22.5.42.1 xorg-x11-server-debugsource-1.20.3-22.5.42.1 xorg-x11-server-extra-1.20.3-22.5.42.1 xorg-x11-server-extra-debuginfo-1.20.3-22.5.42.1 xorg-x11-server-sdk-1.20.3-22.5.42.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): xorg-x11-server-debuginfo-1.20.3-22.5.42.1 xorg-x11-server-debugsource-1.20.3-22.5.42.1 xorg-x11-server-wayland-1.20.3-22.5.42.1 xorg-x11-server-wayland-debuginfo-1.20.3-22.5.42.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): xorg-x11-server-1.20.3-22.5.42.1 xorg-x11-server-debuginfo-1.20.3-22.5.42.1 xorg-x11-server-debugsource-1.20.3-22.5.42.1 xorg-x11-server-extra-1.20.3-22.5.42.1 xorg-x11-server-extra-debuginfo-1.20.3-22.5.42.1 xorg-x11-server-sdk-1.20.3-22.5.42.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.20.3-22.5.42.1 xorg-x11-server-debuginfo-1.20.3-22.5.42.1 xorg-x11-server-debugsource-1.20.3-22.5.42.1 xorg-x11-server-extra-1.20.3-22.5.42.1 xorg-x11-server-extra-debuginfo-1.20.3-22.5.42.1 xorg-x11-server-sdk-1.20.3-22.5.42.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): xorg-x11-server-1.20.3-22.5.42.1 xorg-x11-server-debuginfo-1.20.3-22.5.42.1 xorg-x11-server-debugsource-1.20.3-22.5.42.1 xorg-x11-server-extra-1.20.3-22.5.42.1 xorg-x11-server-extra-debuginfo-1.20.3-22.5.42.1 xorg-x11-server-sdk-1.20.3-22.5.42.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): xorg-x11-server-debuginfo-1.20.3-22.5.42.1 xorg-x11-server-debugsource-1.20.3-22.5.42.1 xorg-x11-server-sdk-1.20.3-22.5.42.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.20.3-22.5.42.1 xorg-x11-server-debuginfo-1.20.3-22.5.42.1 xorg-x11-server-debugsource-1.20.3-22.5.42.1 xorg-x11-server-extra-1.20.3-22.5.42.1 xorg-x11-server-extra-debuginfo-1.20.3-22.5.42.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): xorg-x11-server-1.20.3-22.5.42.1 xorg-x11-server-debuginfo-1.20.3-22.5.42.1 xorg-x11-server-debugsource-1.20.3-22.5.42.1 xorg-x11-server-extra-1.20.3-22.5.42.1 xorg-x11-server-extra-debuginfo-1.20.3-22.5.42.1 xorg-x11-server-sdk-1.20.3-22.5.42.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): xorg-x11-server-1.20.3-22.5.42.1 xorg-x11-server-debuginfo-1.20.3-22.5.42.1 xorg-x11-server-debugsource-1.20.3-22.5.42.1 xorg-x11-server-extra-1.20.3-22.5.42.1 xorg-x11-server-extra-debuginfo-1.20.3-22.5.42.1 xorg-x11-server-sdk-1.20.3-22.5.42.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): xorg-x11-server-1.20.3-22.5.42.1 xorg-x11-server-debuginfo-1.20.3-22.5.42.1 xorg-x11-server-debugsource-1.20.3-22.5.42.1 xorg-x11-server-extra-1.20.3-22.5.42.1 xorg-x11-server-extra-debuginfo-1.20.3-22.5.42.1 xorg-x11-server-sdk-1.20.3-22.5.42.1 - SUSE CaaS Platform 4.5 (aarch64 x86_64): xorg-x11-server-1.20.3-22.5.42.1 xorg-x11-server-debuginfo-1.20.3-22.5.42.1 xorg-x11-server-debugsource-1.20.3-22.5.42.1 xorg-x11-server-extra-1.20.3-22.5.42.1 xorg-x11-server-extra-debuginfo-1.20.3-22.5.42.1 xorg-x11-server-sdk-1.20.3-22.5.42.1 References: https://www.suse.com/security/cve/CVE-2021-4009.html https://www.suse.com/security/cve/CVE-2021-4010.html https://www.suse.com/security/cve/CVE-2021-4011.html https://bugzilla.suse.com/1190487 https://bugzilla.suse.com/1190488 https://bugzilla.suse.com/1190489 From sle-updates at lists.suse.com Tue Dec 21 20:19:34 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Dec 2021 21:19:34 +0100 (CET) Subject: SUSE-RU-2021:4138-1: critical: Recommended update for release-notes-sles-for-sap Message-ID: <20211221201934.C3A0BFC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles-for-sap ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4138-1 Rating: critical References: #933411 PM-3168 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP1 ______________________________________________________________________________ An update that has one recommended fix and contains one feature can now be installed. Description: This update for release-notes-sles-for-sap fixes the following issues: - 15.1.20211213 (tracked in bsc#933411) - Added disclaimer for Trento in tech preview section (jsc#PM-3168) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2021-4138=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP1 (noarch): release-notes-sles-for-sap-15.1.20211213-6.3.1 References: https://bugzilla.suse.com/933411 From sle-updates at lists.suse.com Tue Dec 21 20:20:50 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Dec 2021 21:20:50 +0100 (CET) Subject: SUSE-RU-2021:4137-1: moderate: Recommended update for java-1_8_0-openjdk Message-ID: <20211221202050.C32E5FC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4137-1 Rating: moderate References: #1193314 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for java-1_8_0-openjdk fixes the following issues: - When system crypto policy files are not available, use the information from the java.security file that we distribute with OpenJDK as a fallback. (bsc#1193314) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-4137=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-4137=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-4137=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-4137=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-4137=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-4137=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-4137=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-4137=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-4137=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-4137=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-4137=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-4137=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): java-1_8_0-openjdk-1.8.0.312-27.69.2 java-1_8_0-openjdk-debuginfo-1.8.0.312-27.69.2 java-1_8_0-openjdk-debugsource-1.8.0.312-27.69.2 java-1_8_0-openjdk-demo-1.8.0.312-27.69.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.312-27.69.2 java-1_8_0-openjdk-devel-1.8.0.312-27.69.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.312-27.69.2 java-1_8_0-openjdk-headless-1.8.0.312-27.69.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.312-27.69.2 - SUSE OpenStack Cloud Crowbar 8 (x86_64): java-1_8_0-openjdk-1.8.0.312-27.69.2 java-1_8_0-openjdk-debuginfo-1.8.0.312-27.69.2 java-1_8_0-openjdk-debugsource-1.8.0.312-27.69.2 java-1_8_0-openjdk-demo-1.8.0.312-27.69.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.312-27.69.2 java-1_8_0-openjdk-devel-1.8.0.312-27.69.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.312-27.69.2 java-1_8_0-openjdk-headless-1.8.0.312-27.69.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.312-27.69.2 - SUSE OpenStack Cloud 9 (x86_64): java-1_8_0-openjdk-1.8.0.312-27.69.2 java-1_8_0-openjdk-debuginfo-1.8.0.312-27.69.2 java-1_8_0-openjdk-debugsource-1.8.0.312-27.69.2 java-1_8_0-openjdk-demo-1.8.0.312-27.69.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.312-27.69.2 java-1_8_0-openjdk-devel-1.8.0.312-27.69.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.312-27.69.2 java-1_8_0-openjdk-headless-1.8.0.312-27.69.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.312-27.69.2 - SUSE OpenStack Cloud 8 (x86_64): java-1_8_0-openjdk-1.8.0.312-27.69.2 java-1_8_0-openjdk-debuginfo-1.8.0.312-27.69.2 java-1_8_0-openjdk-debugsource-1.8.0.312-27.69.2 java-1_8_0-openjdk-demo-1.8.0.312-27.69.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.312-27.69.2 java-1_8_0-openjdk-devel-1.8.0.312-27.69.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.312-27.69.2 java-1_8_0-openjdk-headless-1.8.0.312-27.69.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.312-27.69.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): java-1_8_0-openjdk-1.8.0.312-27.69.2 java-1_8_0-openjdk-debuginfo-1.8.0.312-27.69.2 java-1_8_0-openjdk-debugsource-1.8.0.312-27.69.2 java-1_8_0-openjdk-demo-1.8.0.312-27.69.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.312-27.69.2 java-1_8_0-openjdk-devel-1.8.0.312-27.69.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.312-27.69.2 java-1_8_0-openjdk-headless-1.8.0.312-27.69.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.312-27.69.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): java-1_8_0-openjdk-1.8.0.312-27.69.2 java-1_8_0-openjdk-debuginfo-1.8.0.312-27.69.2 java-1_8_0-openjdk-debugsource-1.8.0.312-27.69.2 java-1_8_0-openjdk-demo-1.8.0.312-27.69.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.312-27.69.2 java-1_8_0-openjdk-devel-1.8.0.312-27.69.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.312-27.69.2 java-1_8_0-openjdk-headless-1.8.0.312-27.69.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.312-27.69.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.312-27.69.2 java-1_8_0-openjdk-debuginfo-1.8.0.312-27.69.2 java-1_8_0-openjdk-debugsource-1.8.0.312-27.69.2 java-1_8_0-openjdk-demo-1.8.0.312-27.69.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.312-27.69.2 java-1_8_0-openjdk-devel-1.8.0.312-27.69.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.312-27.69.2 java-1_8_0-openjdk-headless-1.8.0.312-27.69.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.312-27.69.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.312-27.69.2 java-1_8_0-openjdk-debuginfo-1.8.0.312-27.69.2 java-1_8_0-openjdk-debugsource-1.8.0.312-27.69.2 java-1_8_0-openjdk-demo-1.8.0.312-27.69.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.312-27.69.2 java-1_8_0-openjdk-devel-1.8.0.312-27.69.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.312-27.69.2 java-1_8_0-openjdk-headless-1.8.0.312-27.69.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.312-27.69.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.312-27.69.2 java-1_8_0-openjdk-debuginfo-1.8.0.312-27.69.2 java-1_8_0-openjdk-debugsource-1.8.0.312-27.69.2 java-1_8_0-openjdk-demo-1.8.0.312-27.69.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.312-27.69.2 java-1_8_0-openjdk-devel-1.8.0.312-27.69.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.312-27.69.2 java-1_8_0-openjdk-headless-1.8.0.312-27.69.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.312-27.69.2 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): java-1_8_0-openjdk-1.8.0.312-27.69.2 java-1_8_0-openjdk-debuginfo-1.8.0.312-27.69.2 java-1_8_0-openjdk-debugsource-1.8.0.312-27.69.2 java-1_8_0-openjdk-demo-1.8.0.312-27.69.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.312-27.69.2 java-1_8_0-openjdk-devel-1.8.0.312-27.69.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.312-27.69.2 java-1_8_0-openjdk-headless-1.8.0.312-27.69.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.312-27.69.2 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): java-1_8_0-openjdk-1.8.0.312-27.69.2 java-1_8_0-openjdk-debuginfo-1.8.0.312-27.69.2 java-1_8_0-openjdk-debugsource-1.8.0.312-27.69.2 java-1_8_0-openjdk-demo-1.8.0.312-27.69.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.312-27.69.2 java-1_8_0-openjdk-devel-1.8.0.312-27.69.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.312-27.69.2 java-1_8_0-openjdk-headless-1.8.0.312-27.69.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.312-27.69.2 - HPE Helion Openstack 8 (x86_64): java-1_8_0-openjdk-1.8.0.312-27.69.2 java-1_8_0-openjdk-debuginfo-1.8.0.312-27.69.2 java-1_8_0-openjdk-debugsource-1.8.0.312-27.69.2 java-1_8_0-openjdk-demo-1.8.0.312-27.69.2 java-1_8_0-openjdk-demo-debuginfo-1.8.0.312-27.69.2 java-1_8_0-openjdk-devel-1.8.0.312-27.69.2 java-1_8_0-openjdk-devel-debuginfo-1.8.0.312-27.69.2 java-1_8_0-openjdk-headless-1.8.0.312-27.69.2 java-1_8_0-openjdk-headless-debuginfo-1.8.0.312-27.69.2 References: https://bugzilla.suse.com/1193314 From sle-updates at lists.suse.com Tue Dec 21 20:23:28 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Dec 2021 21:23:28 +0100 (CET) Subject: SUSE-RU-2021:4139-1: critical: Recommended update for systemd Message-ID: <20211221202328.691F3FC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4139-1 Rating: critical References: #1193481 #1193521 Affected Products: SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Installer 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for systemd fixes the following issues: - Revert "core: rework how we connect to the bus" (bsc#1193521 bsc#1193481) sleep-config: partitions can't be deleted, only files can shared/sleep-config: exclude zram devices from hibernation candidates Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-4139=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-4139=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-4139=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-4139=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-4139=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-4139=1 - SUSE Linux Enterprise Installer 15-SP1: zypper in -t patch SUSE-SLE-INSTALLER-15-SP1-2021-4139=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-4139=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-4139=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-4139=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-4139=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-4139=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libsystemd0-234-24.102.1 libsystemd0-debuginfo-234-24.102.1 libudev-devel-234-24.102.1 libudev1-234-24.102.1 libudev1-debuginfo-234-24.102.1 systemd-234-24.102.1 systemd-container-234-24.102.1 systemd-container-debuginfo-234-24.102.1 systemd-coredump-234-24.102.1 systemd-coredump-debuginfo-234-24.102.1 systemd-debuginfo-234-24.102.1 systemd-debugsource-234-24.102.1 systemd-devel-234-24.102.1 systemd-sysvinit-234-24.102.1 udev-234-24.102.1 udev-debuginfo-234-24.102.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): systemd-bash-completion-234-24.102.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libsystemd0-32bit-234-24.102.1 libsystemd0-32bit-debuginfo-234-24.102.1 libudev1-32bit-234-24.102.1 libudev1-32bit-debuginfo-234-24.102.1 systemd-32bit-234-24.102.1 systemd-32bit-debuginfo-234-24.102.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libsystemd0-234-24.102.1 libsystemd0-debuginfo-234-24.102.1 libudev-devel-234-24.102.1 libudev1-234-24.102.1 libudev1-debuginfo-234-24.102.1 systemd-234-24.102.1 systemd-container-234-24.102.1 systemd-container-debuginfo-234-24.102.1 systemd-coredump-234-24.102.1 systemd-coredump-debuginfo-234-24.102.1 systemd-debuginfo-234-24.102.1 systemd-debugsource-234-24.102.1 systemd-devel-234-24.102.1 systemd-sysvinit-234-24.102.1 udev-234-24.102.1 udev-debuginfo-234-24.102.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): systemd-bash-completion-234-24.102.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libsystemd0-32bit-234-24.102.1 libsystemd0-32bit-debuginfo-234-24.102.1 libudev1-32bit-234-24.102.1 libudev1-32bit-debuginfo-234-24.102.1 systemd-32bit-234-24.102.1 systemd-32bit-debuginfo-234-24.102.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libsystemd0-234-24.102.1 libsystemd0-debuginfo-234-24.102.1 libudev-devel-234-24.102.1 libudev1-234-24.102.1 libudev1-debuginfo-234-24.102.1 systemd-234-24.102.1 systemd-container-234-24.102.1 systemd-container-debuginfo-234-24.102.1 systemd-coredump-234-24.102.1 systemd-coredump-debuginfo-234-24.102.1 systemd-debuginfo-234-24.102.1 systemd-debugsource-234-24.102.1 systemd-devel-234-24.102.1 systemd-sysvinit-234-24.102.1 udev-234-24.102.1 udev-debuginfo-234-24.102.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): systemd-bash-completion-234-24.102.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libsystemd0-32bit-234-24.102.1 libsystemd0-32bit-debuginfo-234-24.102.1 libudev1-32bit-234-24.102.1 libudev1-32bit-debuginfo-234-24.102.1 systemd-32bit-234-24.102.1 systemd-32bit-debuginfo-234-24.102.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): systemd-bash-completion-234-24.102.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libsystemd0-234-24.102.1 libsystemd0-32bit-234-24.102.1 libsystemd0-32bit-debuginfo-234-24.102.1 libsystemd0-debuginfo-234-24.102.1 libudev-devel-234-24.102.1 libudev1-234-24.102.1 libudev1-32bit-234-24.102.1 libudev1-32bit-debuginfo-234-24.102.1 libudev1-debuginfo-234-24.102.1 systemd-234-24.102.1 systemd-32bit-234-24.102.1 systemd-32bit-debuginfo-234-24.102.1 systemd-container-234-24.102.1 systemd-container-debuginfo-234-24.102.1 systemd-coredump-234-24.102.1 systemd-coredump-debuginfo-234-24.102.1 systemd-debuginfo-234-24.102.1 systemd-debugsource-234-24.102.1 systemd-devel-234-24.102.1 systemd-sysvinit-234-24.102.1 udev-234-24.102.1 udev-debuginfo-234-24.102.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libsystemd0-234-24.102.1 libsystemd0-debuginfo-234-24.102.1 libudev-devel-234-24.102.1 libudev1-234-24.102.1 libudev1-debuginfo-234-24.102.1 systemd-234-24.102.1 systemd-container-234-24.102.1 systemd-container-debuginfo-234-24.102.1 systemd-coredump-234-24.102.1 systemd-coredump-debuginfo-234-24.102.1 systemd-debuginfo-234-24.102.1 systemd-debugsource-234-24.102.1 systemd-devel-234-24.102.1 systemd-sysvinit-234-24.102.1 udev-234-24.102.1 udev-debuginfo-234-24.102.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): systemd-bash-completion-234-24.102.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libsystemd0-234-24.102.1 libsystemd0-debuginfo-234-24.102.1 libudev-devel-234-24.102.1 libudev1-234-24.102.1 libudev1-debuginfo-234-24.102.1 systemd-234-24.102.1 systemd-container-234-24.102.1 systemd-container-debuginfo-234-24.102.1 systemd-coredump-234-24.102.1 systemd-coredump-debuginfo-234-24.102.1 systemd-debuginfo-234-24.102.1 systemd-debugsource-234-24.102.1 systemd-devel-234-24.102.1 systemd-sysvinit-234-24.102.1 udev-234-24.102.1 udev-debuginfo-234-24.102.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libsystemd0-32bit-234-24.102.1 libsystemd0-32bit-debuginfo-234-24.102.1 libudev1-32bit-234-24.102.1 libudev1-32bit-debuginfo-234-24.102.1 systemd-32bit-234-24.102.1 systemd-32bit-debuginfo-234-24.102.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): systemd-bash-completion-234-24.102.1 - SUSE Linux Enterprise Installer 15-SP1 (aarch64 ppc64le s390x x86_64): libudev1-234-24.102.1 systemd-234-24.102.1 systemd-sysvinit-234-24.102.1 udev-234-24.102.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libsystemd0-234-24.102.1 libsystemd0-debuginfo-234-24.102.1 libudev-devel-234-24.102.1 libudev1-234-24.102.1 libudev1-debuginfo-234-24.102.1 systemd-234-24.102.1 systemd-container-234-24.102.1 systemd-container-debuginfo-234-24.102.1 systemd-coredump-234-24.102.1 systemd-coredump-debuginfo-234-24.102.1 systemd-debuginfo-234-24.102.1 systemd-debugsource-234-24.102.1 systemd-devel-234-24.102.1 systemd-sysvinit-234-24.102.1 udev-234-24.102.1 udev-debuginfo-234-24.102.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): systemd-bash-completion-234-24.102.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libsystemd0-32bit-234-24.102.1 libsystemd0-32bit-debuginfo-234-24.102.1 libudev1-32bit-234-24.102.1 libudev1-32bit-debuginfo-234-24.102.1 systemd-32bit-234-24.102.1 systemd-32bit-debuginfo-234-24.102.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libsystemd0-234-24.102.1 libsystemd0-debuginfo-234-24.102.1 libudev-devel-234-24.102.1 libudev1-234-24.102.1 libudev1-debuginfo-234-24.102.1 systemd-234-24.102.1 systemd-container-234-24.102.1 systemd-container-debuginfo-234-24.102.1 systemd-coredump-234-24.102.1 systemd-coredump-debuginfo-234-24.102.1 systemd-debuginfo-234-24.102.1 systemd-debugsource-234-24.102.1 systemd-devel-234-24.102.1 systemd-sysvinit-234-24.102.1 udev-234-24.102.1 udev-debuginfo-234-24.102.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libsystemd0-32bit-234-24.102.1 libsystemd0-32bit-debuginfo-234-24.102.1 libudev1-32bit-234-24.102.1 libudev1-32bit-debuginfo-234-24.102.1 systemd-32bit-234-24.102.1 systemd-32bit-debuginfo-234-24.102.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): systemd-bash-completion-234-24.102.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libsystemd0-234-24.102.1 libsystemd0-debuginfo-234-24.102.1 libudev-devel-234-24.102.1 libudev1-234-24.102.1 libudev1-debuginfo-234-24.102.1 systemd-234-24.102.1 systemd-container-234-24.102.1 systemd-container-debuginfo-234-24.102.1 systemd-coredump-234-24.102.1 systemd-coredump-debuginfo-234-24.102.1 systemd-debuginfo-234-24.102.1 systemd-debugsource-234-24.102.1 systemd-devel-234-24.102.1 systemd-sysvinit-234-24.102.1 udev-234-24.102.1 udev-debuginfo-234-24.102.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libsystemd0-32bit-234-24.102.1 libsystemd0-32bit-debuginfo-234-24.102.1 libudev1-32bit-234-24.102.1 libudev1-32bit-debuginfo-234-24.102.1 systemd-32bit-234-24.102.1 systemd-32bit-debuginfo-234-24.102.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): systemd-bash-completion-234-24.102.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libsystemd0-234-24.102.1 libsystemd0-debuginfo-234-24.102.1 libudev-devel-234-24.102.1 libudev1-234-24.102.1 libudev1-debuginfo-234-24.102.1 systemd-234-24.102.1 systemd-container-234-24.102.1 systemd-container-debuginfo-234-24.102.1 systemd-coredump-234-24.102.1 systemd-coredump-debuginfo-234-24.102.1 systemd-debuginfo-234-24.102.1 systemd-debugsource-234-24.102.1 systemd-devel-234-24.102.1 systemd-sysvinit-234-24.102.1 udev-234-24.102.1 udev-debuginfo-234-24.102.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libsystemd0-32bit-234-24.102.1 libsystemd0-32bit-debuginfo-234-24.102.1 libudev1-32bit-234-24.102.1 libudev1-32bit-debuginfo-234-24.102.1 systemd-32bit-234-24.102.1 systemd-32bit-debuginfo-234-24.102.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): systemd-bash-completion-234-24.102.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libsystemd0-234-24.102.1 libsystemd0-debuginfo-234-24.102.1 libudev-devel-234-24.102.1 libudev1-234-24.102.1 libudev1-debuginfo-234-24.102.1 systemd-234-24.102.1 systemd-container-234-24.102.1 systemd-container-debuginfo-234-24.102.1 systemd-coredump-234-24.102.1 systemd-coredump-debuginfo-234-24.102.1 systemd-debuginfo-234-24.102.1 systemd-debugsource-234-24.102.1 systemd-devel-234-24.102.1 systemd-sysvinit-234-24.102.1 udev-234-24.102.1 udev-debuginfo-234-24.102.1 - SUSE Enterprise Storage 6 (noarch): systemd-bash-completion-234-24.102.1 - SUSE Enterprise Storage 6 (x86_64): libsystemd0-32bit-234-24.102.1 libsystemd0-32bit-debuginfo-234-24.102.1 libudev1-32bit-234-24.102.1 libudev1-32bit-debuginfo-234-24.102.1 systemd-32bit-234-24.102.1 systemd-32bit-debuginfo-234-24.102.1 - SUSE CaaS Platform 4.0 (noarch): systemd-bash-completion-234-24.102.1 - SUSE CaaS Platform 4.0 (x86_64): libsystemd0-234-24.102.1 libsystemd0-32bit-234-24.102.1 libsystemd0-32bit-debuginfo-234-24.102.1 libsystemd0-debuginfo-234-24.102.1 libudev-devel-234-24.102.1 libudev1-234-24.102.1 libudev1-32bit-234-24.102.1 libudev1-32bit-debuginfo-234-24.102.1 libudev1-debuginfo-234-24.102.1 systemd-234-24.102.1 systemd-32bit-234-24.102.1 systemd-32bit-debuginfo-234-24.102.1 systemd-container-234-24.102.1 systemd-container-debuginfo-234-24.102.1 systemd-coredump-234-24.102.1 systemd-coredump-debuginfo-234-24.102.1 systemd-debuginfo-234-24.102.1 systemd-debugsource-234-24.102.1 systemd-devel-234-24.102.1 systemd-sysvinit-234-24.102.1 udev-234-24.102.1 udev-debuginfo-234-24.102.1 References: https://bugzilla.suse.com/1193481 https://bugzilla.suse.com/1193521 From sle-updates at lists.suse.com Tue Dec 21 20:24:53 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 21 Dec 2021 21:24:53 +0100 (CET) Subject: SUSE-RU-2021:4140-1: moderate: Recommended update for bash Message-ID: <20211221202453.EFE26FC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for bash ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4140-1 Rating: moderate References: #1192785 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for bash fixes the following issues: - Fixed and issue when 'setuid' causing permission denied on 'popen'. (bsc#1192785) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2021-4140=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-4140=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-4140=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (noarch): bash-lang-4.3-83.29.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): bash-debuginfo-4.3-83.29.1 bash-debugsource-4.3-83.29.1 bash-devel-4.3-83.29.1 readline-devel-6.3-83.29.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): bash-4.3-83.29.1 bash-debuginfo-4.3-83.29.1 bash-debugsource-4.3-83.29.1 libreadline6-6.3-83.29.1 libreadline6-debuginfo-6.3-83.29.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libreadline6-32bit-6.3-83.29.1 libreadline6-debuginfo-32bit-6.3-83.29.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): bash-doc-4.3-83.29.1 readline-doc-6.3-83.29.1 References: https://bugzilla.suse.com/1192785 From sle-updates at lists.suse.com Wed Dec 22 07:46:27 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Dec 2021 08:46:27 +0100 (CET) Subject: SUSE-CU-2021:591-1: Recommended update of suse/sles12sp4 Message-ID: <20211222074627.AA207FC9F@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:591-1 Container Tags : suse/sles12sp4:26.395 , suse/sles12sp4:latest Container Release : 26.395 Severity : moderate Type : recommended References : 1192785 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4140-1 Released: Tue Dec 21 17:04:37 2021 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1192785 This update for bash fixes the following issues: - Fixed and issue when 'setuid' causing permission denied on 'popen'. (bsc#1192785) The following package changes have been done: - base-container-licenses-3.0-1.261 updated - bash-4.3-83.29.1 updated - libreadline6-6.3-83.29.1 updated From sle-updates at lists.suse.com Wed Dec 22 07:56:57 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Dec 2021 08:56:57 +0100 (CET) Subject: SUSE-CU-2021:592-1: Recommended update of suse/sles12sp5 Message-ID: <20211222075657.6BC83FC9F@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:592-1 Container Tags : suse/sles12sp5:6.5.277 , suse/sles12sp5:latest Container Release : 6.5.277 Severity : moderate Type : recommended References : 1192785 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4140-1 Released: Tue Dec 21 17:04:37 2021 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1192785 This update for bash fixes the following issues: - Fixed and issue when 'setuid' causing permission denied on 'popen'. (bsc#1192785) The following package changes have been done: - bash-4.3-83.29.1 updated - libreadline6-6.3-83.29.1 updated From sle-updates at lists.suse.com Wed Dec 22 08:14:03 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Dec 2021 09:14:03 +0100 (CET) Subject: SUSE-CU-2021:593-1: Recommended update of suse/sle15 Message-ID: <20211222081403.CC0C0FC9F@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:593-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.548 Container Release : 6.2.548 Severity : critical Type : recommended References : 1193481 1193521 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4139-1 Released: Tue Dec 21 17:02:44 2021 Summary: Recommended update for systemd Type: recommended Severity: critical References: 1193481,1193521 This update for systemd fixes the following issues: - Revert 'core: rework how we connect to the bus' (bsc#1193521 bsc#1193481) sleep-config: partitions can't be deleted, only files can shared/sleep-config: exclude zram devices from hibernation candidates The following package changes have been done: - libsystemd0-234-24.102.1 updated - libudev1-234-24.102.1 updated From sle-updates at lists.suse.com Wed Dec 22 08:17:46 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Dec 2021 09:17:46 +0100 (CET) Subject: SUSE-RU-2021:4145-1: moderate: Recommended update for openssl-1_1 Message-ID: <20211222081746.C892BFC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for openssl-1_1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4145-1 Rating: moderate References: #1161276 Affected Products: SUSE MicroOS 5.1 SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openssl-1_1 fixes the following issues: - Remove previously applied patch because it interferes with FIPS validation (bsc#1161276) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-4145=1 - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-4145=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-4145=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-4145=1 Package List: - SUSE MicroOS 5.1 (aarch64 s390x x86_64): libopenssl-1_1-devel-1.1.1d-11.33.2 libopenssl1_1-1.1.1d-11.33.2 libopenssl1_1-debuginfo-1.1.1d-11.33.2 libopenssl1_1-hmac-1.1.1d-11.33.2 openssl-1_1-1.1.1d-11.33.2 openssl-1_1-debuginfo-1.1.1d-11.33.2 openssl-1_1-debugsource-1.1.1d-11.33.2 - SUSE MicroOS 5.0 (aarch64 x86_64): libopenssl1_1-1.1.1d-11.33.2 libopenssl1_1-debuginfo-1.1.1d-11.33.2 openssl-1_1-1.1.1d-11.33.2 openssl-1_1-debuginfo-1.1.1d-11.33.2 openssl-1_1-debugsource-1.1.1d-11.33.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.1d-11.33.2 libopenssl1_1-1.1.1d-11.33.2 libopenssl1_1-debuginfo-1.1.1d-11.33.2 libopenssl1_1-hmac-1.1.1d-11.33.2 openssl-1_1-1.1.1d-11.33.2 openssl-1_1-debuginfo-1.1.1d-11.33.2 openssl-1_1-debugsource-1.1.1d-11.33.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libopenssl1_1-32bit-1.1.1d-11.33.2 libopenssl1_1-32bit-debuginfo-1.1.1d-11.33.2 libopenssl1_1-hmac-32bit-1.1.1d-11.33.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.1d-11.33.2 libopenssl1_1-1.1.1d-11.33.2 libopenssl1_1-debuginfo-1.1.1d-11.33.2 libopenssl1_1-hmac-1.1.1d-11.33.2 openssl-1_1-1.1.1d-11.33.2 openssl-1_1-debuginfo-1.1.1d-11.33.2 openssl-1_1-debugsource-1.1.1d-11.33.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libopenssl1_1-32bit-1.1.1d-11.33.2 libopenssl1_1-32bit-debuginfo-1.1.1d-11.33.2 libopenssl1_1-hmac-32bit-1.1.1d-11.33.2 References: https://bugzilla.suse.com/1161276 From sle-updates at lists.suse.com Wed Dec 22 08:20:11 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Dec 2021 09:20:11 +0100 (CET) Subject: SUSE-RU-2021:4143-1: moderate: Recommended update for libteam Message-ID: <20211222082011.F0B15FC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for libteam ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4143-1 Rating: moderate References: #1185424 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libteam fixes the following issues: - Fix permission issues in NetworkManager (bsc#1185424) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-4143=1 - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-4143=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-4143=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-4143=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libteam-debuginfo-1.27-4.3.1 libteam-debugsource-1.27-4.3.1 libteam-tools-1.27-4.3.1 libteam-tools-debuginfo-1.27-4.3.1 python-libteam-1.27-4.3.1 python-libteam-debuginfo-1.27-4.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): libteam-debuginfo-1.27-4.3.1 libteam-debugsource-1.27-4.3.1 libteam-tools-1.27-4.3.1 libteam-tools-debuginfo-1.27-4.3.1 python-libteam-1.27-4.3.1 python-libteam-debuginfo-1.27-4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libteam-debuginfo-1.27-4.3.1 libteam-debugsource-1.27-4.3.1 libteam-devel-1.27-4.3.1 libteam5-1.27-4.3.1 libteam5-debuginfo-1.27-4.3.1 libteamdctl0-1.27-4.3.1 libteamdctl0-debuginfo-1.27-4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libteam-debuginfo-1.27-4.3.1 libteam-debugsource-1.27-4.3.1 libteam-devel-1.27-4.3.1 libteam5-1.27-4.3.1 libteam5-debuginfo-1.27-4.3.1 libteamdctl0-1.27-4.3.1 libteamdctl0-debuginfo-1.27-4.3.1 References: https://bugzilla.suse.com/1185424 From sle-updates at lists.suse.com Wed Dec 22 08:25:05 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Dec 2021 09:25:05 +0100 (CET) Subject: SUSE-RU-2021:4141-1: important: Recommended update for dracut Message-ID: <20211222082505.218DBFC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for dracut ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4141-1 Rating: important References: #1193512 Affected Products: SUSE MicroOS 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for dracut fixes the following issues: - Add iscsi-init.service requirements (bsc#1193512) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-4141=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-4141=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-4141=1 Package List: - SUSE MicroOS 5.1 (aarch64 s390x x86_64): dracut-049.1+suse.218.gca24e614-3.48.3 dracut-debuginfo-049.1+suse.218.gca24e614-3.48.3 dracut-debugsource-049.1+suse.218.gca24e614-3.48.3 dracut-fips-049.1+suse.218.gca24e614-3.48.3 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): dracut-049.1+suse.218.gca24e614-3.48.3 dracut-debuginfo-049.1+suse.218.gca24e614-3.48.3 dracut-debugsource-049.1+suse.218.gca24e614-3.48.3 dracut-fips-049.1+suse.218.gca24e614-3.48.3 dracut-ima-049.1+suse.218.gca24e614-3.48.3 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): dracut-049.1+suse.218.gca24e614-3.48.3 dracut-debuginfo-049.1+suse.218.gca24e614-3.48.3 dracut-debugsource-049.1+suse.218.gca24e614-3.48.3 dracut-fips-049.1+suse.218.gca24e614-3.48.3 dracut-ima-049.1+suse.218.gca24e614-3.48.3 References: https://bugzilla.suse.com/1193512 From sle-updates at lists.suse.com Wed Dec 22 08:26:19 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Dec 2021 09:26:19 +0100 (CET) Subject: SUSE-RU-2021:4142-1: important: Recommended update for xdg-desktop-portal-gtk Message-ID: <20211222082619.B7E6BFC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for xdg-desktop-portal-gtk ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4142-1 Rating: important References: #1179465 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for xdg-desktop-portal-gtk fixes the following issues: - Fix xdg-desktop-portal-gtk process hanging the logout. Make the process exit after one second unless it has active sessions (bsc#1179465) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-4142=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-4142=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): xdg-desktop-portal-gtk-1.8.0-3.6.1 xdg-desktop-portal-gtk-debuginfo-1.8.0-3.6.1 xdg-desktop-portal-gtk-debugsource-1.8.0-3.6.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (noarch): xdg-desktop-portal-gtk-lang-1.8.0-3.6.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): xdg-desktop-portal-gtk-1.8.0-3.6.1 xdg-desktop-portal-gtk-debuginfo-1.8.0-3.6.1 xdg-desktop-portal-gtk-debugsource-1.8.0-3.6.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (noarch): xdg-desktop-portal-gtk-lang-1.8.0-3.6.1 References: https://bugzilla.suse.com/1179465 From sle-updates at lists.suse.com Wed Dec 22 08:27:24 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Dec 2021 09:27:24 +0100 (CET) Subject: SUSE-CU-2021:594-1: Recommended update of suse/sle15 Message-ID: <20211222082724.75D59FC9F@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:594-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.65 Container Release : 9.5.65 Severity : critical Type : recommended References : 1161276 1193481 1193521 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4139-1 Released: Tue Dec 21 17:02:44 2021 Summary: Recommended update for systemd Type: recommended Severity: critical References: 1193481,1193521 This update for systemd fixes the following issues: - Revert 'core: rework how we connect to the bus' (bsc#1193521 bsc#1193481) sleep-config: partitions can't be deleted, only files can shared/sleep-config: exclude zram devices from hibernation candidates ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4145-1 Released: Wed Dec 22 05:27:48 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Remove previously applied patch because it interferes with FIPS validation (bsc#1161276) The following package changes have been done: - libopenssl1_1-hmac-1.1.1d-11.33.2 updated - libopenssl1_1-1.1.1d-11.33.2 updated - libsystemd0-234-24.102.1 updated - libudev1-234-24.102.1 updated - openssl-1_1-1.1.1d-11.33.2 updated From sle-updates at lists.suse.com Wed Dec 22 08:27:36 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Dec 2021 09:27:36 +0100 (CET) Subject: SUSE-RU-2021:4144-1: moderate: Recommended update for openssl-1_0_0 Message-ID: <20211222082736.2CFE4FC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for openssl-1_0_0 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4144-1 Rating: moderate References: #1180995 #1186495 #1190885 Affected Products: SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Module for Legacy Software 15-SP2 SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for openssl-1_0_0 fixes the following issues: - Fix parameters by name ffdheXXXX and modp_XXXX sometimes result in "not found" (bsc#1190885) - Fix binaries not linked as position independent executables (bsc#1186495) - Add RFC3526 and RFC7919 groups to 'openssl genpkey' so that it can output FIPS-appropriate parameter (bsc#1180995) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-4144=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-4144=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-4144=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-4144=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-4144=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2021-4144=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP2: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2021-4144=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-4144=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libopenssl-1_0_0-devel-1.0.2p-3.46.2 libopenssl1_0_0-1.0.2p-3.46.2 libopenssl1_0_0-debuginfo-1.0.2p-3.46.2 openssl-1_0_0-1.0.2p-3.46.2 openssl-1_0_0-debuginfo-1.0.2p-3.46.2 openssl-1_0_0-debugsource-1.0.2p-3.46.2 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libopenssl-1_0_0-devel-1.0.2p-3.46.2 libopenssl1_0_0-1.0.2p-3.46.2 libopenssl1_0_0-debuginfo-1.0.2p-3.46.2 openssl-1_0_0-1.0.2p-3.46.2 openssl-1_0_0-debuginfo-1.0.2p-3.46.2 openssl-1_0_0-debugsource-1.0.2p-3.46.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-3.46.2 libopenssl1_0_0-1.0.2p-3.46.2 libopenssl1_0_0-debuginfo-1.0.2p-3.46.2 openssl-1_0_0-1.0.2p-3.46.2 openssl-1_0_0-debuginfo-1.0.2p-3.46.2 openssl-1_0_0-debugsource-1.0.2p-3.46.2 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libopenssl-1_0_0-devel-1.0.2p-3.46.2 libopenssl1_0_0-1.0.2p-3.46.2 libopenssl1_0_0-debuginfo-1.0.2p-3.46.2 openssl-1_0_0-1.0.2p-3.46.2 openssl-1_0_0-debuginfo-1.0.2p-3.46.2 openssl-1_0_0-debugsource-1.0.2p-3.46.2 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libopenssl-1_0_0-devel-1.0.2p-3.46.2 libopenssl1_0_0-1.0.2p-3.46.2 libopenssl1_0_0-debuginfo-1.0.2p-3.46.2 openssl-1_0_0-1.0.2p-3.46.2 openssl-1_0_0-debuginfo-1.0.2p-3.46.2 openssl-1_0_0-debugsource-1.0.2p-3.46.2 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-3.46.2 libopenssl10-1.0.2p-3.46.2 libopenssl10-debuginfo-1.0.2p-3.46.2 libopenssl1_0_0-1.0.2p-3.46.2 libopenssl1_0_0-debuginfo-1.0.2p-3.46.2 openssl-1_0_0-1.0.2p-3.46.2 openssl-1_0_0-debuginfo-1.0.2p-3.46.2 openssl-1_0_0-debugsource-1.0.2p-3.46.2 - SUSE Linux Enterprise Module for Legacy Software 15-SP2 (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-3.46.2 libopenssl1_0_0-1.0.2p-3.46.2 libopenssl1_0_0-debuginfo-1.0.2p-3.46.2 openssl-1_0_0-1.0.2p-3.46.2 openssl-1_0_0-debuginfo-1.0.2p-3.46.2 openssl-1_0_0-debugsource-1.0.2p-3.46.2 - SUSE Enterprise Storage 6 (aarch64 x86_64): libopenssl-1_0_0-devel-1.0.2p-3.46.2 libopenssl1_0_0-1.0.2p-3.46.2 libopenssl1_0_0-debuginfo-1.0.2p-3.46.2 openssl-1_0_0-1.0.2p-3.46.2 openssl-1_0_0-debuginfo-1.0.2p-3.46.2 openssl-1_0_0-debugsource-1.0.2p-3.46.2 - SUSE CaaS Platform 4.0 (x86_64): libopenssl-1_0_0-devel-1.0.2p-3.46.2 libopenssl1_0_0-1.0.2p-3.46.2 libopenssl1_0_0-debuginfo-1.0.2p-3.46.2 openssl-1_0_0-1.0.2p-3.46.2 openssl-1_0_0-debuginfo-1.0.2p-3.46.2 openssl-1_0_0-debugsource-1.0.2p-3.46.2 References: https://bugzilla.suse.com/1180995 https://bugzilla.suse.com/1186495 https://bugzilla.suse.com/1190885 From sle-updates at lists.suse.com Wed Dec 22 08:29:42 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Dec 2021 09:29:42 +0100 (CET) Subject: SUSE-CU-2021:596-1: Security update of trento/trento-db Message-ID: <20211222082942.E284BFC9F@maintenance.suse.de> SUSE Container Update Advisory: trento/trento-db ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:596-1 Container Tags : trento/trento-db:14.1 , trento/trento-db:14.1-rev1.0.0 , trento/trento-db:14.1-rev1.0.0-build2.2.1 , trento/trento-db:latest Container Release : 2.2.1 Severity : critical Type : security References : 1007715 1009532 1011548 1029961 1033084 1033085 1033086 1033087 1033088 1033089 1033090 1038194 1040589 1041090 1047218 1049382 1051143 1057452 1065270 1071321 1073299 1073313 1078466 1081947 1082318 1082318 1083473 1084812 1084842 1084934 1087550 1087982 1088279 1088524 1089640 1093392 1094222 1096191 1096974 1096984 1097073 1098449 1099521 1100369 1102046 1102310 1102564 1103320 1103320 1104531 1104700 1105166 1106014 1106390 1107066 1107067 1109160 1110304 1110700 1111019 1111388 1111973 1112310 1112500 1112723 1112726 1113554 1114592 1114845 1115408 1115640 1115929 1116658 1118364 1118367 1118368 1120402 1123043 1123685 1123919 1125007 1126117 1126118 1126119 1128220 1128246 1128383 1128828 1129576 1130557 1133297 1133808 1134193 1134217 1134353 1134524 1135123 1135254 1135709 1136234 1136717 1137624 1137832 1138793 1138869 1138939 1139083 1139083 1139937 1139939 1140016 1140647 1141059 1141897 1142614 1142649 1142654 1143194 1143273 1144047 1144793 1145716 1146705 1146866 1148517 1148643 1148987 1149145 1149429 1149995 1150451 1151023 1151023 1152101 1152590 1152692 1153943 1153946 1154036 1154037 1154295 1154661 1154884 1154887 1155141 1155199 1155271 1155327 1155337 1155338 1155339 1156205 1156913 1157051 1157278 1157794 1158095 1158095 1158921 1159928 1160571 1160735 1160970 1160979 1161168 1161215 1161216 1161218 1161219 1161220 1161239 1161276 1161517 1161521 1164562 1164950 1164950 1165539 1165780 1165780 1166028 1166260 1166510 1166510 1166748 1166881 1167674 1167898 1168345 1168699 1168771 1169357 1169512 1169569 1169582 1169944 1170527 1170667 1170713 1170771 1170964 1171313 1171656 1171740 1171762 1171872 1171883 1171924 1171962 1172021 1172055 1172396 1172442 1172505 1172566 1172698 1172704 1172798 1172846 1172958 1173026 1173027 1173307 1173311 1173404 1173409 1173410 1173470 1173471 1173972 1173983 1174079 1174154 1174465 1174551 1174593 1174736 1174753 1174817 1175109 1175110 1175168 1175193 1175194 1175443 1175448 1175449 1175519 1175568 1175811 1175830 1175831 1175844 1176092 1176123 1176179 1176201 1176547 1176674 1177047 1177460 1177460 1177460 1177460 1177460 1177479 1177533 1177658 1177695 1177858 1177955 1178346 1178350 1178353 1178387 1178512 1178577 1178624 1178666 1178666 1178667 1178667 1178668 1178668 1178675 1178680 1178727 1178775 1178807 1178823 1178909 1178943 1178944 1178961 1178961 1179025 1179203 1179398 1179399 1179431 1179491 1179503 1179593 1179691 1179691 1179738 1179765 1179945 1179945 1180020 1180073 1180083 1180138 1180596 1180603 1180603 1180713 1181011 1181122 1181319 1181358 1181443 1181644 1181831 1181872 1182016 1182039 1182040 1182279 1182331 1182333 1182408 1182411 1182412 1182413 1182415 1182416 1182417 1182418 1182419 1182420 1182604 1182790 1182791 1182899 1182959 1183012 1183064 1183094 1183118 1183118 1183118 1183154 1183168 1183370 1183371 1183791 1183852 1183933 1183934 1184124 1184136 1184358 1184435 1184614 1184687 1184690 1184994 1184994 1185163 1185190 1185408 1185408 1185409 1185409 1185410 1185410 1185438 1185540 1185562 1185698 1185807 1185828 1185924 1185925 1185926 1185952 1185958 1185972 1186015 1186049 1186071 1186114 1186411 1186489 1186561 1186642 1186642 1187091 1187093 1187105 1187154 1187196 1187210 1187212 1187292 1187751 1187751 1187911 1187937 1188063 1188063 1188127 1188217 1188218 1188219 1188220 1188287 1188291 1188348 1188571 1188588 1188713 1189206 1189441 1189446 1189465 1189465 1189480 1189537 1189550 1189748 1189841 1190190 1190401 1190440 1190598 1190984 1191019 1191200 1191260 1191480 1191532 1191592 1191690 1191690 1191782 1191804 1191804 1191922 1192104 1192161 1192516 906079 915402 918346 953659 960273 985657 CVE-2015-0247 CVE-2015-1572 CVE-2016-3189 CVE-2017-17740 CVE-2017-3136 CVE-2017-7607 CVE-2017-7608 CVE-2017-7609 CVE-2017-7610 CVE-2017-7611 CVE-2017-7612 CVE-2017-7613 CVE-2018-10360 CVE-2018-14404 CVE-2018-14567 CVE-2018-16062 CVE-2018-16402 CVE-2018-16403 CVE-2018-17953 CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 CVE-2018-19211 CVE-2018-20843 CVE-2018-5741 CVE-2018-9251 CVE-2019-12290 CVE-2019-12749 CVE-2019-12900 CVE-2019-12900 CVE-2019-12904 CVE-2019-13057 CVE-2019-13565 CVE-2019-13627 CVE-2019-14250 CVE-2019-14866 CVE-2019-14889 CVE-2019-14889 CVE-2019-15847 CVE-2019-15903 CVE-2019-17594 CVE-2019-17595 CVE-2019-18218 CVE-2019-18224 CVE-2019-19956 CVE-2019-19956 CVE-2019-20388 CVE-2019-5021 CVE-2019-5094 CVE-2019-5188 CVE-2019-6477 CVE-2019-6706 CVE-2019-7150 CVE-2019-7665 CVE-2019-8905 CVE-2019-8906 CVE-2019-8907 CVE-2019-9893 CVE-2020-11080 CVE-2020-11501 CVE-2020-12049 CVE-2020-12243 CVE-2020-13529 CVE-2020-13844 CVE-2020-14349 CVE-2020-14350 CVE-2020-15719 CVE-2020-1730 CVE-2020-1971 CVE-2020-24370 CVE-2020-24371 CVE-2020-24977 CVE-2020-25692 CVE-2020-25694 CVE-2020-25694 CVE-2020-25695 CVE-2020-25695 CVE-2020-25696 CVE-2020-25696 CVE-2020-25709 CVE-2020-25710 CVE-2020-28196 CVE-2020-35512 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2020-7595 CVE-2020-8023 CVE-2020-8025 CVE-2020-8027 CVE-2020-8169 CVE-2020-8177 CVE-2020-8231 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2020-8616 CVE-2020-8617 CVE-2020-8618 CVE-2020-8619 CVE-2020-8620 CVE-2020-8621 CVE-2020-8622 CVE-2020-8623 CVE-2020-8624 CVE-2021-20229 CVE-2021-22876 CVE-2021-22890 CVE-2021-22898 CVE-2021-22922 CVE-2021-22923 CVE-2021-22924 CVE-2021-22925 CVE-2021-23214 CVE-2021-23222 CVE-2021-23840 CVE-2021-23841 CVE-2021-24031 CVE-2021-24032 CVE-2021-27212 CVE-2021-32027 CVE-2021-32028 CVE-2021-32029 CVE-2021-33560 CVE-2021-33574 CVE-2021-33910 CVE-2021-33910 CVE-2021-3393 CVE-2021-3449 CVE-2021-3516 CVE-2021-3516 CVE-2021-3517 CVE-2021-3517 CVE-2021-3518 CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 CVE-2021-3541 CVE-2021-35942 CVE-2021-36222 CVE-2021-3677 CVE-2021-38185 CVE-2021-38185 SLE-5807 SLE-6533 SLE-6536 SLE-9132 ----------------------------------------------------------------- The container trento/trento-db was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1332-1 Released: Tue Jul 17 09:01:19 2018 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1073299,1093392 This update for timezone provides the following fixes: - North Korea switches back from +0830 to +09 on 2018-05-05. - Ireland's standard time is in the summer, with negative DST offset to standard time used in Winter. (bsc#1073299) - yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid setting an incorrect timezone. (bsc#1093392) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:1353-1 Released: Thu Jul 19 09:50:32 2018 Summary: Security update for e2fsprogs Type: security Severity: moderate References: 1009532,1038194,915402,918346,960273,CVE-2015-0247,CVE-2015-1572 This update for e2fsprogs fixes the following issues: Security issues fixed: - CVE-2015-0247: Fixed couple of heap overflows in e2fsprogs (fsck, dumpe2fs, e2image...) (bsc#915402). - CVE-2015-1572: Fixed potential buffer overflow in closefs() (bsc#918346). Bug fixes: - bsc#1038194: generic/405 test fails with /dev/mapper/thin-vol is inconsistent on ext4 file system. - bsc#1009532: resize2fs hangs when trying to resize a large ext4 file system. - bsc#960273: xfsprogs does not call %{?regenerate_initrd_post}. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1999-1 Released: Tue Sep 25 08:20:35 2018 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1071321 This update for zlib provides the following fixes: - Speedup zlib on power8. (fate#325307) - Add safeguard against negative values in uInt. (bsc#1071321) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2055-1 Released: Thu Sep 27 14:30:14 2018 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1089640 This update for openldap2 provides the following fix: - Fix slapd segfaults in mdb_env_reader_dest. (bsc#1089640) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2182-1 Released: Tue Oct 9 11:08:36 2018 Summary: Security update for libxml2 Type: security Severity: moderate References: 1088279,1102046,1105166,CVE-2018-14404,CVE-2018-14567,CVE-2018-9251 This update for libxml2 fixes the following security issues: - CVE-2018-9251: The xz_decomp function allowed remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint (bsc#1088279) - CVE-2018-14567: Prevent denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint (bsc#1105166) - CVE-2018-14404: Prevent NULL pointer dereference in the xmlXPathCompOpEval() function when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case leading to a denial of service attack (bsc#1102046) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2370-1 Released: Mon Oct 22 14:02:01 2018 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1102310,1104531 This update for aaa_base provides the following fixes: - Let bash.bashrc work even for (m)ksh. (bsc#1104531) - Fix an error at login if java system directory is empty. (bsc#1102310) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2463-1 Released: Thu Oct 25 14:48:34 2018 Summary: Recommended update for timezone, timezone-java Type: recommended Severity: moderate References: 1104700,1112310 This update for timezone, timezone-java fixes the following issues: The timezone database was updated to 2018f: - Volgograd moves from +03 to +04 on 2018-10-28. - Fiji ends DST 2019-01-13, not 2019-01-20. - Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700) - Corrections to past timestamps of DST transitions - Use 'PST' and 'PDT' for Philippine time - minor code changes to zic handling of the TZif format - documentation updates Other bugfixes: - Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2550-1 Released: Wed Oct 31 16:16:56 2018 Summary: Recommended update for timezone, timezone-java Type: recommended Severity: moderate References: 1113554 This update provides the latest time zone definitions (2018g), including the following change: - Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2569-1 Released: Fri Nov 2 19:00:18 2018 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1110700 This update for pam fixes the following issues: - Remove limits for nproc from /etc/security/limits.conf (bsc#1110700) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2607-1 Released: Wed Nov 7 15:42:48 2018 Summary: Optional update for gcc8 Type: recommended Severity: low References: 1084812,1084842,1087550,1094222,1102564 The GNU Compiler GCC 8 is being added to the Development Tools Module by this update. The update also supplies gcc8 compatible libstdc++, libgcc_s1 and other gcc derived libraries for the Basesystem module of SUSE Linux Enterprise 15. Various optimizers have been improved in GCC 8, several of bugs fixed, quite some new warnings added and the error pin-pointing and fix-suggestions have been greatly improved. The GNU Compiler page for GCC 8 contains a summary of all the changes that have happened: https://gcc.gnu.org/gcc-8/changes.html Also changes needed or common pitfalls when porting software are described on: https://gcc.gnu.org/gcc-8/porting_to.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2825-1 Released: Mon Dec 3 15:35:02 2018 Summary: Security update for pam Type: security Severity: important References: 1115640,CVE-2018-17953 This update for pam fixes the following issue: Security issue fixed: - CVE-2018-17953: Fixed IP address and subnet handling of pam_access.so that was not honoured correctly when a single host was specified (bsc#1115640). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2861-1 Released: Thu Dec 6 14:32:01 2018 Summary: Security update for ncurses Type: security Severity: important References: 1103320,1115929,CVE-2018-19211 This update for ncurses fixes the following issues: Security issue fixed: - CVE-2018-19211: Fixed denial of service issue that was triggered by a NULL pointer dereference at function _nc_parse_entry (bsc#1115929). Non-security issue fixed: - Remove scree.xterm from terminfo data base as with this screen uses fallback TERM=screen (bsc#1103320). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:44-1 Released: Tue Jan 8 13:07:32 2019 Summary: Recommended update for acl Type: recommended Severity: low References: 953659 This update for acl fixes the following issues: - test: Add helper library to fake passwd/group files. - quote: Escape literal backslashes. (bsc#953659) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:102-1 Released: Tue Jan 15 18:02:58 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1120402 This update for timezone fixes the following issues: - Update 2018i: S?o Tom? and Pr?ncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402) - Update 2018h: Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21 New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move Metlakatla, Alaska observes PST this winter only Guess Morocco will continue to adjust clocks around Ramadan Add predictions for Iran from 2038 through 2090 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:247-1 Released: Wed Feb 6 07:18:45 2019 Summary: Security update for lua53 Type: security Severity: moderate References: 1123043,CVE-2019-6706 This update for lua53 fixes the following issues: Security issue fixed: - CVE-2019-6706: Fixed a use-after-free bug in the lua_upvaluejoin function of lapi.c (bsc#1123043) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:369-1 Released: Wed Feb 13 14:01:42 2019 Summary: Recommended update for itstool Type: recommended Severity: moderate References: 1065270,1111019 This update for itstool and python-libxml2-python fixes the following issues: Package: itstool - Updated version to support Python3. (bnc#1111019) Package: python-libxml2-python - Fix segfault when parsing invalid data. (bsc#1065270) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:571-1 Released: Thu Mar 7 18:13:46 2019 Summary: Security update for file Type: security Severity: moderate References: 1096974,1096984,1126117,1126118,1126119,CVE-2018-10360,CVE-2019-8905,CVE-2019-8906,CVE-2019-8907 This update for file fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-10360: Fixed an out-of-bounds read in the function do_core_note in readelf.c, which allowed remote attackers to cause a denial of service (application crash) via a crafted ELF file (bsc#1096974) - CVE-2019-8905: Fixed a stack-based buffer over-read in do_core_note in readelf.c (bsc#1126118) - CVE-2019-8906: Fixed an out-of-bounds read in do_core_note in readelf. c (bsc#1126119) - CVE-2019-8907: Fixed a stack corruption in do_core_note in readelf.c (bsc#1126117) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:732-1 Released: Mon Mar 25 14:10:04 2019 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1088524,1118364,1128246 This update for aaa_base fixes the following issues: - Restore old position of ssh/sudo source of profile (bsc#1118364). - Update logic for JRE_HOME env variable (bsc#1128246) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:790-1 Released: Thu Mar 28 12:06:17 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1130557 This update for timezone fixes the following issues: timezone was updated 2019a: * Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23 * Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00 * Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25) * zic now has an -r option to limit the time range of output data ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1002-1 Released: Wed Apr 24 10:13:34 2019 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1110304,1129576 This update for zlib fixes the following issues: - Fixes a segmentation fault error (bsc#1110304, bsc#1129576) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1206-1 Released: Fri May 10 14:01:55 2019 Summary: Security update for bzip2 Type: security Severity: low References: 985657,CVE-2016-3189 This update for bzip2 fixes the following issues: Security issue fixed: - CVE-2016-3189: Fixed a use-after-free in bzip2recover (bsc#985657). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1312-1 Released: Wed May 22 12:19:12 2019 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1096191 This update for aaa_base fixes the following issue: * Shell detection in /etc/profile and /etc/bash.bashrc was broken within AppArmor-confined containers (bsc#1096191) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1368-1 Released: Tue May 28 13:15:38 2019 Summary: Recommended update for sles12sp3-docker-image, sles12sp4-image, system-user-root Type: security Severity: important References: 1134524,CVE-2019-5021 This update for sles12sp3-docker-image, sles12sp4-image, system-user-root fixes the following issues: - CVE-2019-5021: Include an invalidated root password by default, not an empty one (bsc#1134524) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1484-1 Released: Thu Jun 13 07:46:46 2019 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1128383 This update for e2fsprogs fixes the following issues: - Check and fix tails of all bitmap blocks (bsc#1128383) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1486-1 Released: Thu Jun 13 09:40:24 2019 Summary: Security update for elfutils Type: security Severity: moderate References: 1033084,1033085,1033086,1033087,1033088,1033089,1033090,1106390,1107066,1107067,1111973,1112723,1112726,1123685,1125007,CVE-2017-7607,CVE-2017-7608,CVE-2017-7609,CVE-2017-7610,CVE-2017-7611,CVE-2017-7612,CVE-2017-7613,CVE-2018-16062,CVE-2018-16402,CVE-2018-16403,CVE-2018-18310,CVE-2018-18520,CVE-2018-18521,CVE-2019-7150,CVE-2019-7665 This update for elfutils fixes the following issues: Security issues fixed: - CVE-2017-7607: Fixed a heap-based buffer overflow in handle_gnu_hash (bsc#1033084) - CVE-2017-7608: Fixed a heap-based buffer overflow in ebl_object_note_type_name() (bsc#1033085) - CVE-2017-7609: Fixed a memory allocation failure in __libelf_decompress (bsc#1033086) - CVE-2017-7610: Fixed a heap-based buffer overflow in check_group (bsc#1033087) - CVE-2017-7611: Fixed a denial of service via a crafted ELF file (bsc#1033088) - CVE-2017-7612: Fixed a denial of service in check_sysv_hash() via a crafted ELF file (bsc#1033089) - CVE-2017-7613: Fixed denial of service caused by the missing validation of the number of sections and the number of segments in a crafted ELF file (bsc#1033090) - CVE-2018-16062: Fixed a heap-buffer overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390) - CVE-2018-16402: Fixed a denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) - CVE-2018-16403: Fixed a heap buffer overflow in readelf (bsc#1107067) - CVE-2018-18310: Fixed an invalid address read problem in dwfl_segment_report_module.c (bsc#1111973) - CVE-2018-18520: Fixed bad handling of ar files inside are files (bsc#1112726) - CVE-2018-18521: Fixed a denial of service vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723) - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685) - CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (bsc#1125007) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1595-1 Released: Fri Jun 21 10:17:44 2019 Summary: Security update for dbus-1 Type: security Severity: important References: 1137832,CVE-2019-12749 This update for dbus-1 fixes the following issues: Security issue fixed: - CVE-2019-12749: Fixed an implementation flaw in DBUS_COOKIE_SHA1 which could have allowed local attackers to bypass authentication (bsc#1137832). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1631-1 Released: Fri Jun 21 11:17:21 2019 Summary: Recommended update for xz Type: recommended Severity: low References: 1135709 This update for xz fixes the following issues: Add SUSE-Public-Domain licence as some parts of xz utils (liblzma, xz, xzdec, lzmadec, documentation, translated messages, tests, debug, extra directory) are in public domain licence [bsc#1135709] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1635-1 Released: Fri Jun 21 12:45:53 2019 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1134217 This update for krb5 provides the following fix: - Move LDAP schema files from /usr/share/doc/packages/krb5 to /usr/share/kerberos/ldap. (bsc#1134217) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1700-1 Released: Tue Jun 25 13:19:21 2019 Summary: Security update for libssh Type: recommended Severity: moderate References: 1134193 This update for libssh fixes the following issue: Issue addressed: - Added support for new AES-GCM encryption types (bsc#1134193). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1808-1 Released: Wed Jul 10 13:16:29 2019 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1133808 This update for libgcrypt fixes the following issues: - Fixed redundant fips tests in some situations causing sudo to stop working when pam-kwallet is installed. bsc#1133808 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1815-1 Released: Thu Jul 11 07:47:55 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1140016 This update for timezone fixes the following issues: - Timezone update 2019b. (bsc#1140016): - Brazil no longer observes DST. - 'zic -b slim' outputs smaller TZif files. - Palestine's 2019 spring-forward transition was on 03-29, not 03-30. - Add info about the Crimea situation. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1835-1 Released: Fri Jul 12 18:06:31 2019 Summary: Security update for expat Type: security Severity: moderate References: 1139937,CVE-2018-20843 This update for expat fixes the following issues: Security issue fixed: - CVE-2018-20843: Fixed a denial of service triggered by high resource consumption in the XML parser when XML names contain a large amount of colons (bsc#1139937). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1846-1 Released: Mon Jul 15 11:36:33 2019 Summary: Security update for bzip2 Type: security Severity: important References: 1139083,CVE-2019-12900 This update for bzip2 fixes the following issues: Security issue fixed: - CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1139083). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1971-1 Released: Thu Jul 25 14:58:52 2019 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1138939,CVE-2019-12904 This update for libgcrypt fixes the following issues: Security issue fixed: - CVE-2019-12904: Fixed a flush-and-reload side-channel attack in the AES implementation (bsc#1138939). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1994-1 Released: Fri Jul 26 16:12:05 2019 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1135123 This update for libxml2 fixes the following issues: - Added a new configurable variable XPATH_DEFAULT_MAX_NODESET_LENGTH to avoid nodeset limit when processing large XML files. (bsc#1135123) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2004-1 Released: Mon Jul 29 13:01:59 2019 Summary: Security update for bzip2 Type: security Severity: important References: 1139083,CVE-2019-12900 This update for bzip2 fixes the following issues: - Fixed a regression with the fix for CVE-2019-12900, which caused incompatibilities with files that used many selectors (bsc#1139083). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2097-1 Released: Fri Aug 9 09:31:17 2019 Summary: Recommended update for libgcrypt Type: recommended Severity: important References: 1097073 This update for libgcrypt fixes the following issues: - Fixed a regression where system were unable to boot in fips mode, caused by an incomplete implementation of previous change (bsc#1097073). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2134-1 Released: Wed Aug 14 11:54:56 2019 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1136717,1137624,1141059,SLE-5807 This update for zlib fixes the following issues: - Update the s390 patchset. (bsc#1137624) - Tweak zlib-power8 to have type of crc32_vpmsum conform to usage. (bsc#1141059) - Use FAT LTO objects in order to provide proper static library. - Do not enable the previous patchset on s390 but just s390x. (bsc#1137624) - Add patchset for s390 improvements. (jsc#SLE-5807, bsc#1136717) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2188-1 Released: Wed Aug 21 10:10:29 2019 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1140647 This update for aaa_base fixes the following issues: - Make systemd detection cgroup oblivious. (bsc#1140647) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2361-1 Released: Thu Sep 12 07:54:54 2019 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1081947,1144047 This update for krb5 contains the following fixes: - Integrate pam_keyinit PAM module, ksu-pam.d. (bsc#1081947) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2395-1 Released: Wed Sep 18 08:31:38 2019 Summary: Security update for openldap2 Type: security Severity: moderate References: 1073313,1111388,1114845,1143194,1143273,CVE-2017-17740,CVE-2019-13057,CVE-2019-13565 This update for openldap2 fixes the following issues: Security issue fixed: - CVE-2019-13565: Fixed an authentication bypass when using SASL authentication and session encryption (bsc#1143194). - CVE-2019-13057: Fixed an issue with delegated database admin privileges (bsc#1143273). - CVE-2017-17740: When both the nops module and the member of overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation. (bsc#1073313) Non-security issues fixed: - Fixed broken shebang line in openldap_update_modules_path.sh (bsc#1114845). - Create files in /var/lib/ldap/ during initial start to allow for transactional updates (bsc#1111388) - Fixed incorrect post script call causing tmpfiles creation not to be run (bsc#1111388). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2423-1 Released: Fri Sep 20 16:41:45 2019 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1146866,SLE-9132 This update for aaa_base fixes the following issues: Added sysctl.d/51-network.conf to tighten network security (bsc#1146866) (jira#SLE-9132) Following settings have been tightened (and set to 0): - net.ipv4.conf.all.accept_redirects - net.ipv4.conf.default.accept_redirects - net.ipv4.conf.default.accept_source_route - net.ipv6.conf.all.accept_redirects - net.ipv6.conf.default.accept_redirects ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2429-1 Released: Mon Sep 23 09:28:40 2019 Summary: Security update for expat Type: security Severity: moderate References: 1149429,CVE-2019-15903 This update for expat fixes the following issues: Security issues fixed: - CVE-2019-15903: Fixed heap-based buffer over-read caused by crafted XML input. (bsc#1149429) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2517-1 Released: Wed Oct 2 10:49:20 2019 Summary: Security update for libseccomp Type: security Severity: moderate References: 1082318,1128828,1142614,CVE-2019-9893 This update for libseccomp fixes the following issues: Security issues fixed: - CVE-2019-9893: An incorrect generation of syscall filters in libseccomp was fixed (bsc#1128828) libseccomp was updated to new upstream release 2.4.1: - Fix a BPF generation bug where the optimizer mistakenly identified duplicate BPF code blocks. libseccomp was updated to 2.4.0 (bsc#1128828 CVE-2019-9893): - Update the syscall table for Linux v5.0-rc5 - Added support for the SCMP_ACT_KILL_PROCESS action - Added support for the SCMP_ACT_LOG action and SCMP_FLTATR_CTL_LOG attribute - Added explicit 32-bit (SCMP_AX_32(...)) and 64-bit (SCMP_AX_64(...)) argument comparison macros to help protect against unexpected sign extension - Added support for the parisc and parisc64 architectures - Added the ability to query and set the libseccomp API level via seccomp_api_get(3) and seccomp_api_set(3) - Return -EDOM on an endian mismatch when adding an architecture to a filter - Renumber the pseudo syscall number for subpage_prot() so it no longer conflicts with spu_run() - Fix PFC generation when a syscall is prioritized, but no rule exists - Numerous fixes to the seccomp-bpf filter generation code - Switch our internal hashing function to jhash/Lookup3 to MurmurHash3 - Numerous tests added to the included test suite, coverage now at ~92% - Update our Travis CI configuration to use Ubuntu 16.04 - Numerous documentation fixes and updates libseccomp was updated to release 2.3.3: - Updated the syscall table for Linux v4.15-rc7 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2676-1 Released: Tue Oct 15 21:06:54 2019 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1145716,1152101,CVE-2019-5094 This update for e2fsprogs fixes the following issues: Security issue fixed: - CVE-2019-5094: Fixed an arbitrary code execution via specially crafted ext4 file systems. (bsc#1152101) Non-security issue fixed: - libext2fs: Call fsync(2) to clear stale errors for a new a unix I/O channel. (bsc#1145716) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2762-1 Released: Thu Oct 24 07:08:44 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1150451 This update for timezone fixes the following issues: - Fiji observes DST from 2019-11-10 to 2020-01-12. - Norfolk Island starts observing Australian-style DST. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2870-1 Released: Thu Oct 31 08:09:14 2019 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1051143,1138869,1151023 This update for aaa_base provides the following fixes: - Check if variables can be set before modifying them to avoid warnings on login with a restricted shell. (bsc#1138869) - Add s390x compressed kernel support. (bsc#1151023) - service: Check if there is a second argument before using it. (bsc#1051143) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2997-1 Released: Mon Nov 18 15:16:38 2019 Summary: Security update for ncurses Type: security Severity: moderate References: 1103320,1154036,1154037,CVE-2019-17594,CVE-2019-17595 This update for ncurses fixes the following issues: Security issues fixed: - CVE-2019-17594: Fixed a heap-based buffer over-read in the _nc_find_entry function (bsc#1154036). - CVE-2019-17595: Fixed a heap-based buffer over-read in the fmt_entry function (bsc#1154037). Non-security issue fixed: - Removed screen.xterm from terminfo database (bsc#1103320). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3059-1 Released: Mon Nov 25 17:33:07 2019 Summary: Security update for cpio Type: security Severity: moderate References: 1155199,CVE-2019-14866 This update for cpio fixes the following issues: - CVE-2019-14866: Fixed an improper validation of the values written in the header of a TAR file through the to_oct() function which could have led to unexpected TAR generation (bsc#1155199). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3061-1 Released: Mon Nov 25 17:34:22 2019 Summary: Security update for gcc9 Type: security Severity: moderate References: 1114592,1135254,1141897,1142649,1142654,1148517,1149145,CVE-2019-14250,CVE-2019-15847,SLE-6533,SLE-6536 This update includes the GNU Compiler Collection 9. A full changelog is provided by the GCC team on: https://www.gnu.org/software/gcc/gcc-9/changes.html The base system compiler libraries libgcc_s1, libstdc++6 and others are now built by the gcc 9 packages. To use it, install 'gcc9' or 'gcc9-c++' or other compiler brands and use CC=gcc-9 / CXX=g++-9 during configuration for using it. Security issues fixed: - CVE-2019-15847: Fixed a miscompilation in the POWER9 back end, that optimized multiple calls of the __builtin_darn intrinsic into a single call. (bsc#1149145) - CVE-2019-14250: Fixed a heap overflow in the LTO linker. (bsc#1142649) Non-security issues fixed: - Split out libstdc++ pretty-printers into a separate package supplementing gdb and the installed runtime. (bsc#1135254) - Fixed miscompilation for vector shift on s390. (bsc#1141897) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3086-1 Released: Thu Nov 28 10:02:24 2019 Summary: Security update for libidn2 Type: security Severity: moderate References: 1154884,1154887,CVE-2019-12290,CVE-2019-18224 This update for libidn2 to version 2.2.0 fixes the following issues: - CVE-2019-12290: Fixed an improper round-trip check when converting A-labels to U-labels (bsc#1154884). - CVE-2019-18224: Fixed a heap-based buffer overflow that was caused by long domain strings (bsc#1154887). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3087-1 Released: Thu Nov 28 10:03:00 2019 Summary: Security update for libxml2 Type: security Severity: low References: 1123919 This update for libxml2 doesn't fix any additional security issues, but correct its rpm changelog to reflect all CVEs that have been fixed over the past. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3118-1 Released: Fri Nov 29 14:41:35 2019 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1154295 This update for e2fsprogs fixes the following issues: - Make minimum size estimates more reliable for mounted filesystem. (bsc#1154295) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3166-1 Released: Wed Dec 4 11:24:42 2019 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1007715,1084934,1157278 This update for aaa_base fixes the following issues: - Use official key binding functions in inputrc that is replace up-history with previous-history, down-history with next-history and backward-delete-word with backward-kill-word. (bsc#1084934) - Add some missed key escape sequences for urxvt-unicode terminal as well. (bsc#1007715) - Clear broken ghost entry in patch which breaks 'readline'. (bsc#1157278) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3267-1 Released: Wed Dec 11 11:19:53 2019 Summary: Security update for libssh Type: security Severity: important References: 1158095,CVE-2019-14889 This update for libssh fixes the following issues: - CVE-2019-14889: Fixed an arbitrary command execution (bsc#1158095). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3392-1 Released: Fri Dec 27 13:33:29 2019 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1148987,1155338,1155339,CVE-2019-13627 This update for libgcrypt fixes the following issues: Security issues fixed: - CVE-2019-13627: Mitigation against an ECDSA timing attack (bsc#1148987). Bug fixes: - Added CMAC AES self test (bsc#1155339). - Added CMAC TDES self test missing (bsc#1155338). - Fix test dsa-rfc6979 in FIPS mode. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:129-1 Released: Mon Jan 20 09:21:13 2020 Summary: Security update for libssh Type: security Severity: important References: 1158095,CVE-2019-14889 This update for libssh fixes the following issues: - CVE-2019-14889: Fixed an unwanted command execution in scp caused by unsanitized location (bsc#1158095). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:256-1 Released: Wed Jan 29 09:39:17 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1157794,1160970 This update for aaa_base fixes the following issues: - Improves the way how the Java path is created to fix an issue with sapjvm. (bsc#1157794) - Drop 'dev.cdrom.autoclose' = 0 from sysctl config. (bsc#1160970) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:265-1 Released: Thu Jan 30 14:05:34 2020 Summary: Security update for e2fsprogs Type: security Severity: moderate References: 1160571,CVE-2019-5188 This update for e2fsprogs fixes the following issues: - CVE-2019-5188: Fixed a code execution vulnerability in the directory rehashing functionality (bsc#1160571). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:339-1 Released: Thu Feb 6 13:03:22 2020 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1158921 This update for openldap2 provides the following fix: - Add libldap-data to the product (as it contains ldap.conf). (bsc#1158921) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:451-1 Released: Tue Feb 25 10:50:35 2020 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1155337,1161215,1161216,1161218,1161219,1161220 This update for libgcrypt fixes the following issues: - ECDSA: Check range of coordinates (bsc#1161216) - FIPS: libgcrypt DSA PQG parameter generation: Missing value [bsc#1161219] - FIPS: libgcrypt DSA PQG verification incorrect results [bsc#1161215] - FIPS: libgcrypt RSA siggen/keygen: 4k not supported [bsc#1161220] - FIPS: keywrap gives incorrect results [bsc#1161218] - FIPS: RSA/DSA/ECDSA are missing hashing operation [bsc#1155337] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:480-1 Released: Tue Feb 25 17:38:22 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1160735 This update for aaa_base fixes the following issues: - Change 'rp_filter' to increase the default priority to ethernet over the wifi. (bsc#1160735) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:525-1 Released: Fri Feb 28 11:49:36 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1164562 This update for pam fixes the following issues: - Add libdb as build-time dependency to enable pam_userdb module. Enable pam_userdb.so (jsc#sle-7258, bsc#1164562) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:597-1 Released: Thu Mar 5 15:24:09 2020 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1164950 This update for libgcrypt fixes the following issues: - FIPS: Run the self-tests from the constructor [bsc#1164950] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:633-1 Released: Tue Mar 10 16:23:08 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1139939,1151023 This update for aaa_base fixes the following issues: - get_kernel_version: fix for current kernel on s390x (bsc#1151023, bsc#1139939) - added '-h'/'--help' to the command old - change feedback url from http://www.suse.de/feedback to https://github.com/openSUSE/aaa_base/issues ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:689-1 Released: Fri Mar 13 17:09:01 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1166510 This update for PAM fixes the following issue: - The license of libdb linked against pam_userdb is not always wanted, so we temporary disabled pam_userdb again. It will be published in a different package at a later time. (bsc#1166510) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:846-1 Released: Thu Apr 2 07:24:07 2020 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1164950,1166748,1167674 This update for libgcrypt fixes the following issues: - FIPS: Remove an unneeded check in _gcry_global_constructor (bsc#1164950) - FIPS: Fix drbg to be threadsafe (bsc#1167674) - FIPS: Run self-tests from constructor during power-on [bsc#1166748] * Set up global_init as the constructor function: * Relax the entropy requirements on selftest. This is especially important for virtual machines to boot properly before the RNG is available: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:917-1 Released: Fri Apr 3 15:02:25 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1166510 This update for pam fixes the following issues: - Moved pam_userdb into a separate package pam-extra. (bsc#1166510) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:948-1 Released: Wed Apr 8 07:44:21 2020 Summary: Security update for gmp, gnutls, libnettle Type: security Severity: moderate References: 1152692,1155327,1166881,1168345,CVE-2020-11501 This update for gmp, gnutls, libnettle fixes the following issues: Security issue fixed: - CVE-2020-11501: Fixed zero random value in DTLS client hello (bsc#1168345) FIPS related bugfixes: - FIPS: Install checksums for binary integrity verification which are required when running in FIPS mode (bsc#1152692, jsc#SLE-9518) - FIPS: Fixed a cfb8 decryption issue, no longer truncate output IV if input is shorter than block size. (bsc#1166881) - FIPS: Added Diffie Hellman public key verification test. (bsc#1155327) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:961-1 Released: Wed Apr 8 13:34:06 2020 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1160979 This update for e2fsprogs fixes the following issues: - e2fsck: clarify overflow link count error message (bsc#1160979) - ext2fs: update allocation info earlier in ext2fs_mkdir() (bsc#1160979) - ext2fs: implement dir entry creation in htree directories (bsc#1160979) - tests: add test to excercise indexed directories with metadata_csum (bsc#1160979) - tune2fs: update dir checksums when clearing dir_index feature (bsc#1160979) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:967-1 Released: Thu Apr 9 11:41:53 2020 Summary: Security update for libssh Type: security Severity: moderate References: 1168699,CVE-2020-1730 This update for libssh fixes the following issues: - CVE-2020-1730: Fixed a possible denial of service when using AES-CTR (bsc#1168699). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1063-1 Released: Wed Apr 22 10:46:50 2020 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1165539,1169569 This update for libgcrypt fixes the following issues: This update for libgcrypt fixes the following issues: - FIPS: Switch the PCT to use the new signature operation (bsc#1165539) - FIPS: Verify that the generated signature and the original input differ in test_keys function for RSA, DSA and ECC (bsc#1165539) - Add zero-padding when qx and qy have different lengths when assembling the Q point from affine coordinates. - Ship the FIPS checksum file in the shared library package and create a separate trigger file for the FIPS selftests (bsc#1169569) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1214-1 Released: Thu May 7 11:20:34 2020 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1169944 This update for libgcrypt fixes the following issues: - FIPS: libgcrypt: Fixed a double free in test_keys() on failed signature verification (bsc#1169944) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1219-1 Released: Thu May 7 17:10:42 2020 Summary: Security update for openldap2 Type: security Severity: important References: 1170771,CVE-2020-12243 This update for openldap2 fixes the following issues: - CVE-2020-12243: Fixed a denial of service related to recursive filters (bsc#1170771). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1226-1 Released: Fri May 8 10:51:05 2020 Summary: Recommended update for gcc9 Type: recommended Severity: moderate References: 1149995,1152590,1167898 This update for gcc9 fixes the following issues: This update ships the GCC 9.3 release. - Includes a fix for Internal compiler error when building HepMC (bsc#1167898) - Includes fix for binutils version parsing - Add libstdc++6-pp provides and conflicts to avoid file conflicts with same minor version of libstdc++6-pp from gcc10. - Add gcc9 autodetect -g at lto link (bsc#1149995) - Install go tool buildid for bootstrapping go ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1294-1 Released: Mon May 18 07:38:36 2020 Summary: Security update for file Type: security Severity: moderate References: 1154661,1169512,CVE-2019-18218 This update for file fixes the following issues: Security issues fixed: - CVE-2019-18218: Fixed a heap-based buffer overflow in cdf_read_property_info() (bsc#1154661). Non-security issue fixed: - Fixed broken '--help' output (bsc#1169512). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1299-1 Released: Mon May 18 07:43:21 2020 Summary: Security update for libxml2 Type: security Severity: moderate References: 1159928,1161517,1161521,CVE-2019-19956,CVE-2019-20388,CVE-2020-7595 This update for libxml2 fixes the following issues: - CVE-2019-20388: Fixed a memory leak in xmlSchemaPreRun (bsc#1161521). - CVE-2019-19956: Fixed a memory leak (bsc#1159928). - CVE-2020-7595: Fixed an infinite loop in an EOF situation (bsc#1161517). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1303-1 Released: Mon May 18 09:40:36 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1169582 This update for timezone fixes the following issues: - timezone update 2020a. (bsc#1169582) * Morocco springs forward on 2020-05-31, not 2020-05-24. * Canada's Yukon advanced to -07 year-round on 2020-03-08. * America/Nuuk renamed from America/Godthab. * zic now supports expiration dates for leap second lists. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1328-1 Released: Mon May 18 17:16:04 2020 Summary: Recommended update for grep Type: recommended Severity: moderate References: 1155271 This update for grep fixes the following issues: - Update testsuite expectations, no functional changes (bsc#1155271) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1361-1 Released: Thu May 21 09:31:18 2020 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1171872 This update for libgcrypt fixes the following issues: - FIPS: RSA/DSA/ECC test_keys() print out debug messages only in debug mode (bsc#1171872) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1370-1 Released: Thu May 21 19:06:00 2020 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: moderate References: 1171656 This update for systemd-presets-branding-SLE fixes the following issues: Cleanup of outdated autostart services (bsc#1171656): - Remove acpid.service. acpid is only available on SLE via openSUSE backports. In openSUSE acpid.service is *not* autostarted. I see no reason why it should be on SLE. - Remove spamassassin.timer. This timer never seems to have existed. Instead spamassassin ships a 'sa-update.timer'. But it is not default-enabled and nobody ever complained about this. - Remove snapd.apparmor.service: This service was proactively added a year ago, but snapd didn't even make it into openSUSE yet. There's no reason to keep this entry unless snapd actually enters SLE which is not foreseeable. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1404-1 Released: Mon May 25 15:32:34 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1138793,1166260 This update for zlib fixes the following issues: - Including the latest fixes from IBM (bsc#1166260) IBM Z mainframes starting from version z15 provide DFLTCC instruction, which implements deflate algorithm in hardware with estimated compression and decompression performance orders of magnitude faster than the current zlib and ratio comparable with that of level 1. - Add SUSE specific fix to solve bsc#1138793. The fix will avoid to test if the app was linked with exactly same version of zlib like the one that is present on the runtime. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1506-1 Released: Fri May 29 17:22:11 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1087982,1170527 This update for aaa_base fixes the following issues: - Not all XTerm based emulators do have a terminfo entry. (bsc#1087982) - Better support of Midnight Commander. (bsc#1170527) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1532-1 Released: Thu Jun 4 10:16:12 2020 Summary: Security update for libxml2 Type: security Severity: moderate References: 1172021,CVE-2019-19956 This update for libxml2 fixes the following issues: - CVE-2019-19956: Reverted the upstream fix for this memory leak because it introduced other, more severe vulnerabilities (bsc#1172021). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1542-1 Released: Thu Jun 4 13:24:37 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1172055 This update for timezone fixes the following issue: - zdump --version reported 'unknown' (bsc#1172055) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1733-1 Released: Wed Jun 24 09:43:36 2020 Summary: Security update for curl Type: security Severity: important References: 1173026,1173027,CVE-2020-8169,CVE-2020-8177 This update for curl fixes the following issues: - CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option (bsc#1173027). - CVE-2020-8169: Fixed an issue where could have led to partial password leak over DNS on HTTP redirect (bsc#1173026). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1759-1 Released: Thu Jun 25 18:44:37 2020 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1169357 This update for krb5 fixes the following issue: - Call systemd to reload the services instead of init-scripts. (bsc#1169357) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1795-1 Released: Mon Jun 29 11:22:45 2020 Summary: Recommended update for lvm2 Type: recommended Severity: important References: 1172566 This update for lvm2 fixes the following issues: - Fix potential data loss problem with LVM cache (bsc#1172566) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1396-1 Released: Fri Jul 3 12:33:05 2020 Summary: Security update for zstd Type: security Severity: moderate References: 1082318,1133297 This update for zstd fixes the following issues: - Fix for build error caused by wrong static libraries. (bsc#1133297) - Correction in spec file marking the license as documentation. (bsc#1082318) - Add new package for SLE-15. (jsc#ECO-1886) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1856-1 Released: Mon Jul 6 17:05:51 2020 Summary: Security update for openldap2 Type: security Severity: important References: 1172698,1172704,CVE-2020-8023 This update for openldap2 fixes the following issues: - CVE-2020-8023: Fixed a potential local privilege escalation from ldap to root when OPENLDAP_CONFIG_BACKEND='ldap' was used (bsc#1172698). - Changed DB_CONFIG to root:ldap permissions (bsc#1172704). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1954-1 Released: Sat Jul 18 03:07:15 2020 Summary: Recommended update for cracklib Type: recommended Severity: moderate References: 1172396 This update for cracklib fixes the following issues: - Fixed a buffer overflow when processing long words. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2006-1 Released: Wed Jul 22 16:00:52 2020 Summary: Recommended update for postgresql, postgresql12 Type: recommended Severity: moderate References: 1148643,1171924 This update for postgresql, postgresql12 fixes the following issues: Postgresql12 was updated to 12.3 (bsc#1171924). - https://www.postgresql.org/about/news/2038/ - https://www.postgresql.org/docs/12/release-12-3.html - Let postgresqlXX conflict with postgresql-noarch < 12.0.1 to get a clean and complete cutover to the new packaging schema. Also changed in the postgresql wrapper package: - Bump version to 12.0.1, so that the binary packages also have a cut-point to conflict with. - Conflict with versions of the binary packages prior to the May 2020 update, because we changed the package layout at that point and need a clean cutover. - Bump package version to 12, but leave default at 10 for SLE-15 and SLE-15-SP1. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2083-1 Released: Thu Jul 30 10:27:59 2020 Summary: Recommended update for diffutils Type: recommended Severity: moderate References: 1156913 This update for diffutils fixes the following issue: - Disable a sporadically failing test for ppc64 and ppc64le builds. (bsc#1156913) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2265-1 Released: Tue Aug 18 12:08:55 2020 Summary: Security update for postgresql12 Type: security Severity: important References: 1175193,1175194,CVE-2020-14349,CVE-2020-14350 This update for postgresql12 fixes the following issues: - update to 12.4: * CVE-2020-14349, bsc#1175193: Set a secure search_path in logical replication walsenders and apply workers * CVE-2020-14350, bsc#1175194: Make contrib modules' installation scripts more secure. * https://www.postgresql.org/docs/12/release-12-4.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2384-1 Released: Sat Aug 29 00:57:13 2020 Summary: Recommended update for e2fsprogs Type: recommended Severity: low References: 1170964 This update for e2fsprogs fixes the following issues: - Fix for an issue when system message with placeholders are not properly replaced. (bsc#1170964) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2420-1 Released: Tue Sep 1 13:48:35 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1174551,1174736 This update for zlib provides the following fixes: - Permit a deflateParams() parameter change as soon as possible. (bsc#1174736) - Fix DFLTCC not flushing EOBS when creating raw streams. (bsc#1174551) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2445-1 Released: Wed Sep 2 09:33:02 2020 Summary: Security update for curl Type: security Severity: moderate References: 1175109,CVE-2020-8231 This update for curl fixes the following issues: - An application that performs multiple requests with libcurl's multi API and sets the 'CURLOPT_CONNECT_ONLY' option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl will pick and use the wrong connection and instead pick another one the application has created since then. [bsc#1175109, CVE-2020-8231] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2581-1 Released: Wed Sep 9 13:07:07 2020 Summary: Security update for openldap2 Type: security Severity: moderate References: 1174154,CVE-2020-15719 This update for openldap2 fixes the following issues: - bsc#1174154 - CVE-2020-15719 - This resolves an issue with x509 SAN's falling back to CN validation in violation of rfc6125. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2612-1 Released: Fri Sep 11 11:18:01 2020 Summary: Security update for libxml2 Type: security Severity: moderate References: 1176179,CVE-2020-24977 This update for libxml2 fixes the following issues: - CVE-2020-24977: Fixed a global-buffer-overflow in xmlEncodeEntitiesInternal (bsc#1176179). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2651-1 Released: Wed Sep 16 14:42:55 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1175811,1175830,1175831 This update for zlib fixes the following issues: - Fix compression level switching (bsc#1175811, bsc#1175830, bsc#1175831) - Enable hardware compression on s390/s390x (jsc#SLE-13776) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2704-1 Released: Tue Sep 22 15:06:36 2020 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1174079 This update for krb5 fixes the following issue: - Fix prefix reported by krb5-config, libraries and headers are not installed under /usr/lib/mit prefix. (bsc#1174079) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2712-1 Released: Tue Sep 22 17:08:03 2020 Summary: Security update for openldap2 Type: security Severity: moderate References: 1175568,CVE-2020-8027 This update for openldap2 fixes the following issues: - CVE-2020-8027: openldap_update_modules_path.sh starts daemons unconditionally and uses fixed paths in /tmp (bsc#1175568). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2850-1 Released: Fri Oct 2 12:26:03 2020 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1175110 This update for lvm2 fixes the following issues: - Fixed an issue when the hot spares in LVM not added automatically. (bsc#1175110) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2852-1 Released: Fri Oct 2 16:55:39 2020 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1173470,1175844 This update for openssl-1_1 fixes the following issues: FIPS: * Include ECDH/DH Requirements from SP800-56Arev3 (bsc#1175844, bsc#1173470). * Add shared secret KAT to FIPS DH selftest (bsc#1175844). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2869-1 Released: Tue Oct 6 16:13:20 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1011548,1153943,1153946,1161239,1171762 This update for aaa_base fixes the following issues: - DIR_COLORS (bug#1006973): - add screen.xterm-256color - add TERM rxvt-unicode-256color - sort and merge TERM entries in etc/DIR_COLORS - check for Packages.db and use this instead of Packages. (bsc#1171762) - Rename path() to _path() to avoid using a general name. - refresh_initrd call modprobe as /sbin/modprobe (bsc#1011548) - etc/profile add some missing ;; in case esac statements - profile and csh.login: on s390x set TERM to dumb on dumb terminal (bsc#1153946) - backup-rpmdb: exit if zypper is running (bsc#1161239) - Add color alias for ip command (jsc#sle-9880, jsc#SLE-7679, bsc#1153943) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2893-1 Released: Mon Oct 12 14:14:55 2020 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1177479 This update for openssl-1_1 fixes the following issues: - Restore private key check in EC_KEY_check_key (bsc#1177479) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2914-1 Released: Tue Oct 13 17:25:20 2020 Summary: Security update for bind Type: security Severity: moderate References: 1100369,1109160,1118367,1118368,1128220,1156205,1157051,1161168,1170667,1170713,1171313,1171740,1172958,1173307,1173311,1173983,1175443,1176092,1176674,906079,CVE-2017-3136,CVE-2018-5741,CVE-2019-6477,CVE-2020-8616,CVE-2020-8617,CVE-2020-8618,CVE-2020-8619,CVE-2020-8620,CVE-2020-8621,CVE-2020-8622,CVE-2020-8623,CVE-2020-8624 This update for bind fixes the following issues: BIND was upgraded to version 9.16.6: Note: - bind is now more strict in regards to DNSSEC. If queries are not working, check for DNSSEC issues. For instance, if bind is used in a namserver forwarder chain, the forwarding DNS servers must support DNSSEC. Fixing security issues: - CVE-2020-8616: Further limit the number of queries that can be triggered from a request. Root and TLD servers are no longer exempt from max-recursion-queries. Fetches for missing name server. (bsc#1171740) Address records are limited to 4 for any domain. - CVE-2020-8617: Replaying a TSIG BADTIME response as a request could trigger an assertion failure. (bsc#1171740) - CVE-2019-6477: Fixed an issue where TCP-pipelined queries could bypass the tcp-clients limit (bsc#1157051). - CVE-2018-5741: Fixed the documentation (bsc#1109160). - CVE-2020-8618: It was possible to trigger an INSIST when determining whether a record would fit into a TCP message buffer (bsc#1172958). - CVE-2020-8619: It was possible to trigger an INSIST in lib/dns/rbtdb.c:new_reference() with a particular zone content and query patterns (bsc#1172958). - CVE-2020-8624: 'update-policy' rules of type 'subdomain' were incorrectly treated as 'zonesub' rules, which allowed keys used in 'subdomain' rules to update names outside of the specified subdomains. The problem was fixed by making sure 'subdomain' rules are again processed as described in the ARM (bsc#1175443). - CVE-2020-8623: When BIND 9 was compiled with native PKCS#11 support, it was possible to trigger an assertion failure in code determining the number of bits in the PKCS#11 RSA public key with a specially crafted packet (bsc#1175443). - CVE-2020-8621: named could crash in certain query resolution scenarios where QNAME minimization and forwarding were both enabled (bsc#1175443). - CVE-2020-8620: It was possible to trigger an assertion failure by sending a specially crafted large TCP DNS message (bsc#1175443). - CVE-2020-8622: It was possible to trigger an assertion failure when verifying the response to a TSIG-signed request (bsc#1175443). Other issues fixed: - Add engine support to OpenSSL EdDSA implementation. - Add engine support to OpenSSL ECDSA implementation. - Update PKCS#11 EdDSA implementation to PKCS#11 v3.0. - Warn about AXFR streams with inconsistent message IDs. - Make ISC rwlock implementation the default again. - Fixed issues when using cookie-secrets for AES and SHA2 (bsc#1161168) - Installed the default files in /var/lib/named and created chroot environment on systems using transactional-updates (bsc#1100369, fate#325524) - Fixed an issue where bind was not working in FIPS mode (bsc#906079). - Fixed dependency issues (bsc#1118367 and bsc#1118368). - GeoIP support is now discontinued, now GeoIP2 is used(bsc#1156205). - Fixed an issue with FIPS (bsc#1128220). - The liblwres library is discontinued upstream and is no longer included. - Added service dependency on NTP to make sure the clock is accurate when bind is starts (bsc#1170667, bsc#1170713). - Reject DS records at the zone apex when loading master files. Log but otherwise ignore attempts to add DS records at the zone apex via UPDATE. - The default value of 'max-stale-ttl' has been changed from 1 week to 12 hours. - Zone timers are now exported via statistics channel. - The 'primary' and 'secondary' keywords, when used as parameters for 'check-names', were not processed correctly and were being ignored. - 'rndc dnstap -roll ' did not limit the number of saved files to . - Add 'rndc dnssec -status' command. - Addressed a couple of situations where named could crash. - Changed /var/lib/named to owner root:named and perms rwxrwxr-t so that named, being a/the only member of the 'named' group has full r/w access yet cannot change directories owned by root in the case of a compromized named. [bsc#1173307, bind-chrootenv.conf] - Added '/etc/bind.keys' to NAMED_CONF_INCLUDE_FILES in /etc/sysconfig/named to suppress warning message re missing file (bsc#1173983). - Removed '-r /dev/urandom' from all invocations of rndc-confgen (init/named system/lwresd.init system/named.init in vendor-files) as this option is deprecated and causes rndc-confgen to fail. (bsc#1173311, bsc#1176674, bsc#1170713) - /usr/bin/genDDNSkey: Removing the use of the -r option in the call of /usr/sbin/dnssec-keygen as BIND now uses the random number functions provided by the crypto library (i.e., OpenSSL or a PKCS#11 provider) as a source of randomness rather than /dev/random. Therefore the -r command line option no longer has any effect on dnssec-keygen. Leaving the option in genDDNSkey as to not break compatibility. Patch provided by Stefan Eisenwiener. [bsc#1171313] - Put libns into a separate subpackage to avoid file conflicts in the libisc subpackage due to different sonums (bsc#1176092). - Require /sbin/start_daemon: both init scripts, the one used in systemd context as well as legacy sysv, make use of start_daemon. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2947-1 Released: Fri Oct 16 15:23:07 2020 Summary: Security update for gcc10, nvptx-tools Type: security Severity: moderate References: 1172798,1172846,1173972,1174753,1174817,1175168,CVE-2020-13844 This update for gcc10, nvptx-tools fixes the following issues: This update provides the GCC10 compiler suite and runtime libraries. The base SUSE Linux Enterprise libraries libgcc_s1, libstdc++6 are replaced by the gcc10 variants. The new compiler variants are available with '-10' suffix, you can specify them via: CC=gcc-10 CXX=g++-10 or similar commands. For a detailed changelog check out https://gcc.gnu.org/gcc-10/changes.html Changes in nvptx-tools: - Enable build on aarch64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2983-1 Released: Wed Oct 21 15:03:03 2020 Summary: Recommended update for file Type: recommended Severity: moderate References: 1176123 This update for file fixes the following issues: - Fixes an issue when file displays broken 'ELF' interpreter. (bsc#1176123) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3099-1 Released: Thu Oct 29 19:33:41 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020b (bsc#1177460) * Revised predictions for Morocco's changes starting in 2023. * Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08. * Macquarie Island has stayed in sync with Tasmania since 2011. * Casey, Antarctica is at +08 in winter and +11 in summer. * zic no longer supports -y, nor the TYPE field of Rules. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3123-1 Released: Tue Nov 3 09:48:13 2020 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1178346,1178350,1178353 This update for timezone fixes the following issues: - Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353) - Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460) - Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3313-1 Released: Thu Nov 12 16:07:37 2020 Summary: Security update for openldap2 Type: security Severity: important References: 1178387,CVE-2020-25692 This update for openldap2 fixes the following issues: - CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules (bsc#1178387). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3377-1 Released: Thu Nov 19 09:29:32 2020 Summary: Security update for krb5 Type: security Severity: moderate References: 1178512,CVE-2020-28196 This update for krb5 fixes the following security issue: - CVE-2020-28196: Fixed an unbounded recursion via an ASN.1-encoded Kerberos message (bsc#1178512). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3462-1 Released: Fri Nov 20 13:14:35 2020 Summary: Recommended update for pam and sudo Type: recommended Severity: moderate References: 1174593,1177858,1178727 This update for pam and sudo fixes the following issue: pam: - pam_xauth: do not *free* a string which has been successfully passed to *putenv*. (bsc#1177858) - Initialize the local variable *daysleft* to avoid a misleading warning for password expire days. (bsc#1178727) - Run /usr/bin/xauth using the old user's and group's identifiers. (bsc#1174593) sudo: - Fix a problem with pam_xauth which checks effective and real uids to get the real identity of the user. (bsc#1174593) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3463-1 Released: Fri Nov 20 13:49:58 2020 Summary: Security update for postgresql12 Type: security Severity: important References: 1178666,1178667,1178668,CVE-2020-25694,CVE-2020-25695,CVE-2020-25696 This update for postgresql12 fixes the following issues: - Upgrade to version 12.5: * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. * CVE-2020-25694, bsc#1178667: a) Fix usage of complex connection-string parameters in pg_dump, pg_restore, clusterdb, reindexdb, and vacuumdb. b) When psql's \connect command re-uses connection parameters, ensure that all non-overridden parameters from a previous connection string are re-used. * CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from modifying specially-treated variables. * Fix recently-added timetz test case so it works when the USA is not observing daylight savings time. * https://www.postgresql.org/about/news/2111/ * https://www.postgresql.org/docs/12/release-12-5.html - Stop building the mini and lib packages as they are now coming from postgresql13. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3620-1 Released: Thu Dec 3 17:03:55 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issues: - Check if the password is part of the username. (jsc#SLE-16719, jsc#SLE-16720) - Check whether the password contains a substring of of the user's name of at least `` characters length in some form. This is enabled by the new parameter `usersubstr=` ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3703-1 Released: Mon Dec 7 20:17:32 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1179431 This update for aaa_base fixes the following issue: - Avoid semicolon within (t)csh login script on S/390. (bsc#1179431) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3721-1 Released: Wed Dec 9 13:36:46 2020 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1179491,CVE-2020-1971 This update for openssl-1_1 fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3735-1 Released: Wed Dec 9 18:19:24 2020 Summary: Security update for curl Type: security Severity: moderate References: 1179398,1179399,1179593,CVE-2020-8284,CVE-2020-8285,CVE-2020-8286 This update for curl fixes the following issues: - CVE-2020-8286: Fixed improper OSCP verification in the client side (bsc#1179593). - CVE-2020-8285: Fixed a stack overflow due to FTP wildcard (bsc#1179399). - CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP (bsc#1179398). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3791-1 Released: Mon Dec 14 17:39:19 2020 Summary: Recommended update for gzip Type: recommended Severity: moderate References: This update for gzip fixes the following issue: - Enable `DFLTCC` (Deflate Conversion Call) compression for s390x for levels 1-6 to `CFLAGS`. (jsc#SLE-13775) Enable by adding `-DDFLTCC_LEVEL_MASK=0x7e` to `CFLAGS`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:6-1 Released: Mon Jan 4 07:05:06 2021 Summary: Recommended update for libdlm Type: recommended Severity: moderate References: 1098449,1144793,1168771,1177533,1177658 This update for libdlm fixes the following issues: - Rework libdlm3 require with a shared library version tag instead so it propagates to all consuming packages.(bsc#1177658, bsc#1098449) - Add support for type 'uint64_t' to corosync ringid. (bsc#1168771) - Include some fixes/enhancements for dlm_controld. (bsc#1144793) - Fixed an issue where /boot logical volume was accidentally unmounted. (bsc#1177533) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:105-1 Released: Tue Jan 12 19:50:06 2021 Summary: Recommended update for postgresql12 Type: recommended Severity: low References: 1178961 This update for postgresql12 fixes the following issues: - Marked symlinks to pg_config and ecpg as ghost files, so that rpm doesn't complain when they are not there (bsc#1178961) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:129-1 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:152-1 Released: Fri Jan 15 17:04:47 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1179691,1179738 This update for lvm2 fixes the following issues: - Fix for lvm2 to use udev as external device by default. (bsc#1179691) - Fixed an issue in configuration for an item that is commented out by default. (bsc#1179738) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:175-1 Released: Wed Jan 20 09:23:50 2021 Summary: Security update for postgresql, postgresql13 Type: security Severity: moderate References: 1178666,1178667,1178668,1178961,CVE-2020-25694,CVE-2020-25695,CVE-2020-25696 This update for postgresql, postgresql13 fixes the following issues: This update ships postgresql13. Upgrade to version 13.1: * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. * CVE-2020-25694, bsc#1178667: a) Fix usage of complex connection-string parameters in pg_dump, pg_restore, clusterdb, reindexdb, and vacuumdb. b) When psql's \connect command re-uses connection parameters, ensure that all non-overridden parameters from a previous connection string are re-used. * CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from modifying specially-treated variables. * Fix recently-added timetz test case so it works when the USA is not observing daylight savings time. (obsoletes postgresql-timetz.patch) * https://www.postgresql.org/about/news/2111/ * https://www.postgresql.org/docs/13/release-13-1.html Initial packaging of PostgreSQL 13: * https://www.postgresql.org/about/news/2077/ * https://www.postgresql.org/docs/13/release-13.html - bsc#1178961: %ghost the symlinks to pg_config and ecpg. Changes in postgresql wrapper package: - Bump major version to 13. - We also transfer PostgreSQL 9.4.26 to the new package layout in SLE12-SP2 and newer. Reflect this in the conflict with postgresql94. - Also conflict with PostgreSQL versions before 9. - Conflicting with older versions is not limited to SLE. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:179-1 Released: Wed Jan 20 13:38:51 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:197-1 Released: Fri Jan 22 15:17:42 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1171883,CVE-2020-8025 This update for permissions fixes the following issues: - Update to version 20181224: * pcp: remove no longer needed / conflicting entries (bsc#1171883, CVE-2020-8025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:278-1 Released: Tue Feb 2 09:43:08 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1181319 This update for lvm2 fixes the following issues: - Backport 'lvmlockd' to adopt orphan locks feature. (bsc#1181319) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:293-1 Released: Wed Feb 3 12:52:34 2021 Summary: Recommended update for gmp Type: recommended Severity: moderate References: 1180603 This update for gmp fixes the following issues: - correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:301-1 Released: Thu Feb 4 08:46:27 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:302-1 Released: Thu Feb 4 13:18:35 2021 Summary: Recommended update for lvm2 Type: recommended Severity: important References: 1179691 This update for lvm2 fixes the following issues: - lvm2 will no longer use external_device_info_source='udev' as default because it introduced a regression (bsc#1179691). If this behavior is still wanted, please change this manually in the lvm.conf ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:339-1 Released: Mon Feb 8 13:16:07 2021 Summary: Optional update for pam Type: optional Severity: low References: This update for pam fixes the following issues: - Added rpm macros for this package, so that other packages can make use of it This patch is optional to be installed - it doesn't fix any bugs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:543-1 Released: Mon Feb 22 13:54:49 2021 Summary: Security update for postgresql13 Type: security Severity: moderate References: 1179765,1182039,1182040,CVE-2021-20229,CVE-2021-3393 This update for postgresql13 fixes the following issues: Upgrade to version 13.2: * Updating stored views and reindexing might be needed after applying this update. * CVE-2021-3393, bsc#1182040: Fix information leakage in constraint-violation error messages. * CVE-2021-20229, bsc#1182039: Fix failure to check per-column SELECT privileges in some join queries. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:723-1 Released: Mon Mar 8 16:45:27 2021 Summary: Security update for openldap2 Type: security Severity: important References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:754-1 Released: Tue Mar 9 17:10:49 2021 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1182331,1182333,1182959,CVE-2021-23840,CVE-2021-23841 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) - Fixed unresolved error codes in FIPS (bsc#1182959). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:786-1 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1176201 This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:926-1 Released: Tue Mar 23 13:20:24 2021 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: 1083473,1112500,1115408,1165780,1183012 This update for systemd-presets-common-SUSE fixes the following issues: - Add default user preset containing: - enable `pulseaudio.socket` (bsc#1083473) - enable `pipewire.socket` (bsc#1183012) - enable `pipewire-pulse.socket` (bsc#1183012) - enable `pipewire-media-session.service` (used with pipewire >= 0.3.23) - Changes to the default preset: - enable `btrfsmaintenance-refresh.path`. - disable `btrfsmaintenance-refresh.service`. - enable `dnf-makecache.timer`. - enable `ignition-firstboot-complete.service`. - enable logwatch.timer and avoid to have logwatch out of sync with logrotate. (bsc#1112500) - enable `mlocate.timer`. Recent versions of mlocate don't use `updatedb.timer` any more. (bsc#1115408) - remove enable `updatedb.timer` - Avoid needless refresh on boot. (bsc#1165780) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:927-1 Released: Tue Mar 23 14:07:05 2021 Summary: Recommended update for libreoffice Type: recommended Severity: moderate References: 1041090,1049382,1116658,1136234,1155141,1173404,1173409,1173410,1173471,1174465,1176547,1177955,1178807,1178943,1178944,1179025,1179203,1181122,1181644,1181872,1182790 This update for libreoffice provides the upgrade from version 6.4.5.2 to 7.1.1.2 (jsc#ECO-3150, bsc#1182790) libreoffice: - Image shown with different aspect ratio (bsc#1176547) - Text changes are reproducibly lost on PPTX with SmartArt (bsc#1181644) - Adjust to new Box2D and enable KDE on SUSE Linux Enterprise 15-SP3 or newer (jsc#ECO-3375) - Wrong bullet points in Impress (bsc#1174465) - SmartArt: text wrongly aligned, background boxes not quite right (bsc#1177955) - Update the SUSE color palette to reflect the new SUSE branding. (bsc#1181122, bsc#1173471) - SUSE Mint - SUSE Midnight Blue - SUSE Waterhole Blue - SUSE Persimmon - Fix a crash opening a PPTX. (bsc#1179025) - Fix text box from PowerPoint renders vertically instead of horizontally (bsc#1178807) - Shadow effects for table completely missing (bsc#1178944, bsc#1178943) - Disable firebird integration for the time being (bsc#1179203) - Fixes hang on Writer on scrolling/saving of a document (bsc#1136234) - Wrong rendering of bulleted lists in PPTX document (bsc#1155141) - Sidebar: paragraph widget: numeric fields become inactive/unaccessible after saving (bsc#1173404) - Crash of Writer opening any document having 'invalid' python file in home directory (bsc#1116658) libixion: Update to 0.16.1: - fixed a build issue on 32-bit linux platforms, caused by slicing of integer string ID values. - worked around floating point rounding errors which prevented two theoretically-equal numeric values from being evaluated as equal in test code. - added new function to allow printing of single formula tokens. - added method for setting cached results on formula cells in model_context. - changed the model_context design to ensure that all sheets are of the same size. - added an accessor method to formula_model_access interface (and implicitly in model_context) that directly returns a string value from cell. - added cell_access class for querying of cell states without knowing its type ahead of time. - added document class which provides a layer on top of model_context, to abstract away the handling of formula calculations. - deprecated model_context::erase_cell() in favor of empty_cell(). - added support for 3D references - references that contain multiple sheets. - added support for the exponent (^) and concatenation (&) operators. - fixed incorrect handling of range references containing whole columns such as A:A. - added support for unordered range references - range references whose start row or column is greater than their end position counterparts, such as A3:A1. - fixed a bug that prevented nested formula functions from working properly. - implemented Calc A1 style reference resolver. - formula results now directly store the string values when the results are of string type. They previously stored string ID values after interning the original strings. - Removed build-time dependency on spdlog. libmwaw: Update to 0.3.17: - add a parser for Jazz(Lotus) writer and spreasheet files. The writer parser can only be called if the file still contains its resource fork - add a parser for Canvas 3 and 3.5 files - AppleWorks parser: try to retrieve more Windows presentation - add a parser for Drawing Table files - add a parser for Canvas 2 files - API: add new reserved enums in MWAWDocument.hxx `MWAW_T_RESERVED10..MWAW_T_RESERVED29` and add a new define in libmwaw.hxx `MWAW_INTERFACE_VERSION` to check if these enums are defined - remove the QuarkXPress parser (must be in libqxp) - retrieve the annotation in MsWord 5 document - try to better understand RagTime 5-6 document libnumbertext: Update to 1.0.6 liborcus: Update to 0.16.1 - Add upstream changes to fix build with GCC 11 (bsc#1181872) libstaroffice: Update to 0.0.7: - fix `text:sender-lastname` when creating meta-data libwps: Update to 0.4.11: - XYWrite: add a parser to .fil v2 and v4 files - wks,wk1: correct some problems when retrieving cell's reference. glfw: New package provided on version 3.3.2: - See also: https://www.glfw.org/changelog.html - Sort list of input files to geany for reproducible builds (bsc#1049382, bsc#1041090) * Require pkgconfig(gl) for the devel package to supply needed include GL/gl.h * glfwFocusWindow could terminate on older WMs or without a WM * Creating an undecorated window could fail with BadMatch * Querying a disconnected monitor could segfault * Video modes with a duplicate screen area were discarded * The CMake files did not check for the XInput headers * Key names were not updated when the keyboard layout changed * Decorations could not be enabled after window creation * Content scale fallback value could be inconsistent * Disabled cursor mode was interrupted by indicator windows * Monitor physical dimensions could be reported as zero mm * Window position events were not emitted during resizing * Added on-demand loading of Vulkan and context creation API libraries * [X11] Bugfix: Window size limits were ignored if the minimum or maximum size was set to `GLFW_DONT_CARE` * [X11] Bugfix: Input focus was set before window was visible, causing BadMatch on some non-reparenting WMs * [X11] Bugfix: glfwGetWindowPos and glfwSetWindowPos operated on the window frame instead of the client area * [WGL] Added reporting of errors from `WGL_ARB_create_context` extension * [EGL] Added lib prefix matching between EGL and OpenGL ES library binaries * [EGL] Bugfix: Dynamically loaded entry points were not verified - Made build of geany-tags optional. Box2D: New package provided on version 2.4.1: * Extended distance joint to have a minimum and maximum limit. * `B2_USER_SETTINGS` and `b2_user_settings.h` can control user data, length units, and maximum polygon vertices. * Default user data is now uintptr_t instead of void* * b2FixtureDef::restitutionThreshold lets you set the restitution velocity threshold per fixture. * Collision * Chain and edge shape must now be one-sided to eliminate ghost collisions * Broad-phase optimizations * Added b2ShapeCast for linear shape casting * Dynamics * Joint limits are now predictive and not stateful * Experimental 2D cloth (rope) * b2Body::SetActive -> b2Body::SetEnabled * Better support for running multiple worlds * Handle zero density better * The body behaves like a static body * The body is drawn with a red color * Added translation limit to wheel joint * World dump now writes to box2d_dump.inl * Static bodies are never awake * All joints with spring-dampers now use stiffness and damping * Added utility functions to convert frequency and damping ratio to stiffness and damping * Polygon creation now computes the convex hull. * The convex hull code will merge vertices closer than dm_linearSlop. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:930-1 Released: Wed Mar 24 12:09:23 2021 Summary: Security update for nghttp2 Type: security Severity: important References: 1172442,1181358,CVE-2020-11080 This update for nghttp2 fixes the following issues: - CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:948-1 Released: Wed Mar 24 14:31:34 2021 Summary: Security update for zstd Type: security Severity: moderate References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032 This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371). - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:955-1 Released: Thu Mar 25 16:11:48 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1183852,CVE-2021-3449 This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1004-1 Released: Thu Apr 1 15:07:09 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1006-1 Released: Thu Apr 1 17:44:57 2021 Summary: Security update for curl Type: security Severity: moderate References: 1183933,1183934,CVE-2021-22876,CVE-2021-22890 This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934) - CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1018-1 Released: Tue Apr 6 14:29:13 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1180713 This update for gzip fixes the following issues: - Fixes an issue when 'gzexe' counts the lines to skip wrong. (bsc#1180713) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1141-1 Released: Mon Apr 12 13:13:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1182791 This update for openldap2 fixes the following issues: - Improved the proxy connection timeout options to prune connections properly (bsc#1182791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1289-1 Released: Wed Apr 21 14:02:46 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1177047 This update for gzip fixes the following issues: - Fixed a potential segfault when zlib acceleration is enabled (bsc#1177047) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1295-1 Released: Wed Apr 21 14:08:19 2021 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: 1184136 This update for systemd-presets-common-SUSE fixes the following issues: - Enabled hcn-init.service for HNV on POWER (bsc#1184136) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1296-1 Released: Wed Apr 21 14:09:28 2021 Summary: Optional update for e2fsprogs Type: optional Severity: low References: 1183791 This update for e2fsprogs fixes the following issues: - Fixed an issue when building e2fsprogs (bsc#1183791) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1407-1 Released: Wed Apr 28 15:49:02 2021 Summary: Recommended update for libcap Type: recommended Severity: important References: 1184690 This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1449-1 Released: Fri Apr 30 08:08:25 2021 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: moderate References: 1165780 This update for systemd-presets-branding-SLE fixes the following issues: - Don't enable 'btrfsmaintenance-refresh.service', 'btrfsmaintenance' is managed by systemd-presets-common-SUSE instead. (bsc#1165780) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1466-1 Released: Tue May 4 08:30:57 2021 Summary: Security update for permissions Type: security Severity: important References: 1182899 This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries (bsc#1182899) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1481-1 Released: Tue May 4 14:18:32 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1178680 This update for lvm2 fixes the following issues: - Add metadata-based autoactivation property for volume group and logical volume. (bsc#1178680) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1526-1 Released: Thu May 6 08:57:30 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1183064 This update for bash fixes the following issues: - Fixed a segmentation fault that used to occur when bash read a history file that was malformed in a very specific way. (bsc#1183064) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1528-1 Released: Thu May 6 15:31:23 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1543-1 Released: Fri May 7 15:16:32 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1184435 This update for patterns-microos provides the following fix: - Require the libvirt-daemon-qemu package and include the needed dependencies in the product. (bsc#1184435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1565-1 Released: Tue May 11 14:20:04 2021 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1185163 This update for krb5 fixes the following issues: - Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163); ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1582-1 Released: Wed May 12 13:40:03 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1184687,1185190 This update for lvm2 fixes the following issues: - Honor 'lvm.conf' parameter event_activation=0 on 'pvscan --cache -aay'. (bsc#1185190) - Fixed and issue when LVM can't be disabled on boot. (bsc#1184687) - Update patch for avoiding apply warning messages. (bsc#1012973) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1612-1 Released: Fri May 14 17:09:39 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1643-1 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1181443,1184358,1185562 This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1654-1 Released: Wed May 19 16:43:36 2021 Summary: Security update for libxml2 Type: security Severity: important References: 1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1762-1 Released: Wed May 26 12:30:01 2021 Summary: Security update for curl Type: security Severity: moderate References: 1186114,CVE-2021-22898 This update for curl fixes the following issues: - CVE-2021-22898: Fixed curl TELNET stack contents disclosure (bsc#1186114). - Allow partial chain verification [jsc#SLE-17956] * Have intermediate certificates in the trust store be treated as trust-anchors, in the same way as self-signed root CA certificates are. This allows users to verify servers using the intermediate cert only, instead of needing the whole chain. * Set FLAG_TRUSTED_FIRST unconditionally. * Do not check partial chains with CRL check. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1785-1 Released: Thu May 27 16:44:19 2021 Summary: Security update for postgresql13 Type: security Severity: moderate References: 1179945,1183118,1183168,1185924,1185925,1185926,CVE-2021-32027,CVE-2021-32028,CVE-2021-32029 This update for postgresql13 fixes the following issues: - Upgrade to version 13.3: - CVE-2021-32027: Fixed integer overflows in array subscripting calculations (bsc#1185924). - CVE-2021-32028: Fixed mishandling of junk columns in INSERT ... ON CONFLICT ... UPDATE target lists (bsc#1185925). - CVE-2021-32029: Fixed possibly-incorrect computation of UPDATE ... RETURNING outputs for joined cross-partition updates (bsc#1185926). - Don't use %_stop_on_removal, because it was meant to be private and got removed from openSUSE. %_restart_on_update is also private, but still supported and needed for now (bsc#1183168). - Re-enable build of the llvmjit subpackage on SLE, but it will only be delivered on PackageHub for now (bsc#1183118). - Disable icu for PostgreSQL 10 (and older) on TW (bsc#1179945). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1825-1 Released: Tue Jun 1 16:24:01 2021 Summary: Security update for lz4 Type: security Severity: important References: 1185438,CVE-2021-3520 This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1861-1 Released: Fri Jun 4 09:59:40 2021 Summary: Recommended update for gcc10 Type: recommended Severity: moderate References: 1029961,1106014,1178577,1178624,1178675,1182016 This update for gcc10 fixes the following issues: - Disable nvptx offloading for aarch64 again since it doesn't work - Fixed a build failure issue. (bsc#1182016) - Fix for memory miscompilation on 'aarch64'. (bsc#1178624, bsc#1178577) - Fix 32bit 'libgnat.so' link. (bsc#1178675) - prepare usrmerge: Install libgcc_s into %_libdir. ABI wise it stays /%lib. (bsc#1029961) - Build complete set of multilibs for arm-none target. (bsc#1106014) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1917-1 Released: Wed Jun 9 14:48:05 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1186015,CVE-2021-3541 This update for libxml2 fixes the following issues: - CVE-2021-3541: Fixed exponential entity expansion attack bypasses all existing protection mechanisms. (bsc#1186015) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1935-1 Released: Thu Jun 10 10:45:09 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1186642 This update for gzip fixes the following issue: - gzip had a lower release number in 15 sp2 and sp3 than in 15 sp1, which could lead to migration issues. (bsc#1186642) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1937-1 Released: Thu Jun 10 10:47:09 2021 Summary: Recommended update for nghttp2 Type: recommended Severity: moderate References: 1186642 This update for nghttp2 fixes the following issue: - The (lib)nghttp2 packages had a lower release number in SUSE Linux Enterprise 15 sp2 and sp3 than in 15 sp1, which could lead to migration issues. (bsc#1186642) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1972-1 Released: Tue Jun 15 09:04:10 2021 Summary: Recommended update for sles15-image Type: recommended Severity: moderate References: This update for sles15-image fixes the following issues: - Add SLE_BCI repository (jsc#SLE-18095) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2157-1 Released: Thu Jun 24 15:40:14 2021 Summary: Security update for libgcrypt Type: security Severity: important References: 1187212,CVE-2021-33560 This update for libgcrypt fixes the following issues: - CVE-2021-33560: Fixed a side-channel against ElGamal encryption, caused by missing exponent blinding (bsc#1187212). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2173-1 Released: Mon Jun 28 14:59:45 2021 Summary: Recommended update for automake Type: recommended Severity: moderate References: 1040589,1047218,1182604,1185540,1186049 This update for automake fixes the following issues: - Implement generated autoconf makefiles reproducible (bsc#1182604) - Add fix to avoid date variations in docs. (bsc#1047218, jsc#SLE-17848) - Avoid bashisms in test-driver script. (bsc#1185540) This update for pcre fixes the following issues: - Do not run profiling 'check' in parallel to make package build reproducible. (bsc#1040589) This update for brp-check-suse fixes the following issues: - Add fixes to support reproducible builds. (bsc#1186049) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2178-1 Released: Mon Jun 28 15:56:15 2021 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: 1186561 This update for systemd-presets-common-SUSE fixes the following issues: When installing the systemd-presets-common-SUSE package for the first time in a new system, it might happen that some services are installed before systemd so the %systemd_pre/post macros would not work. This is handled by enabling all preset services in this package's %posttrans section but it wasn't enabling user services, just system services. Now it enables also the user services installed before this package (bsc#1186561) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2196-1 Released: Tue Jun 29 09:41:39 2021 Summary: Security update for lua53 Type: security Severity: moderate References: 1175448,1175449,CVE-2020-24370,CVE-2020-24371 This update for lua53 fixes the following issues: Update to version 5.3.6: - CVE-2020-24371: lgc.c mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage (bsc#1175449) - CVE-2020-24370: ldebug.c allows a negation overflow and segmentation fault in getlocal and setlocal (bsc#1175448) - Long brackets with a huge number of '=' overflow some internal buffer arithmetic. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2205-1 Released: Wed Jun 30 09:17:41 2021 Summary: Recommended update for openldap2 Type: recommended Severity: important References: 1187210 This update for openldap2 fixes the following issues: - Resolve issues in the idle / connection 'TTL' timeout implementation in OpenLDAP. (bsc#1187210) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2210-1 Released: Wed Jun 30 13:00:09 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1184124 This update for lvm2 fixes the following issues: - Link test as position independent executable and update packages with non-PIE binaries. (bsc#1184124) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2228-1 Released: Thu Jul 1 20:40:10 2021 Summary: Recommended update for postgresql Type: recommended Severity: moderate References: 1183118 This update for postgresql fixes the following issues: - Re-enable build of the 'llvmjit' subpackage on SLE. (bsc#1183118) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2290-1 Released: Fri Jul 9 19:03:39 2021 Summary: Recommended update for postgresql13 Type: recommended Severity: moderate References: 1183118,1187751 This update for postgresql13 fixes the following issue: - reduce requirement of clang and llvm to recommends in 'postgresql13-server-devel'. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2292-1 Released: Mon Jul 12 08:25:20 2021 Summary: Security update for dbus-1 Type: security Severity: important References: 1187105,CVE-2020-35512 This update for dbus-1 fixes the following issues: - CVE-2020-35512: Fixed a use-after-free or potential undefined behaviour caused by shared UID's (bsc#1187105) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2316-1 Released: Wed Jul 14 13:49:55 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1185807,1185828,1185958,1186411,1187154,1187292 This update for systemd fixes the following issues: - Restore framebuffer devices as possible master of seat. Until simpledrm driver is released, this change is prematured as some graphical chips don't have DRM driver and fallback to framebuffer. (bsc#1187154) - Fixed an issue when '/var/lock/subsys' dropped when the creation of 'filesystem' package took the initialization of the generic paths over. (bsc#1187292) - 'udev' requires systemd in its %post (bsc#1185958) nspawn: turn on higher optimization level in seccomp nspawn: return ENOSYS by default, EPERM for 'known' calls (bsc#1186411) shared/seccomp-util: added functionality to make list of filtred syscalls hared/syscall-list: filter out some obviously platform-specific syscalls shared/seccomp: reduce scope of indexing variables generate-syscall-list: require python3 shared: add @known syscall list meson: add syscall-names-update target shared/seccomp: use _cleanup_ in one more place home: fix homed.conf install location - We need to make sure that the creation of the symlinks is done after updating udev DB so if worker A is preempted by worker B before A updates the DB but after it creates the symlinks, worker B won't manage to overwrite the freshly created symlinks (by A) because A has still yet not registered the symlinks in the DB. (bsc#1185828) - Expect 644 permissions for /usr/lib/udev/compat-symlink-generation (bsc#1185807) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2394-1 Released: Mon Jul 19 12:06:53 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1177695,1187093 This update for suse-module-tools provides the following fixes: - Fix treatment of compressed modules. (bsc#1187093) - modprobe.d: Remove dma=none setting for parport_pc. (bsc#1177695) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2399-1 Released: Mon Jul 19 19:06:22 2021 Summary: Recommended update for release packages Type: recommended Severity: moderate References: 1099521 This update for the release packages provides the following fix: - Fix grub menu entries after migration from SLE-12*. (bsc#1099521) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2410-1 Released: Tue Jul 20 14:41:26 2021 Summary: Security update for systemd Type: security Severity: important References: 1188063,CVE-2021-33910 This update for systemd fixes the following issues: - CVE-2021-33910: Fixed a denial of service (stack exhaustion) in systemd (PID 1) (bsc#1188063) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2439-1 Released: Wed Jul 21 13:46:48 2021 Summary: Security update for curl Type: security Severity: moderate References: 1188217,1188218,1188219,1188220,CVE-2021-22922,CVE-2021-22923,CVE-2021-22924,CVE-2021-22925 This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220) - CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219) - CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218) - CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2456-1 Released: Thu Jul 22 15:28:39 2021 Summary: Recommended update for pam-config Type: recommended Severity: moderate References: 1187091 This update for pam-config fixes the following issues: - Add 'revoke' to the option list for 'pam_keyinit'. - Fixed an issue when pam-config fails to create a new service config file. (bsc#1187091) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2573-1 Released: Thu Jul 29 14:21:52 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1188127 This update for timezone fixes the following issue: - From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2627-1 Released: Thu Aug 5 12:10:46 2021 Summary: Recommended maintenance update for systemd-default-settings Type: recommended Severity: moderate References: 1188348 This update for systemd-default-settings fixes the following issue: - Solve a downgrade issue between SUSE Linux Enterprise SP3 and lower (bsc#1188348) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2689-1 Released: Mon Aug 16 10:54:52 2021 Summary: Security update for cpio Type: security Severity: important References: 1189206,CVE-2021-38185 This update for cpio fixes the following issues: It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2763-1 Released: Tue Aug 17 17:16:22 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465 This update for cpio fixes the following issues: - A regression in last update would cause builds to hang on various architectures(bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2780-1 Released: Thu Aug 19 16:09:15 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465,CVE-2021-38185 This update for cpio fixes the following issues: - A regression in the previous update could lead to crashes (bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2786-1 Released: Fri Aug 20 02:02:23 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1057452,1188287 This update for bash fixes the following issues: - Allow process group assignment even for modern kernels (bsc#1057452, bsc#1188287) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2800-1 Released: Fri Aug 20 10:43:04 2021 Summary: Security update for krb5 Type: security Severity: important References: 1188571,CVE-2021-36222 This update for krb5 fixes the following issues: - CVE-2021-36222: Fixed KDC null deref on bad encrypted challenge. (bsc#1188571) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2809-1 Released: Mon Aug 23 12:12:31 2021 Summary: Security update for systemd Type: security Severity: moderate References: 1166028,1171962,1184994,1185972,1188063,CVE-2020-13529,CVE-2021-33910 This update for systemd fixes the following issues: - Updated to version 246.15 - CVE-2021-33910: Fixed a denial of service issue in systemd. (bsc#1188063) - CVE-2020-13529: Fixed an issue that allows crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. (bsc#1185972) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2810-1 Released: Mon Aug 23 12:14:30 2021 Summary: Security update for dbus-1 Type: security Severity: moderate References: 1172505,CVE-2020-12049 This update for dbus-1 fixes the following issues: - CVE-2020-12049: truncated messages lead to resource exhaustion. (bsc#1172505) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2950-1 Released: Fri Sep 3 11:59:19 2021 Summary: Recommended update for pcre2 Type: recommended Severity: moderate References: 1187937 This update for pcre2 fixes the following issue: - Equalizes the result of a function that may have different output on s390x if compared to older (bsc#1187937) PHP versions. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3013-1 Released: Thu Sep 9 16:55:40 2021 Summary: Recommended update for patterns-base, patterns-server-enterprise, sles15-image Type: recommended Severity: moderate References: 1183154,1189550 This update for patterns-base, patterns-server-enterprise, sles15-image fixes the following issues: - Add pattern to install necessary packages for FIPS (bsc#1183154) - Add patterns-base-fips to work also in FIPS environments (bsc#1183154) - Use the same icon in the fips pattern as the previous pattern had (bsc#1189550) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3203-1 Released: Thu Sep 23 14:41:35 2021 Summary: Recommended update for kmod Type: recommended Severity: moderate References: 1189537,1190190 This update for kmod fixes the following issues: - Use docbook 4 rather than docbook 5 for building man pages (bsc#1190190). - Enable support for ZSTD compressed modules - Display module information even for modules built into the running kernel (bsc#1189537) - '/usr/lib' should override '/lib' where both are available. Support '/usr/lib' for depmod.d as well. - Remove test patches included in release 29 - Update to release 29 * Fix `modinfo -F` not working for built-in modules and certain fields. * Fix a memory leak, overflow and double free on error path. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3255-1 Released: Wed Sep 29 16:29:48 2021 Summary: Security update for postgresql13 Type: security Severity: moderate References: 1179945,1185952,1187751,1189748,CVE-2021-3677 This update for postgresql13 fixes the following issues: - CVE-2021-3677: Fixed memory disclosure in certain queries (bsc#1189748). - Fixed build with llvm12 on s390x (bsc#1185952). - Re-enabled icu for PostgreSQL 10 (bsc#1179945). - Made the dependency of postgresqlXX-server-devel on llvm and clang optional (bsc#1187751). - llvm12 breaks PostgreSQL 11 and 12 on s390x. Use llvm11 as a workaround (bsc#1185952). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3291-1 Released: Wed Oct 6 16:45:36 2021 Summary: Security update for glibc Type: security Severity: moderate References: 1186489,1187911,CVE-2021-33574,CVE-2021-35942 This update for glibc fixes the following issues: - CVE-2021-33574: Fixed use __pthread_attr_copy in mq_notify (bsc#1186489). - CVE-2021-35942: Fixed wordexp handle overflow in positional parameter number (bsc#1187911). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3310-1 Released: Wed Oct 6 18:12:41 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1134353,1184994,1188291,1188588,1188713,1189446,1189480 This update for systemd fixes the following issues: - Switch I/O scheduler from 'mq-deadline' to 'bfq' for rotating disks(HD's) (jsc#SLE-21032, bsc#1134353). - Multipath: Rules weren't applied to dm devices (bsc#1188713). - Ignore obsolete 'elevator' kernel parameter (bsc#1184994). - Remove kernel unsupported single-queue block I/O. - Make sure the versions of both udev and systemd packages are always the same (bsc#1189480). - Avoid error message when updating active udev on sockets restart (bsc#1188291). - Merge of v246.16, for a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/8d8f5fc31eece95644b299b784bbfb8f836d0108...f5c33d9f82d3d782d28938df9ff09484360c540d - Drop 1007-tmpfiles-follow-SUSE-policies.patch: Since most of the tmpfiles config files shipped by upstream are ignored (see previous commit 'Drop most of the tmpfiles that deal with generic paths'), this patch is no more relevant. Additional fixes: - core: make sure cgroup_oom_queue is flushed on manager exit. - cgroup: do 'catchup' for unit cgroup inotify watch files. - journalctl: never fail at flushing when the flushed flag is set (bsc#1188588). - manager: reexecute on SIGRTMIN+25, user instances only. - manager: fix HW watchdog when systemd starts before driver loaded (bsc#1189446). - pid1: watchdog modernizations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3411-1 Released: Wed Oct 13 10:42:25 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1191019 This update for lvm2 fixes the following issues: - Do not crash vgextend when extending VG with missing PV. (bsc#1191019) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3413-1 Released: Wed Oct 13 10:50:45 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: important References: 1189441,1189841,1190598 This update for suse-module-tools fixes the following issues: - Fixed an issue where the queuing of secure boot certificates did not happen (bsc#1189841, bsc#1190598) - Fixed an issue where initrd was not always rebuilding after installing any kernel-*-extra package (bsc#1189441) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3509-1 Released: Tue Oct 26 09:47:40 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: important References: 1191200,1191260,1191480,1191804,1191922 This update for suse-module-tools fixes the following issues: Update to version 15.3.13: - Fix bad exit status in openQA. (bsc#1191922) - Ignore kernel keyring for kernel certificates. (bsc#1191480) - Deal with existing certificates that should be de-enrolled. (bsc#1191804) - Don't pass existing files to weak-modules2. (bsc#1191200) - Skip certificate scriptlet on non-UEFI systems. (bsc#1191260) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3589-1 Released: Mon Nov 1 19:27:52 2021 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1191690 This update for apparmor fixes the following issues: - Fixed an issue when apparmor provides python2 and python3 libraries with the same name. (bsc#1191690) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3599-1 Released: Wed Nov 3 10:29:54 2021 Summary: Recommended update for postgresql, postgresql13, postgresql14 Type: recommended Severity: moderate References: This update for postgresql, postgresql13, postgresql14 fixes the following issues: This update ships postgresql14. (jsc#SLE-20675 jsc#SLE-20676) Feature changes in postgresql14: - https://www.postgresql.org/about/news/postgresql-14-released-2318/ - https://www.postgresql.org/docs/14/release-14.html Changes in postgresql13: - Stop building the mini and lib packages as they are now coming from postgresql14. Changes in postgresql: - Bump version to 14, leave default at 12. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3600-1 Released: Wed Nov 3 10:31:11 2021 Summary: Recommended update for postgresql Type: recommended Severity: moderate References: This update for postgresql fixes the following issues: - Bump version to 14, leave default at 13. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3663-1 Released: Mon Nov 15 19:14:32 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1191804 This update for suse-module-tools fixes the following issues: - Update to version 15.3.14: * more fixes for updates under secure boot * cert-script: Deal with existing $cert.delete file (bsc#1191804). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3759-1 Released: Mon Nov 22 09:40:19 2021 Summary: Security update for postgresql14 Type: security Severity: important References: 1191782,1192516,CVE-2021-23214,CVE-2021-23222 This update for postgresql14 fixes the following issues: - CVE-2021-23214: Make the server reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516). - CVE-2021-23222: Make libpq reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516). - Let rpmlint ignore shlib-policy-name-error (boo#1191782). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3792-1 Released: Wed Nov 24 06:12:09 2021 Summary: Recommended update for kmod Type: recommended Severity: moderate References: 1192104 This update for kmod fixes the following issues: - Enable ZSTD compression (bsc#1192104)(jsc#SLE-21256) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3808-1 Released: Fri Nov 26 00:30:54 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186071,1190440,1190984,1192161 This update for systemd fixes the following issues: - Add timestamp to D-Bus events to improve traceability (jsc#SLE-17798) - Fix fd_is_mount_point() when both the parent and directory are network file systems (bsc#1190984) - Support detection for ARM64 Hyper-V guests (bsc#1186071) - Fix systemd-detect-virt not detecting Amazon EC2 Nitro instance (bsc#1190440) - Enable support for Portable Services in openSUSE Leap only (jsc#SLE-21694) - Fix IO scheduler udev rules to address performance issues (jsc#SLE-21032, bsc#1192161) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3883-1 Released: Thu Dec 2 11:47:07 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Update timezone to 2021e (bsc#1177460) - Palestine will fall back 10-29 (not 10-30) at 01:00 - Fiji suspends DST for the 2021/2022 season - 'zic -r' marks unspecified timestamps with '-00' - Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers - Refresh timezone info for china ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3963-1 Released: Mon Dec 6 19:57:39 2021 Summary: Recommended update for system-users Type: recommended Severity: moderate References: 1190401 This update for system-users fixes the following issues: - system-user-tss.conf: Removed group entry because it's not needed and contained syntax errors (bsc#1190401) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3980-1 Released: Thu Dec 9 16:42:19 2021 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1191592 glibc was updated to fix the following issue: - Support for new IBM Z Hardware (bsc#1191592, jsc#IBM-869) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3985-1 Released: Fri Dec 10 06:08:24 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1187196 This update for suse-module-tools fixes the following issues: - Blacklist isst_if_mbox_msr driver because uses hardware information based on CPU family and model, which is too unspecific. On large systems, this causes a lot of failing loading attempts for this driver, leading to slow or even stalled boot (bsc#1187196) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4014-1 Released: Mon Dec 13 13:57:39 2021 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1191532,1191690 This update for apparmor fixes the following issues: Changes in apparmor: - Add a profile for 'samba-bgqd'. (bsc#1191532) - Fix 'Requires' of python3 module. (bsc#1191690) The following package changes have been done: - file-magic-5.32-7.11.2 added - libldap-data-2.4.46-9.56.1 added - system-user-root-20190513-3.3.1 added - filesystem-15.0-11.3.2 added - libtirpc-netconfig-1.2.6-1.131 added - glibc-2.31-7.30 added - libuuid1-2.36.2-2.29 added - libunistring2-0.9.10-1.1 added - libsmartcols1-2.36.2-2.29 added - libsasl2-3-2.1.27-2.2 added - libcrypt1-4.4.15-2.51 added - libblkid1-2.36.2-2.29 added - libaudit1-2.8.5-3.43 added - perl-base-5.26.1-15.87 added - libfdisk1-2.36.2-2.29 added - libsepol1-3.0-1.31 added - cracklib-dict-small-2.9.7-11.3.1 added - libopenssl1_1-1.1.1d-11.23.1 added - libnghttp2-14-1.40.0-6.1 added - libopenssl1_1-hmac-1.1.1d-11.23.1 added - liblz4-1-1.9.2-3.3.1 added - libcap-ng0-0.7.9-4.37 added - libzstd1-1.4.4-1.6.1 added - libz1-1.2.11-3.21.1 added - libpcre1-8.41-6.4.2 added - liblzma5-5.2.3-4.3.1 added - liblua5_3-5-5.3.6-3.6.1 added - libkeyutils1-1.5.10-5.3.1 added - libgmp10-6.1.2-4.6.1 added - libgcc_s1-10.3.0+git1587-1.6.4 added - libcom_err2-1.43.8-4.26.1 added - libcap2-2.26-4.6.1 added - libbz2-1-1.0.6-5.11.1 added - libidn2-0-2.2.0-3.6.1 added - libldap-2_4-2-2.4.46-9.56.1 added - libmagic1-5.32-7.11.2 added - libxml2-2-2.9.7-3.37.1 added - libstdc++6-10.3.0+git1587-1.6.4 added - libdw1-0.168-4.5.3 added - libncurses6-6.1-5.6.2 added - libebl-plugins-0.168-4.5.3 added - terminfo-base-6.1-5.6.2 added - libelf1-0.168-4.5.3 added - ncurses-utils-6.1-5.6.2 added - libverto1-0.2.6-3.20 added - libpopt0-1.16-3.22 added - libgpg-error0-1.29-1.8 added - libattr1-2.4.47-2.19 added - fillup-1.42-2.18 added - libzio1-1.06-2.20 added - libpsl5-0.20.1-1.20 added - libselinux1-3.0-1.31 added - libsemanage1-3.0-1.27 added - libreadline7-7.0-19.6.1 added - libudev1-246.13-7.8.1 added - bash-4.4-19.6.1 added - libgcrypt20-1.8.2-8.39.1 added - krb5-1.16.3-3.21.1 added - libgcrypt20-hmac-1.8.2-8.39.1 added - libssh4-0.8.7-10.12.1 added - libacl1-2.2.52-4.3.1 added - libmount1-2.36.2-2.29 added - findutils-4.8.0-1.20 added - login_defs-4.8.1-2.43 added - libtirpc3-1.2.6-1.131 added - coreutils-8.32-1.2 added - libcrack2-2.9.7-11.3.1 added - libcurl4-7.66.0-4.22.1 added - cracklib-2.9.7-11.3.1 added - info-6.5-4.17 added - libnsl2-1.2.0-2.44 added - libsystemd0-246.13-7.8.1 added - sles-release-15.3-55.4.1 added - patterns-base-fips-20200124-10.5.1 added - sed-4.4-11.6 added - grep-3.1-4.3.12 added - diffutils-3.6-4.3.1 added - cpio-2.12-3.9.1 added - rpm-config-SUSE-1-3.61 added - permissions-20181225-23.6.1 added - pam-1.3.0-6.38.1 added - shadow-4.8.1-2.43 added - sysuser-shadow-2.0-4.2.8 added - system-group-hardware-20170617-15.86 added - libutempter0-1.1.6-3.42 added - util-linux-2.36.2-2.29 added - aaa_base-84.87+git20180409.04c9dae-3.45.1 added - netcfg-11.6-1.11 added - glibc-locale-base-2.31-9.6.1 added - gzip-1.10-7.1 added - kbd-legacy-2.0.4-14.38 added - libapparmor1-2.13.6-3.8.1 added - libargon2-1-0.0+git20171227.670229c-2.14 added - libdbus-1-3-1.12.2-8.11.2 added - libdevmapper1_03-1.02.163-8.36.1 added - libexpat1-2.2.5-3.6.1 added - libicu65_1-ledata-65.1-4.2.1 added - libjson-c3-0.13-1.19 added - libkmod2-29-4.12.1 added - libpcre2-8-0-10.31-3.3.1 added - libpq5-14.1-5.6.1 added - libqrencode4-4.0.0-1.17 added - libseccomp2-2.4.1-3.3.1 added - pam-config-1.1-3.3.1 added - pkg-config-0.29.2-1.436 added - system-group-kvm-20170617-17.3.1 added - systemd-default-settings-branding-SLE-0.7-3.2.1 added - systemd-presets-common-SUSE-15-8.9.1 added - timezone-2021e-75.4.1 added - update-alternatives-1.19.0.4-2.48 added - glibc-locale-2.31-9.6.1 added - suse-module-tools-15.3.15-3.17.1 added - kbd-2.0.4-14.38 added - libcryptsetup12-2.3.4-1.34 added - systemd-default-settings-0.7-3.2.1 added - systemd-presets-branding-SLE-15.1-20.8.1 added - libicu-suse65_1-65.1-4.2.1 added - postgresql-14-10.6.2 added - dbus-1-1.12.2-8.11.2 added - kmod-29-4.12.1 added - libcryptsetup12-hmac-2.3.4-1.34 added - postgresql14-14.1-5.6.1 added - systemd-246.16-7.21.1 added - udev-246.16-7.21.1 added - postgresql-server-14-10.6.2 added - postgresql14-server-14.1-5.6.1 added - container:sles15-image-15.0.0-17.6.3 added From sle-updates at lists.suse.com Wed Dec 22 14:17:24 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Dec 2021 15:17:24 +0100 (CET) Subject: SUSE-RU-2021:4148-1: moderate: Recommended update for openssl-1_1 Message-ID: <20211222141724.A926BFC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for openssl-1_1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4148-1 Rating: moderate References: #1180995 SLE-18105 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that has one recommended fix and contains one feature can now be installed. Description: This update for openssl-1_1 fixes the following issues: This update syncs the FIPS 140-2 certified openssl-1_1 sources from SUSE Linux Enterprise 15 SP2 to this package. [jsc#SLE-18105] Note that while the sourcecode is now the same as the certified SUSE Linux Enterprise 15 SP2 openssl-1_1, it is a different binary on a different operating system, so it is not officially validated and certified. Additional fixes: - Add RFC3526 groups to 'openssl genpkey' so that it can output FIPS-appropriate parameters consistently with our other codestreams (bsc#1180995) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-4148=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-4148=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-4148=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-4148=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-4148=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-4148=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libopenssl1_1-1.1.1d-2.49.1 libopenssl1_1-32bit-1.1.1d-2.49.1 libopenssl1_1-debuginfo-1.1.1d-2.49.1 libopenssl1_1-debuginfo-32bit-1.1.1d-2.49.1 libopenssl1_1-hmac-1.1.1d-2.49.1 libopenssl1_1-hmac-32bit-1.1.1d-2.49.1 openssl-1_1-1.1.1d-2.49.1 openssl-1_1-debuginfo-1.1.1d-2.49.1 openssl-1_1-debugsource-1.1.1d-2.49.1 - SUSE OpenStack Cloud 9 (x86_64): libopenssl1_1-1.1.1d-2.49.1 libopenssl1_1-32bit-1.1.1d-2.49.1 libopenssl1_1-debuginfo-1.1.1d-2.49.1 libopenssl1_1-debuginfo-32bit-1.1.1d-2.49.1 libopenssl1_1-hmac-1.1.1d-2.49.1 libopenssl1_1-hmac-32bit-1.1.1d-2.49.1 openssl-1_1-1.1.1d-2.49.1 openssl-1_1-debuginfo-1.1.1d-2.49.1 openssl-1_1-debugsource-1.1.1d-2.49.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.1d-2.49.1 openssl-1_1-debuginfo-1.1.1d-2.49.1 openssl-1_1-debugsource-1.1.1d-2.49.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (s390x x86_64): libopenssl-1_1-devel-32bit-1.1.1d-2.49.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libopenssl1_1-1.1.1d-2.49.1 libopenssl1_1-debuginfo-1.1.1d-2.49.1 libopenssl1_1-hmac-1.1.1d-2.49.1 openssl-1_1-1.1.1d-2.49.1 openssl-1_1-debuginfo-1.1.1d-2.49.1 openssl-1_1-debugsource-1.1.1d-2.49.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libopenssl1_1-32bit-1.1.1d-2.49.1 libopenssl1_1-debuginfo-32bit-1.1.1d-2.49.1 libopenssl1_1-hmac-32bit-1.1.1d-2.49.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libopenssl1_1-1.1.1d-2.49.1 libopenssl1_1-debuginfo-1.1.1d-2.49.1 libopenssl1_1-hmac-1.1.1d-2.49.1 openssl-1_1-1.1.1d-2.49.1 openssl-1_1-debuginfo-1.1.1d-2.49.1 openssl-1_1-debugsource-1.1.1d-2.49.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libopenssl1_1-32bit-1.1.1d-2.49.1 libopenssl1_1-debuginfo-32bit-1.1.1d-2.49.1 libopenssl1_1-hmac-32bit-1.1.1d-2.49.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libopenssl1_1-1.1.1d-2.49.1 libopenssl1_1-debuginfo-1.1.1d-2.49.1 libopenssl1_1-hmac-1.1.1d-2.49.1 openssl-1_1-1.1.1d-2.49.1 openssl-1_1-debuginfo-1.1.1d-2.49.1 openssl-1_1-debugsource-1.1.1d-2.49.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libopenssl1_1-32bit-1.1.1d-2.49.1 libopenssl1_1-debuginfo-32bit-1.1.1d-2.49.1 libopenssl1_1-hmac-32bit-1.1.1d-2.49.1 References: https://bugzilla.suse.com/1180995 From sle-updates at lists.suse.com Wed Dec 22 14:18:43 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Dec 2021 15:18:43 +0100 (CET) Subject: SUSE-RU-2021:4157-1: moderate: Recommended update for grub2 Message-ID: <20211222141843.1DE24FC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4157-1 Rating: moderate References: #1071559 #1177751 #1189769 #1189874 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for grub2 fixes the following issues: - Fixed an issue when 'lvmid' disk cannot be found after second disk added to the root volume group. (bsc#1189874, bsc#1071559) - Fix for an error when '/boot/grub2/locale/POSIX.gmo' not found. (bsc#1189769) - Fix 'powerpc-ieee1275 lpar' takes long time to boot with increasing number of nvme namespace. (bsc#1177751) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-4157=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-4157=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-4157=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-4157=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-4157=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-4157=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): grub2-snapper-plugin-2.02-129.2 grub2-systemd-sleep-plugin-2.02-129.2 - SUSE OpenStack Cloud Crowbar 8 (x86_64): grub2-2.02-129.2 grub2-debuginfo-2.02-129.2 grub2-debugsource-2.02-129.2 grub2-i386-pc-2.02-129.2 grub2-x86_64-efi-2.02-129.2 grub2-x86_64-xen-2.02-129.2 - SUSE OpenStack Cloud 8 (x86_64): grub2-2.02-129.2 grub2-debuginfo-2.02-129.2 grub2-debugsource-2.02-129.2 grub2-i386-pc-2.02-129.2 grub2-x86_64-efi-2.02-129.2 grub2-x86_64-xen-2.02-129.2 - SUSE OpenStack Cloud 8 (noarch): grub2-snapper-plugin-2.02-129.2 grub2-systemd-sleep-plugin-2.02-129.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): grub2-2.02-129.2 grub2-debuginfo-2.02-129.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le): grub2-powerpc-ieee1275-2.02-129.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): grub2-debugsource-2.02-129.2 grub2-i386-pc-2.02-129.2 grub2-x86_64-efi-2.02-129.2 grub2-x86_64-xen-2.02-129.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): grub2-snapper-plugin-2.02-129.2 grub2-systemd-sleep-plugin-2.02-129.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): grub2-2.02-129.2 grub2-debuginfo-2.02-129.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 s390x x86_64): grub2-debugsource-2.02-129.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64): grub2-arm64-efi-2.02-129.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le): grub2-powerpc-ieee1275-2.02-129.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): grub2-i386-pc-2.02-129.2 grub2-x86_64-efi-2.02-129.2 grub2-x86_64-xen-2.02-129.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): grub2-snapper-plugin-2.02-129.2 grub2-systemd-sleep-plugin-2.02-129.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x): grub2-s390x-emu-2.02-129.2 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): grub2-snapper-plugin-2.02-129.2 grub2-systemd-sleep-plugin-2.02-129.2 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): grub2-2.02-129.2 grub2-debuginfo-2.02-129.2 grub2-debugsource-2.02-129.2 grub2-i386-pc-2.02-129.2 grub2-x86_64-efi-2.02-129.2 grub2-x86_64-xen-2.02-129.2 - HPE Helion Openstack 8 (x86_64): grub2-2.02-129.2 grub2-debuginfo-2.02-129.2 grub2-debugsource-2.02-129.2 grub2-i386-pc-2.02-129.2 grub2-x86_64-efi-2.02-129.2 grub2-x86_64-xen-2.02-129.2 - HPE Helion Openstack 8 (noarch): grub2-snapper-plugin-2.02-129.2 grub2-systemd-sleep-plugin-2.02-129.2 References: https://bugzilla.suse.com/1071559 https://bugzilla.suse.com/1177751 https://bugzilla.suse.com/1189769 https://bugzilla.suse.com/1189874 From sle-updates at lists.suse.com Wed Dec 22 14:20:19 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Dec 2021 15:20:19 +0100 (CET) Subject: SUSE-SU-2021:4155-1: important: Security update for libqt4 Message-ID: <20211222142019.402D0FC9F@maintenance.suse.de> SUSE Security Update: Security update for libqt4 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:4155-1 Rating: important References: #1176315 #1184783 Cross-References: CVE-2020-17507 CVE-2021-3481 CVSS scores: CVE-2020-17507 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2020-17507 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-3481 (SUSE): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for libqt4 fixes the following issues: - CVE-2021-3481: Fixed out of bounds read in QRadialFetchSimd() from crafted svg file (bsc#1184783). - CVE-2020-17507: Fixed buffer over-read in read_xbm_body() (bsc#1176315). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2021-4155=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-4155=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-4155=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): libqt4-debuginfo-32bit-4.8.7-8.16.1 libqt4-debugsource-4.8.7-8.16.1 libqt4-sql-mysql-32bit-4.8.7-8.16.1 libqt4-sql-mysql-debuginfo-32bit-4.8.7-8.16.1 libqt4-sql-plugins-debugsource-4.8.7-8.16.1 libqt4-sql-postgresql-32bit-4.8.7-8.16.1 libqt4-sql-postgresql-4.8.7-8.16.1 libqt4-sql-postgresql-debuginfo-32bit-4.8.7-8.16.1 libqt4-sql-postgresql-debuginfo-4.8.7-8.16.1 libqt4-sql-sqlite-32bit-4.8.7-8.16.1 libqt4-sql-sqlite-debuginfo-32bit-4.8.7-8.16.1 libqt4-sql-unixODBC-32bit-4.8.7-8.16.1 libqt4-sql-unixODBC-4.8.7-8.16.1 libqt4-sql-unixODBC-debuginfo-32bit-4.8.7-8.16.1 libqt4-sql-unixODBC-debuginfo-4.8.7-8.16.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libqt4-debuginfo-4.8.7-8.16.1 libqt4-debugsource-4.8.7-8.16.1 libqt4-devel-4.8.7-8.16.1 libqt4-devel-debuginfo-4.8.7-8.16.1 libqt4-devel-doc-4.8.7-8.16.2 libqt4-devel-doc-debuginfo-4.8.7-8.16.2 libqt4-devel-doc-debugsource-4.8.7-8.16.2 libqt4-linguist-4.8.7-8.16.1 libqt4-linguist-debuginfo-4.8.7-8.16.1 libqt4-private-headers-devel-4.8.7-8.16.1 libqt4-sql-plugins-debugsource-4.8.7-8.16.1 libqt4-sql-postgresql-4.8.7-8.16.1 libqt4-sql-postgresql-debuginfo-4.8.7-8.16.1 libqt4-sql-unixODBC-4.8.7-8.16.1 libqt4-sql-unixODBC-debuginfo-4.8.7-8.16.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (s390x x86_64): libqt4-sql-postgresql-32bit-4.8.7-8.16.1 libqt4-sql-postgresql-debuginfo-32bit-4.8.7-8.16.1 libqt4-sql-unixODBC-32bit-4.8.7-8.16.1 libqt4-sql-unixODBC-debuginfo-32bit-4.8.7-8.16.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): libqt4-devel-doc-data-4.8.7-8.16.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libqt4-4.8.7-8.16.1 libqt4-debuginfo-4.8.7-8.16.1 libqt4-debugsource-4.8.7-8.16.1 libqt4-devel-doc-debuginfo-4.8.7-8.16.2 libqt4-devel-doc-debugsource-4.8.7-8.16.2 libqt4-qt3support-4.8.7-8.16.1 libqt4-qt3support-debuginfo-4.8.7-8.16.1 libqt4-sql-4.8.7-8.16.1 libqt4-sql-debuginfo-4.8.7-8.16.1 libqt4-sql-mysql-4.8.7-8.16.1 libqt4-sql-mysql-debuginfo-4.8.7-8.16.1 libqt4-sql-plugins-debugsource-4.8.7-8.16.1 libqt4-sql-sqlite-4.8.7-8.16.1 libqt4-sql-sqlite-debuginfo-4.8.7-8.16.1 libqt4-x11-4.8.7-8.16.1 libqt4-x11-debuginfo-4.8.7-8.16.1 qt4-x11-tools-4.8.7-8.16.2 qt4-x11-tools-debuginfo-4.8.7-8.16.2 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libqt4-32bit-4.8.7-8.16.1 libqt4-debuginfo-32bit-4.8.7-8.16.1 libqt4-qt3support-32bit-4.8.7-8.16.1 libqt4-qt3support-debuginfo-32bit-4.8.7-8.16.1 libqt4-sql-32bit-4.8.7-8.16.1 libqt4-sql-debuginfo-32bit-4.8.7-8.16.1 libqt4-x11-32bit-4.8.7-8.16.1 libqt4-x11-debuginfo-32bit-4.8.7-8.16.1 References: https://www.suse.com/security/cve/CVE-2020-17507.html https://www.suse.com/security/cve/CVE-2021-3481.html https://bugzilla.suse.com/1176315 https://bugzilla.suse.com/1184783 From sle-updates at lists.suse.com Wed Dec 22 14:21:39 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Dec 2021 15:21:39 +0100 (CET) Subject: SUSE-RU-2021:4158-1: important: Recommended update for python3-ec2imgutils Message-ID: <20211222142139.50ED6FC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for python3-ec2imgutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4158-1 Rating: important References: #1189649 #1190538 #1192298 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for python3-ec2imgutils fixes the following issues: - Update to version 9.0.4 (bsc#1192298) - Set a time out for the ssh connection to avoid hang in a multi threaded environment - Update to version 9.0.3 (bsc#1190538) - Support setting the boot mode for EC2 images, either to legacy-bios or uefi. Argument is optional, without it instance will use the default boot mode for the given instance type. - Update to version 9.0.2 (bsc#1189649) - In addition to tagging images in AWS also set them to deprecated in EC2. This allows the framework to hide the images from new users when images are no longer supposed to be used. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2021-4158=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2021-4158=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch): python3-ec2imgutils-9.0.4-6.4.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): python3-ec2imgutils-9.0.4-6.4.1 References: https://bugzilla.suse.com/1189649 https://bugzilla.suse.com/1190538 https://bugzilla.suse.com/1192298 From sle-updates at lists.suse.com Wed Dec 22 14:24:22 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Dec 2021 15:24:22 +0100 (CET) Subject: SUSE-SU-2021:4150-1: important: Security update for MozillaThunderbird Message-ID: <20211222142422.77721FC9F@maintenance.suse.de> SUSE Security Update: Security update for MozillaThunderbird ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:4150-1 Rating: important References: #1182863 #1189547 #1190244 #1190269 #1191332 #1192250 #1193485 Cross-References: CVE-2021-29981 CVE-2021-29982 CVE-2021-29987 CVE-2021-29991 CVE-2021-32810 CVE-2021-38492 CVE-2021-38493 CVE-2021-38495 CVE-2021-38496 CVE-2021-38497 CVE-2021-38498 CVE-2021-38500 CVE-2021-38501 CVE-2021-38502 CVE-2021-38503 CVE-2021-38504 CVE-2021-38505 CVE-2021-38506 CVE-2021-38507 CVE-2021-38508 CVE-2021-38509 CVE-2021-38510 CVE-2021-40529 CVE-2021-43528 CVE-2021-43536 CVE-2021-43537 CVE-2021-43538 CVE-2021-43539 CVE-2021-43541 CVE-2021-43542 CVE-2021-43543 CVE-2021-43545 CVE-2021-43546 CVSS scores: CVE-2021-29991 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2021-32810 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-32810 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-38492 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-38493 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-38497 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-38498 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-38501 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-38507 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-38509 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2021-43536 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2021-43537 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-43538 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2021-43539 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-43541 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-43542 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2021-43543 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-43545 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP2 ______________________________________________________________________________ An update that fixes 33 vulnerabilities is now available. Description: This update for MozillaThunderbird fixes the following issues: - Update to version 91.4 MFSA 2021-54 (bsc#1193485) - CVE-2021-43536: URL leakage when navigating while executing asynchronous function - CVE-2021-43537: Heap buffer overflow when using structured clone - CVE-2021-43538: Missing fullscreen and pointer lock notification when requesting both - CVE-2021-43539: GC rooting failure when calling wasm instance methods - CVE-2021-43541: External protocol handler parameters were unescaped - CVE-2021-43542: XMLHttpRequest error codes could have leaked the existence of an external protocol handler - CVE-2021-43543: Bypass of CSP sandbox directive when embedding - CVE-2021-43545: Denial of Service when using the Location API in a loop - CVE-2021-43546: Cursor spoofing could overlay user interface when native cursor is zoomed - CVE-2021-43528: JavaScript unexpectedly enabled for the composition area - Update to version 91.3.2 - CVE-2021-40529: Fixed ElGamal implementation could allow plaintext recovery (bsc#1190244) - Update to version 91.3 MFSA 2021-50 (bsc#1192250) - CVE-2021-38503: Fixed iframe sandbox rules did not apply to XSLT stylesheets - CVE-2021-38504: Fixed use-after-free in file picker dialog - CVE-2021-38505: Fixed Windows 10 Cloud Clipboard may have recorded sensitive user data - CVE-2021-38506: Fixed Thunderbird could be coaxed into going into fullscreen mode without notification or warning - CVE-2021-38507: Fixed opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports - CVE-2021-38508: Fixed permission Prompt could be overlaid, resulting in user confusion and potential spoofing - CVE-2021-38509: Fixed Javascript alert box could have been spoofed onto an arbitrary domain - CVE-2021-38510: Fixed Download Protections were bypassed by .inetloc files on Mac OS - Fixed plain text reformatting regression (bsc#1182863) - Update to version 91.2 MFSA 2021-47 (bsc#1191332) - CVE-2021-29981: Live range splitting could have led to conflicting assignments in the JIT - CVE-2021-29982: Single bit data leak due to incorrect JIT optimization and type confusion - CVE-2021-29987: Users could have been tricked into accepting unwanted permissions on Linux - CVE-2021-32810: Data race in crossbeam-deque - CVE-2021-38493: Memory safety bugs fixed in Thunderbird 78.14 and Thunderbird 91.1 - CVE-2021-38496: Use-after-free in MessageTask - CVE-2021-38497: Validation message could have been overlaid on another origin - CVE-2021-38498: Use-after-free of nsLanguageAtomService object - CVE-2021-38500: Memory safety bugs fixed in Thunderbird 91.2 - CVE-2021-38501: Memory safety bugs fixed in Thunderbird 91.2 - CVE-2021-38502: Downgrade attack on SMTP STARTTLS connections - Update to version 91.1.0 MFSA 2021-41 (bsc#1190269) - CVE-2021-38492: Navigating to `mk:` URL scheme could load Internet Explorer - CVE-2021-38495: Memory safety bugs fixed in Thunderbird 91.1 - Update to version 91.0.1 MFSA 2021-37 (bsc#1189547) - CVE-2021-29991: Header Splitting possible with HTTP/3 Responses Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2021-4150=1 - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2021-4150=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): MozillaThunderbird-91.4.0-8.45.2 MozillaThunderbird-debuginfo-91.4.0-8.45.2 MozillaThunderbird-debugsource-91.4.0-8.45.2 MozillaThunderbird-translations-common-91.4.0-8.45.2 MozillaThunderbird-translations-other-91.4.0-8.45.2 - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): MozillaThunderbird-91.4.0-8.45.2 MozillaThunderbird-debuginfo-91.4.0-8.45.2 MozillaThunderbird-debugsource-91.4.0-8.45.2 MozillaThunderbird-translations-common-91.4.0-8.45.2 MozillaThunderbird-translations-other-91.4.0-8.45.2 References: https://www.suse.com/security/cve/CVE-2021-29981.html https://www.suse.com/security/cve/CVE-2021-29982.html https://www.suse.com/security/cve/CVE-2021-29987.html https://www.suse.com/security/cve/CVE-2021-29991.html https://www.suse.com/security/cve/CVE-2021-32810.html https://www.suse.com/security/cve/CVE-2021-38492.html https://www.suse.com/security/cve/CVE-2021-38493.html https://www.suse.com/security/cve/CVE-2021-38495.html https://www.suse.com/security/cve/CVE-2021-38496.html https://www.suse.com/security/cve/CVE-2021-38497.html https://www.suse.com/security/cve/CVE-2021-38498.html https://www.suse.com/security/cve/CVE-2021-38500.html https://www.suse.com/security/cve/CVE-2021-38501.html https://www.suse.com/security/cve/CVE-2021-38502.html https://www.suse.com/security/cve/CVE-2021-38503.html https://www.suse.com/security/cve/CVE-2021-38504.html https://www.suse.com/security/cve/CVE-2021-38505.html https://www.suse.com/security/cve/CVE-2021-38506.html https://www.suse.com/security/cve/CVE-2021-38507.html https://www.suse.com/security/cve/CVE-2021-38508.html https://www.suse.com/security/cve/CVE-2021-38509.html https://www.suse.com/security/cve/CVE-2021-38510.html https://www.suse.com/security/cve/CVE-2021-40529.html https://www.suse.com/security/cve/CVE-2021-43528.html https://www.suse.com/security/cve/CVE-2021-43536.html https://www.suse.com/security/cve/CVE-2021-43537.html https://www.suse.com/security/cve/CVE-2021-43538.html https://www.suse.com/security/cve/CVE-2021-43539.html https://www.suse.com/security/cve/CVE-2021-43541.html https://www.suse.com/security/cve/CVE-2021-43542.html https://www.suse.com/security/cve/CVE-2021-43543.html https://www.suse.com/security/cve/CVE-2021-43545.html https://www.suse.com/security/cve/CVE-2021-43546.html https://bugzilla.suse.com/1182863 https://bugzilla.suse.com/1189547 https://bugzilla.suse.com/1190244 https://bugzilla.suse.com/1190269 https://bugzilla.suse.com/1191332 https://bugzilla.suse.com/1192250 https://bugzilla.suse.com/1193485 From sle-updates at lists.suse.com Wed Dec 22 14:29:02 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Dec 2021 15:29:02 +0100 (CET) Subject: SUSE-RU-2021:4149-1: important: Recommended update for samba Message-ID: <20211222142902.786A7FC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for samba ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4149-1 Rating: important References: #1192849 Affected Products: SUSE Linux Enterprise Module for Python2 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise High Availability 15-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for samba fixes the following issues: The username map advice from the CVE-2020-25717 advisory note has undesired side effects for the local nt token. Fallback to a SID/UID based mapping if the name based lookup fails (bsc#1192849). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Python2 15-SP3: zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2021-4149=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-4149=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2021-4149=1 Package List: - SUSE Linux Enterprise Module for Python2 15-SP3 (aarch64 ppc64le s390x x86_64): samba-ad-dc-4.13.13+git.539.fdbc44a8598-3.20.2 samba-ad-dc-debuginfo-4.13.13+git.539.fdbc44a8598-3.20.2 samba-debuginfo-4.13.13+git.539.fdbc44a8598-3.20.2 samba-debugsource-4.13.13+git.539.fdbc44a8598-3.20.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.13.13+git.539.fdbc44a8598-3.20.2 libdcerpc-binding0-debuginfo-4.13.13+git.539.fdbc44a8598-3.20.2 libdcerpc-devel-4.13.13+git.539.fdbc44a8598-3.20.2 libdcerpc-samr-devel-4.13.13+git.539.fdbc44a8598-3.20.2 libdcerpc-samr0-4.13.13+git.539.fdbc44a8598-3.20.2 libdcerpc-samr0-debuginfo-4.13.13+git.539.fdbc44a8598-3.20.2 libdcerpc0-4.13.13+git.539.fdbc44a8598-3.20.2 libdcerpc0-debuginfo-4.13.13+git.539.fdbc44a8598-3.20.2 libndr-devel-4.13.13+git.539.fdbc44a8598-3.20.2 libndr-krb5pac-devel-4.13.13+git.539.fdbc44a8598-3.20.2 libndr-krb5pac0-4.13.13+git.539.fdbc44a8598-3.20.2 libndr-krb5pac0-debuginfo-4.13.13+git.539.fdbc44a8598-3.20.2 libndr-nbt-devel-4.13.13+git.539.fdbc44a8598-3.20.2 libndr-nbt0-4.13.13+git.539.fdbc44a8598-3.20.2 libndr-nbt0-debuginfo-4.13.13+git.539.fdbc44a8598-3.20.2 libndr-standard-devel-4.13.13+git.539.fdbc44a8598-3.20.2 libndr-standard0-4.13.13+git.539.fdbc44a8598-3.20.2 libndr-standard0-debuginfo-4.13.13+git.539.fdbc44a8598-3.20.2 libndr1-4.13.13+git.539.fdbc44a8598-3.20.2 libndr1-debuginfo-4.13.13+git.539.fdbc44a8598-3.20.2 libnetapi-devel-4.13.13+git.539.fdbc44a8598-3.20.2 libnetapi0-4.13.13+git.539.fdbc44a8598-3.20.2 libnetapi0-debuginfo-4.13.13+git.539.fdbc44a8598-3.20.2 libsamba-credentials-devel-4.13.13+git.539.fdbc44a8598-3.20.2 libsamba-credentials0-4.13.13+git.539.fdbc44a8598-3.20.2 libsamba-credentials0-debuginfo-4.13.13+git.539.fdbc44a8598-3.20.2 libsamba-errors-devel-4.13.13+git.539.fdbc44a8598-3.20.2 libsamba-errors0-4.13.13+git.539.fdbc44a8598-3.20.2 libsamba-errors0-debuginfo-4.13.13+git.539.fdbc44a8598-3.20.2 libsamba-hostconfig-devel-4.13.13+git.539.fdbc44a8598-3.20.2 libsamba-hostconfig0-4.13.13+git.539.fdbc44a8598-3.20.2 libsamba-hostconfig0-debuginfo-4.13.13+git.539.fdbc44a8598-3.20.2 libsamba-passdb-devel-4.13.13+git.539.fdbc44a8598-3.20.2 libsamba-passdb0-4.13.13+git.539.fdbc44a8598-3.20.2 libsamba-passdb0-debuginfo-4.13.13+git.539.fdbc44a8598-3.20.2 libsamba-policy-devel-4.13.13+git.539.fdbc44a8598-3.20.2 libsamba-policy-python3-devel-4.13.13+git.539.fdbc44a8598-3.20.2 libsamba-policy0-python3-4.13.13+git.539.fdbc44a8598-3.20.2 libsamba-policy0-python3-debuginfo-4.13.13+git.539.fdbc44a8598-3.20.2 libsamba-util-devel-4.13.13+git.539.fdbc44a8598-3.20.2 libsamba-util0-4.13.13+git.539.fdbc44a8598-3.20.2 libsamba-util0-debuginfo-4.13.13+git.539.fdbc44a8598-3.20.2 libsamdb-devel-4.13.13+git.539.fdbc44a8598-3.20.2 libsamdb0-4.13.13+git.539.fdbc44a8598-3.20.2 libsamdb0-debuginfo-4.13.13+git.539.fdbc44a8598-3.20.2 libsmbclient-devel-4.13.13+git.539.fdbc44a8598-3.20.2 libsmbclient0-4.13.13+git.539.fdbc44a8598-3.20.2 libsmbclient0-debuginfo-4.13.13+git.539.fdbc44a8598-3.20.2 libsmbconf-devel-4.13.13+git.539.fdbc44a8598-3.20.2 libsmbconf0-4.13.13+git.539.fdbc44a8598-3.20.2 libsmbconf0-debuginfo-4.13.13+git.539.fdbc44a8598-3.20.2 libsmbldap-devel-4.13.13+git.539.fdbc44a8598-3.20.2 libsmbldap2-4.13.13+git.539.fdbc44a8598-3.20.2 libsmbldap2-debuginfo-4.13.13+git.539.fdbc44a8598-3.20.2 libtevent-util-devel-4.13.13+git.539.fdbc44a8598-3.20.2 libtevent-util0-4.13.13+git.539.fdbc44a8598-3.20.2 libtevent-util0-debuginfo-4.13.13+git.539.fdbc44a8598-3.20.2 libwbclient-devel-4.13.13+git.539.fdbc44a8598-3.20.2 libwbclient0-4.13.13+git.539.fdbc44a8598-3.20.2 libwbclient0-debuginfo-4.13.13+git.539.fdbc44a8598-3.20.2 samba-4.13.13+git.539.fdbc44a8598-3.20.2 samba-client-4.13.13+git.539.fdbc44a8598-3.20.2 samba-client-debuginfo-4.13.13+git.539.fdbc44a8598-3.20.2 samba-core-devel-4.13.13+git.539.fdbc44a8598-3.20.2 samba-debuginfo-4.13.13+git.539.fdbc44a8598-3.20.2 samba-debugsource-4.13.13+git.539.fdbc44a8598-3.20.2 samba-dsdb-modules-4.13.13+git.539.fdbc44a8598-3.20.2 samba-dsdb-modules-debuginfo-4.13.13+git.539.fdbc44a8598-3.20.2 samba-gpupdate-4.13.13+git.539.fdbc44a8598-3.20.2 samba-ldb-ldap-4.13.13+git.539.fdbc44a8598-3.20.2 samba-ldb-ldap-debuginfo-4.13.13+git.539.fdbc44a8598-3.20.2 samba-libs-4.13.13+git.539.fdbc44a8598-3.20.2 samba-libs-debuginfo-4.13.13+git.539.fdbc44a8598-3.20.2 samba-libs-python3-4.13.13+git.539.fdbc44a8598-3.20.2 samba-libs-python3-debuginfo-4.13.13+git.539.fdbc44a8598-3.20.2 samba-python3-4.13.13+git.539.fdbc44a8598-3.20.2 samba-python3-debuginfo-4.13.13+git.539.fdbc44a8598-3.20.2 samba-winbind-4.13.13+git.539.fdbc44a8598-3.20.2 samba-winbind-debuginfo-4.13.13+git.539.fdbc44a8598-3.20.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 x86_64): samba-ceph-4.13.13+git.539.fdbc44a8598-3.20.2 samba-ceph-debuginfo-4.13.13+git.539.fdbc44a8598-3.20.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libdcerpc-binding0-32bit-4.13.13+git.539.fdbc44a8598-3.20.2 libdcerpc-binding0-32bit-debuginfo-4.13.13+git.539.fdbc44a8598-3.20.2 libdcerpc0-32bit-4.13.13+git.539.fdbc44a8598-3.20.2 libdcerpc0-32bit-debuginfo-4.13.13+git.539.fdbc44a8598-3.20.2 libndr-krb5pac0-32bit-4.13.13+git.539.fdbc44a8598-3.20.2 libndr-krb5pac0-32bit-debuginfo-4.13.13+git.539.fdbc44a8598-3.20.2 libndr-nbt0-32bit-4.13.13+git.539.fdbc44a8598-3.20.2 libndr-nbt0-32bit-debuginfo-4.13.13+git.539.fdbc44a8598-3.20.2 libndr-standard0-32bit-4.13.13+git.539.fdbc44a8598-3.20.2 libndr-standard0-32bit-debuginfo-4.13.13+git.539.fdbc44a8598-3.20.2 libndr1-32bit-4.13.13+git.539.fdbc44a8598-3.20.2 libndr1-32bit-debuginfo-4.13.13+git.539.fdbc44a8598-3.20.2 libnetapi0-32bit-4.13.13+git.539.fdbc44a8598-3.20.2 libnetapi0-32bit-debuginfo-4.13.13+git.539.fdbc44a8598-3.20.2 libsamba-credentials0-32bit-4.13.13+git.539.fdbc44a8598-3.20.2 libsamba-credentials0-32bit-debuginfo-4.13.13+git.539.fdbc44a8598-3.20.2 libsamba-errors0-32bit-4.13.13+git.539.fdbc44a8598-3.20.2 libsamba-errors0-32bit-debuginfo-4.13.13+git.539.fdbc44a8598-3.20.2 libsamba-hostconfig0-32bit-4.13.13+git.539.fdbc44a8598-3.20.2 libsamba-hostconfig0-32bit-debuginfo-4.13.13+git.539.fdbc44a8598-3.20.2 libsamba-passdb0-32bit-4.13.13+git.539.fdbc44a8598-3.20.2 libsamba-passdb0-32bit-debuginfo-4.13.13+git.539.fdbc44a8598-3.20.2 libsamba-util0-32bit-4.13.13+git.539.fdbc44a8598-3.20.2 libsamba-util0-32bit-debuginfo-4.13.13+git.539.fdbc44a8598-3.20.2 libsamdb0-32bit-4.13.13+git.539.fdbc44a8598-3.20.2 libsamdb0-32bit-debuginfo-4.13.13+git.539.fdbc44a8598-3.20.2 libsmbconf0-32bit-4.13.13+git.539.fdbc44a8598-3.20.2 libsmbconf0-32bit-debuginfo-4.13.13+git.539.fdbc44a8598-3.20.2 libsmbldap2-32bit-4.13.13+git.539.fdbc44a8598-3.20.2 libsmbldap2-32bit-debuginfo-4.13.13+git.539.fdbc44a8598-3.20.2 libtevent-util0-32bit-4.13.13+git.539.fdbc44a8598-3.20.2 libtevent-util0-32bit-debuginfo-4.13.13+git.539.fdbc44a8598-3.20.2 libwbclient0-32bit-4.13.13+git.539.fdbc44a8598-3.20.2 libwbclient0-32bit-debuginfo-4.13.13+git.539.fdbc44a8598-3.20.2 samba-libs-32bit-4.13.13+git.539.fdbc44a8598-3.20.2 samba-libs-32bit-debuginfo-4.13.13+git.539.fdbc44a8598-3.20.2 samba-winbind-32bit-4.13.13+git.539.fdbc44a8598-3.20.2 samba-winbind-32bit-debuginfo-4.13.13+git.539.fdbc44a8598-3.20.2 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): ctdb-4.13.13+git.539.fdbc44a8598-3.20.2 ctdb-debuginfo-4.13.13+git.539.fdbc44a8598-3.20.2 samba-debuginfo-4.13.13+git.539.fdbc44a8598-3.20.2 samba-debugsource-4.13.13+git.539.fdbc44a8598-3.20.2 References: https://www.suse.com/security/cve/CVE-2020-25717.html https://bugzilla.suse.com/1192849 From sle-updates at lists.suse.com Wed Dec 22 14:31:31 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Dec 2021 15:31:31 +0100 (CET) Subject: SUSE-SU-2021:4153-1: important: Security update for openssh Message-ID: <20211222143131.F2B5CFC9F@maintenance.suse.de> SUSE Security Update: Security update for openssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:4153-1 Rating: important References: #1183137 Cross-References: CVE-2021-28041 CVSS scores: CVE-2021-28041 (NVD) : 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2021-28041 (SUSE): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE MicroOS 5.1 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssh fixes the following issues: - CVE-2021-28041: Fixed double free in ssh-agent (bsc#1183137). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-4153=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-4153=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-4153=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-4153=1 Package List: - SUSE MicroOS 5.1 (aarch64 s390x x86_64): openssh-8.4p1-3.9.1 openssh-clients-8.4p1-3.9.1 openssh-clients-debuginfo-8.4p1-3.9.1 openssh-common-8.4p1-3.9.1 openssh-common-debuginfo-8.4p1-3.9.1 openssh-debuginfo-8.4p1-3.9.1 openssh-debugsource-8.4p1-3.9.1 openssh-fips-8.4p1-3.9.1 openssh-server-8.4p1-3.9.1 openssh-server-debuginfo-8.4p1-3.9.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): openssh-debuginfo-8.4p1-3.9.1 openssh-debugsource-8.4p1-3.9.1 openssh-fips-8.4p1-3.9.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): openssh-askpass-gnome-8.4p1-3.9.1 openssh-askpass-gnome-debuginfo-8.4p1-3.9.1 openssh-askpass-gnome-debugsource-8.4p1-3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): openssh-8.4p1-3.9.1 openssh-clients-8.4p1-3.9.1 openssh-clients-debuginfo-8.4p1-3.9.1 openssh-common-8.4p1-3.9.1 openssh-common-debuginfo-8.4p1-3.9.1 openssh-debuginfo-8.4p1-3.9.1 openssh-debugsource-8.4p1-3.9.1 openssh-fips-8.4p1-3.9.1 openssh-helpers-8.4p1-3.9.1 openssh-helpers-debuginfo-8.4p1-3.9.1 openssh-server-8.4p1-3.9.1 openssh-server-debuginfo-8.4p1-3.9.1 References: https://www.suse.com/security/cve/CVE-2021-28041.html https://bugzilla.suse.com/1183137 From sle-updates at lists.suse.com Wed Dec 22 14:32:47 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Dec 2021 15:32:47 +0100 (CET) Subject: SUSE-SU-2021:4152-1: important: Security update for ansible Message-ID: <20211222143247.7EC9AFC9F@maintenance.suse.de> SUSE Security Update: Security update for ansible ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:4152-1 Rating: important References: #1176460 #1187725 #1188061 Cross-References: CVE-2021-3583 CVE-2021-3620 CVSS scores: CVE-2021-3583 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N CVE-2021-3620 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for ansible fixes the following issues: Update to 2.9.27: - CVE-2021-3620: ansible-connection module discloses sensitive info in traceback error message (bsc#1187725). - CVE-2021-3583: Template Injection through yaml multi-line strings with ansible facts used in template (bsc#1188061). - ansible module nmcli is broken in ansible 2.9.13 (bsc#1176460) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-4152=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-4152=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-4152=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): ansible-2.9.27-3.21.1 - SUSE OpenStack Cloud 8 (x86_64): ansible-2.9.27-3.21.1 - HPE Helion Openstack 8 (x86_64): ansible-2.9.27-3.21.1 References: https://www.suse.com/security/cve/CVE-2021-3583.html https://www.suse.com/security/cve/CVE-2021-3620.html https://bugzilla.suse.com/1176460 https://bugzilla.suse.com/1187725 https://bugzilla.suse.com/1188061 From sle-updates at lists.suse.com Wed Dec 22 14:34:14 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Dec 2021 15:34:14 +0100 (CET) Subject: SUSE-SU-2021:4147-1: moderate: Security update for chrony Message-ID: <20211222143414.A7B76FC9F@maintenance.suse.de> SUSE Security Update: Security update for chrony ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:4147-1 Rating: moderate References: #1063704 #1069468 #1082318 #1083597 #1099272 #1115529 #1128846 #1156884 #1159840 #1161119 #1162964 #1171806 #1172113 #1173277 #1173760 #1174075 #1174911 #1180689 #1181826 #1183783 #1184400 #1187906 #1190926 SLE-11424 SLE-22248 SLE-22292 Cross-References: CVE-2020-14367 CVSS scores: CVE-2020-14367 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H CVE-2020-14367 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves one vulnerability, contains three features and has 22 fixes is now available. Description: This update for chrony fixes the following issues: Chrony was updated to 4.1: * Add support for NTS servers specified by IP address (matching Subject Alternative Name in server certificate) * Add source-specific configuration of trusted certificates * Allow multiple files and directories with trusted certificates * Allow multiple pairs of server keys and certificates * Add copy option to server/pool directive * Increase PPS lock limit to 40% of pulse interval * Perform source selection immediately after loading dump files * Reload dump files for addresses negotiated by NTS-KE server * Update seccomp filter and add less restrictive level * Restart ongoing name resolution on online command * Fix dump files to not include uncorrected offset * Fix initstepslew to accept time from own NTP clients * Reset NTP address and port when no longer negotiated by NTS-KE server - Update clknetsim to snapshot f89702d. - Ensure the correct pool packages are installed for openSUSE and SLE (bsc#1180689). - Enable syscallfilter unconditionally (bsc#1181826). Chrony was updated to 4.0: Enhancements - Add support for Network Time Security (NTS) authentication - Add support for AES-CMAC keys (AES128, AES256) with Nettle - Add authselectmode directive to control selection of unauthenticated sources - Add binddevice, bindacqdevice, bindcmddevice directives - Add confdir directive to better support fragmented configuration - Add sourcedir directive and "reload sources" command to support dynamic NTP sources specified in files - Add clockprecision directive - Add dscp directive to set Differentiated Services Code Point (DSCP) - Add -L option to limit log messages by severity - Add -p option to print whole configuration with included files - Add -U option to allow start under non-root user - Allow maxsamples to be set to 1 for faster update with -q/-Q option - Avoid replacing NTP sources with sources that have unreachable address - Improve pools to repeat name resolution to get "maxsources" sources - Improve source selection with trusted sources - Improve NTP loop test to prevent synchronisation to itself - Repeat iburst when NTP source is switched from offline state to online - Update clock synchronisation status and leap status more frequently - Update seccomp filter - Add "add pool" command - Add "reset sources" command to drop all measurements - Add authdata command to print details about NTP authentication - Add selectdata command to print details about source selection - Add -N option and sourcename command to print original names of sources - Add -a option to some commands to print also unresolved sources - Add -k, -p, -r options to clients command to select, limit, reset data - Bug fixes - Don???t set interface for NTP responses to allow asymmetric routing - Handle RTCs that don???t support interrupts - Respond to command requests with correct address on multihomed hosts - Removed features - Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320) - Drop support for long (non-standard) MACs in NTPv4 packets (chrony 2.x clients using non-MD5/SHA1 keys need to use option "version 3") - By default we don't write log files but log to journald, so only recommend logrotate. - Adjust and rename the sysconfig file, so that it matches the expectations of chronyd.service (bsc#1173277). Chrony was updated to 3.5.1: * Create new file when writing pidfile (CVE-2020-14367, bsc#1174911) - Add chrony-pool-suse and chrony-pool-openSUSE subpackages that preconfigure chrony to use NTP servers from the respective pools for SUSE and openSUSE (bsc#1156884, SLE-11424). - Add chrony-pool-empty to still allow installing chrony without preconfigured servers. - Use iburst in the default pool statements to speed up initial synchronisation (bsc#1172113). - Update clknetsim to version 79ffe44 (fixes bsc#1162964). Update to 3.5: + Add support for more accurate reading of PHC on Linux 5.0 + Add support for hardware timestamping on interfaces with read-only timestamping configuration + Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris + Update seccomp filter to work on more architectures + Validate refclock driver options + Fix bindaddress directive on FreeBSD + Fix transposition of hardware RX timestamp on Linux 4.13 and later + Fix building on non-glibc systems - Fix location of helper script in chrony-dnssrv at .service (bsc#1128846). - Read runtime servers from /var/run/netconfig/chrony.servers (bsc#1099272) - Move chrony-helper to /usr/lib/chrony/helper, because there should be no executables in /usr/share. - Remove discrepancies between spec file and chrony-tmpfiles (bsc#1115529) Update to version 3.4 * Enhancements + Add filter option to server/pool/peer directive + Add minsamples and maxsamples options to hwtimestamp directive + Add support for faster frequency adjustments in Linux 4.19 + Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd without root privileges to remove it on exit + Disable sub-second polling intervals for distant NTP sources + Extend range of supported sub-second polling intervals + Get/set IPv4 destination/source address of NTP packets on FreeBSD + Make burst options and command useful with short polling intervals + Modify auto_offline option to activate when sending request failed + Respond from interface that received NTP request if possible + Add onoffline command to switch between online and offline state according to current system network configuration + Improve example NetworkManager dispatcher script * Bug fixes + Avoid waiting in Linux getrandom system call + Fix PPS support on FreeBSD and NetBSD Update to version 3.3 * Enhancements: + Add burst option to server/pool directive + Add stratum and tai options to refclock directive + Add support for Nettle crypto library + Add workaround for missing kernel receive timestamps on Linux + Wait for late hardware transmit timestamps + Improve source selection with unreachable sources + Improve protection against replay attacks on symmetric mode + Allow PHC refclock to use socket in /var/run/chrony + Add shutdown command to stop chronyd + Simplify format of response to manual list command + Improve handling of unknown responses in chronyc * Bug fixes: + Respond to NTPv1 client requests with zero mode + Fix -x option to not require CAP_SYS_TIME under non-root user + Fix acquisitionport directive to work with privilege separation + Fix handling of socket errors on Linux to avoid high CPU usage + Fix chronyc to not get stuck in infinite loop after clock step - Added /etc/chrony.d/ directory to the package (bsc#1083597) Modifed default chrony.conf to add "include /etc/chrony.d/*" - Enable pps support Upgraded to version 3.2: Enhancements * Improve stability with NTP sources and reference clocks * Improve stability with hardware timestamping * Improve support for NTP interleaved modes * Control frequency of system clock on macOS 10.13 and later * Set TAI-UTC offset of system clock with leapsectz directive * Minimise data in client requests to improve privacy * Allow transmit-only hardware timestamping * Add support for new timestamping options introduced in Linux 4.13 * Add root delay, root dispersion and maximum error to tracking log * Add mindelay and asymmetry options to server/peer/pool directive * Add extpps option to PHC refclock to timestamp external PPS signal * Add pps option to refclock directive to treat any refclock as PPS * Add width option to refclock directive to filter wrong pulse edges * Add rxfilter option to hwtimestamp directive * Add -x option to disable control of system clock * Add -l option to log to specified file instead of syslog * Allow multiple command-line options to be specified together * Allow starting without root privileges with -Q option * Update seccomp filter for new glibc versions * Dump history on exit by default with dumpdir directive * Use hardening compiler options by default Bug fixes * Don't drop PHC samples with low-resolution system clock * Ignore outliers in PHC tracking, RTC tracking, manual input * Increase polling interval when peer is not responding * Exit with error message when include directive fails * Don't allow slash after hostname in allow/deny directive/command * Try to connect to all addresses in chronyc before giving up Upgraded to version 3.1: - Enhancements - Add support for precise cross timestamping of PHC on Linux - Add minpoll, precision, nocrossts options to hwtimestamp directive - Add rawmeasurements option to log directive and modify measurements option to log only valid measurements from synchronised sources - Allow sub-second polling interval with NTP sources - Bug fixes - Fix time smoothing in interleaved mode Upgraded to version 3.0: - Enhancements - Add support for software and hardware timestamping on Linux - Add support for client/server and symmetric interleaved modes - Add support for MS-SNTP authentication in Samba - Add support for truncated MACs in NTPv4 packets - Estimate and correct for asymmetric network jitter - Increase default minsamples and polltarget to improve stability with very low jitter - Add maxjitter directive to limit source selection by jitter - Add offset option to server/pool/peer directive - Add maxlockage option to refclock directive - Add -t option to chronyd to exit after specified time - Add partial protection against replay attacks on symmetric mode - Don't reset polling interval when switching sources to online state - Allow rate limiting with very short intervals - Improve maximum server throughput on Linux and NetBSD - Remove dump files after start - Add tab-completion to chronyc with libedit/readline - Add ntpdata command to print details about NTP measurements - Allow all source options to be set in add server/peer command - Indicate truncated addresses/hostnames in chronyc output - Print reference IDs as hexadecimal numbers to avoid confusion with IPv4 addresses - Bug fixes - Fix crash with disabled asynchronous name resolving Upgraded to version 2.4.1: - Bug fixes - Fix processing of kernel timestamps on non-Linux systems - Fix crash with smoothtime directive - Fix validation of refclock sample times - Fix parsing of refclock directive update to 2.4: - Enhancements - Add orphan option to local directive for orphan mode compatible with ntpd - Add distance option to local directive to set activation threshold (1 second by default) - Add maxdrift directive to set maximum allowed drift of system clock - Try to replace NTP sources exceeding maximum distance - Randomise source replacement to avoid getting stuck with bad sources - Randomise selection of sources from pools on start - Ignore reference timestamp as ntpd doesn't always set it correctly - Modify tracking report to use same values as seen by NTP clients - Add -c option to chronyc to write reports in CSV format - Provide detailed manual pages - Bug fixes - Fix SOCK refclock to work correctly when not specified as last refclock - Fix initstepslew and -q/-Q options to accept time from own NTP clients - Fix authentication with keys using 512-bit hash functions - Fix crash on exit when multiple signals are received - Fix conversion of very small floating-point numbers in command packets Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-4147=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-4147=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-4147=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-4147=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-4147=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-4147=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-4147=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-4147=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-4147=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-4147=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-4147=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-4147=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): chrony-4.1-5.9.1 chrony-debuginfo-4.1-5.9.1 chrony-debugsource-4.1-5.9.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): chrony-4.1-5.9.1 chrony-debuginfo-4.1-5.9.1 chrony-debugsource-4.1-5.9.1 - SUSE OpenStack Cloud 9 (x86_64): chrony-4.1-5.9.1 chrony-debuginfo-4.1-5.9.1 chrony-debugsource-4.1-5.9.1 - SUSE OpenStack Cloud 8 (x86_64): chrony-4.1-5.9.1 chrony-debuginfo-4.1-5.9.1 chrony-debugsource-4.1-5.9.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): chrony-4.1-5.9.1 chrony-debuginfo-4.1-5.9.1 chrony-debugsource-4.1-5.9.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): chrony-4.1-5.9.1 chrony-debuginfo-4.1-5.9.1 chrony-debugsource-4.1-5.9.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): chrony-4.1-5.9.1 chrony-debuginfo-4.1-5.9.1 chrony-debugsource-4.1-5.9.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): chrony-4.1-5.9.1 chrony-debuginfo-4.1-5.9.1 chrony-debugsource-4.1-5.9.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): chrony-4.1-5.9.1 chrony-debuginfo-4.1-5.9.1 chrony-debugsource-4.1-5.9.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): chrony-4.1-5.9.1 chrony-debuginfo-4.1-5.9.1 chrony-debugsource-4.1-5.9.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): chrony-4.1-5.9.1 chrony-debuginfo-4.1-5.9.1 chrony-debugsource-4.1-5.9.1 - HPE Helion Openstack 8 (x86_64): chrony-4.1-5.9.1 chrony-debuginfo-4.1-5.9.1 chrony-debugsource-4.1-5.9.1 References: https://www.suse.com/security/cve/CVE-2020-14367.html https://bugzilla.suse.com/1063704 https://bugzilla.suse.com/1069468 https://bugzilla.suse.com/1082318 https://bugzilla.suse.com/1083597 https://bugzilla.suse.com/1099272 https://bugzilla.suse.com/1115529 https://bugzilla.suse.com/1128846 https://bugzilla.suse.com/1156884 https://bugzilla.suse.com/1159840 https://bugzilla.suse.com/1161119 https://bugzilla.suse.com/1162964 https://bugzilla.suse.com/1171806 https://bugzilla.suse.com/1172113 https://bugzilla.suse.com/1173277 https://bugzilla.suse.com/1173760 https://bugzilla.suse.com/1174075 https://bugzilla.suse.com/1174911 https://bugzilla.suse.com/1180689 https://bugzilla.suse.com/1181826 https://bugzilla.suse.com/1183783 https://bugzilla.suse.com/1184400 https://bugzilla.suse.com/1187906 https://bugzilla.suse.com/1190926 From sle-updates at lists.suse.com Wed Dec 22 14:40:04 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Dec 2021 15:40:04 +0100 (CET) Subject: SUSE-SU-2021:4154-1: important: Security update for p11-kit Message-ID: <20211222144004.3F682FC9F@maintenance.suse.de> SUSE Security Update: Security update for p11-kit ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:4154-1 Rating: important References: #1180064 #1187993 Cross-References: CVE-2020-29361 CVSS scores: CVE-2020-29361 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-29361 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE MicroOS 5.1 SUSE MicroOS 5.0 SUSE Manager Server 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Proxy 4.1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 7 SUSE Enterprise Storage 6 SUSE CaaS Platform 4.5 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for p11-kit fixes the following issues: - CVE-2020-29361: Fixed multiple integer overflows in rpc code (bsc#1180064) - Add support for CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER (bsc#1187993). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-4154=1 - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-4154=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2021-4154=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2021-4154=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2021-4154=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2021-4154=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-4154=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-4154=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2021-4154=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2021-4154=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-4154=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-4154=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-4154=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-4154=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-4154=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-4154=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-4154=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2021-4154=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2021-4154=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-4154=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-4154=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-4154=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-4154=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2021-4154=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-4154=1 - SUSE CaaS Platform 4.5: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE MicroOS 5.1 (aarch64 s390x x86_64): libp11-kit0-0.23.2-4.13.1 libp11-kit0-debuginfo-0.23.2-4.13.1 p11-kit-0.23.2-4.13.1 p11-kit-debuginfo-0.23.2-4.13.1 p11-kit-debugsource-0.23.2-4.13.1 p11-kit-tools-0.23.2-4.13.1 p11-kit-tools-debuginfo-0.23.2-4.13.1 - SUSE MicroOS 5.0 (aarch64 x86_64): libp11-kit0-0.23.2-4.13.1 libp11-kit0-debuginfo-0.23.2-4.13.1 p11-kit-0.23.2-4.13.1 p11-kit-debuginfo-0.23.2-4.13.1 p11-kit-debugsource-0.23.2-4.13.1 p11-kit-tools-0.23.2-4.13.1 p11-kit-tools-debuginfo-0.23.2-4.13.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libp11-kit0-0.23.2-4.13.1 libp11-kit0-debuginfo-0.23.2-4.13.1 p11-kit-0.23.2-4.13.1 p11-kit-debuginfo-0.23.2-4.13.1 p11-kit-debugsource-0.23.2-4.13.1 p11-kit-devel-0.23.2-4.13.1 p11-kit-nss-trust-0.23.2-4.13.1 p11-kit-tools-0.23.2-4.13.1 p11-kit-tools-debuginfo-0.23.2-4.13.1 - SUSE Manager Server 4.1 (x86_64): libp11-kit0-32bit-0.23.2-4.13.1 libp11-kit0-32bit-debuginfo-0.23.2-4.13.1 p11-kit-32bit-debuginfo-0.23.2-4.13.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libp11-kit0-0.23.2-4.13.1 libp11-kit0-32bit-0.23.2-4.13.1 libp11-kit0-32bit-debuginfo-0.23.2-4.13.1 libp11-kit0-debuginfo-0.23.2-4.13.1 p11-kit-0.23.2-4.13.1 p11-kit-32bit-debuginfo-0.23.2-4.13.1 p11-kit-debuginfo-0.23.2-4.13.1 p11-kit-debugsource-0.23.2-4.13.1 p11-kit-devel-0.23.2-4.13.1 p11-kit-nss-trust-0.23.2-4.13.1 p11-kit-tools-0.23.2-4.13.1 p11-kit-tools-debuginfo-0.23.2-4.13.1 - SUSE Manager Proxy 4.1 (x86_64): libp11-kit0-0.23.2-4.13.1 libp11-kit0-32bit-0.23.2-4.13.1 libp11-kit0-32bit-debuginfo-0.23.2-4.13.1 libp11-kit0-debuginfo-0.23.2-4.13.1 p11-kit-0.23.2-4.13.1 p11-kit-32bit-debuginfo-0.23.2-4.13.1 p11-kit-debuginfo-0.23.2-4.13.1 p11-kit-debugsource-0.23.2-4.13.1 p11-kit-devel-0.23.2-4.13.1 p11-kit-nss-trust-0.23.2-4.13.1 p11-kit-tools-0.23.2-4.13.1 p11-kit-tools-debuginfo-0.23.2-4.13.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libp11-kit0-0.23.2-4.13.1 libp11-kit0-debuginfo-0.23.2-4.13.1 p11-kit-0.23.2-4.13.1 p11-kit-debuginfo-0.23.2-4.13.1 p11-kit-debugsource-0.23.2-4.13.1 p11-kit-devel-0.23.2-4.13.1 p11-kit-nss-trust-0.23.2-4.13.1 p11-kit-tools-0.23.2-4.13.1 p11-kit-tools-debuginfo-0.23.2-4.13.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): libp11-kit0-32bit-0.23.2-4.13.1 libp11-kit0-32bit-debuginfo-0.23.2-4.13.1 p11-kit-32bit-debuginfo-0.23.2-4.13.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libp11-kit0-0.23.2-4.13.1 libp11-kit0-debuginfo-0.23.2-4.13.1 p11-kit-0.23.2-4.13.1 p11-kit-debuginfo-0.23.2-4.13.1 p11-kit-debugsource-0.23.2-4.13.1 p11-kit-devel-0.23.2-4.13.1 p11-kit-nss-trust-0.23.2-4.13.1 p11-kit-tools-0.23.2-4.13.1 p11-kit-tools-debuginfo-0.23.2-4.13.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libp11-kit0-32bit-0.23.2-4.13.1 libp11-kit0-32bit-debuginfo-0.23.2-4.13.1 p11-kit-32bit-debuginfo-0.23.2-4.13.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libp11-kit0-0.23.2-4.13.1 libp11-kit0-debuginfo-0.23.2-4.13.1 p11-kit-0.23.2-4.13.1 p11-kit-debuginfo-0.23.2-4.13.1 p11-kit-debugsource-0.23.2-4.13.1 p11-kit-devel-0.23.2-4.13.1 p11-kit-nss-trust-0.23.2-4.13.1 p11-kit-tools-0.23.2-4.13.1 p11-kit-tools-debuginfo-0.23.2-4.13.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libp11-kit0-32bit-0.23.2-4.13.1 libp11-kit0-32bit-debuginfo-0.23.2-4.13.1 p11-kit-32bit-debuginfo-0.23.2-4.13.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libp11-kit0-0.23.2-4.13.1 libp11-kit0-debuginfo-0.23.2-4.13.1 p11-kit-0.23.2-4.13.1 p11-kit-debuginfo-0.23.2-4.13.1 p11-kit-debugsource-0.23.2-4.13.1 p11-kit-devel-0.23.2-4.13.1 p11-kit-nss-trust-0.23.2-4.13.1 p11-kit-tools-0.23.2-4.13.1 p11-kit-tools-debuginfo-0.23.2-4.13.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): libp11-kit0-32bit-0.23.2-4.13.1 libp11-kit0-32bit-debuginfo-0.23.2-4.13.1 p11-kit-32bit-debuginfo-0.23.2-4.13.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libp11-kit0-0.23.2-4.13.1 libp11-kit0-32bit-0.23.2-4.13.1 libp11-kit0-32bit-debuginfo-0.23.2-4.13.1 libp11-kit0-debuginfo-0.23.2-4.13.1 p11-kit-0.23.2-4.13.1 p11-kit-32bit-debuginfo-0.23.2-4.13.1 p11-kit-debuginfo-0.23.2-4.13.1 p11-kit-debugsource-0.23.2-4.13.1 p11-kit-devel-0.23.2-4.13.1 p11-kit-nss-trust-0.23.2-4.13.1 p11-kit-tools-0.23.2-4.13.1 p11-kit-tools-debuginfo-0.23.2-4.13.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libp11-kit0-0.23.2-4.13.1 libp11-kit0-debuginfo-0.23.2-4.13.1 p11-kit-0.23.2-4.13.1 p11-kit-debuginfo-0.23.2-4.13.1 p11-kit-debugsource-0.23.2-4.13.1 p11-kit-devel-0.23.2-4.13.1 p11-kit-nss-trust-0.23.2-4.13.1 p11-kit-tools-0.23.2-4.13.1 p11-kit-tools-debuginfo-0.23.2-4.13.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libp11-kit0-32bit-0.23.2-4.13.1 libp11-kit0-32bit-debuginfo-0.23.2-4.13.1 p11-kit-32bit-debuginfo-0.23.2-4.13.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libp11-kit0-0.23.2-4.13.1 libp11-kit0-32bit-0.23.2-4.13.1 libp11-kit0-32bit-debuginfo-0.23.2-4.13.1 libp11-kit0-debuginfo-0.23.2-4.13.1 p11-kit-0.23.2-4.13.1 p11-kit-32bit-debuginfo-0.23.2-4.13.1 p11-kit-debuginfo-0.23.2-4.13.1 p11-kit-debugsource-0.23.2-4.13.1 p11-kit-devel-0.23.2-4.13.1 p11-kit-nss-trust-0.23.2-4.13.1 p11-kit-tools-0.23.2-4.13.1 p11-kit-tools-debuginfo-0.23.2-4.13.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libp11-kit0-0.23.2-4.13.1 libp11-kit0-debuginfo-0.23.2-4.13.1 p11-kit-0.23.2-4.13.1 p11-kit-debuginfo-0.23.2-4.13.1 p11-kit-debugsource-0.23.2-4.13.1 p11-kit-devel-0.23.2-4.13.1 p11-kit-nss-trust-0.23.2-4.13.1 p11-kit-tools-0.23.2-4.13.1 p11-kit-tools-debuginfo-0.23.2-4.13.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (x86_64): p11-kit-32bit-0.23.2-4.13.1 p11-kit-32bit-debuginfo-0.23.2-4.13.1 p11-kit-debugsource-0.23.2-4.13.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (x86_64): p11-kit-32bit-0.23.2-4.13.1 p11-kit-32bit-debuginfo-0.23.2-4.13.1 p11-kit-debugsource-0.23.2-4.13.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libp11-kit0-0.23.2-4.13.1 libp11-kit0-debuginfo-0.23.2-4.13.1 p11-kit-0.23.2-4.13.1 p11-kit-debuginfo-0.23.2-4.13.1 p11-kit-debugsource-0.23.2-4.13.1 p11-kit-devel-0.23.2-4.13.1 p11-kit-nss-trust-0.23.2-4.13.1 p11-kit-tools-0.23.2-4.13.1 p11-kit-tools-debuginfo-0.23.2-4.13.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libp11-kit0-32bit-0.23.2-4.13.1 libp11-kit0-32bit-debuginfo-0.23.2-4.13.1 p11-kit-32bit-debuginfo-0.23.2-4.13.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libp11-kit0-0.23.2-4.13.1 libp11-kit0-debuginfo-0.23.2-4.13.1 p11-kit-0.23.2-4.13.1 p11-kit-debuginfo-0.23.2-4.13.1 p11-kit-debugsource-0.23.2-4.13.1 p11-kit-devel-0.23.2-4.13.1 p11-kit-nss-trust-0.23.2-4.13.1 p11-kit-tools-0.23.2-4.13.1 p11-kit-tools-debuginfo-0.23.2-4.13.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libp11-kit0-32bit-0.23.2-4.13.1 libp11-kit0-32bit-debuginfo-0.23.2-4.13.1 p11-kit-32bit-debuginfo-0.23.2-4.13.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libp11-kit0-0.23.2-4.13.1 libp11-kit0-debuginfo-0.23.2-4.13.1 p11-kit-0.23.2-4.13.1 p11-kit-debuginfo-0.23.2-4.13.1 p11-kit-debugsource-0.23.2-4.13.1 p11-kit-devel-0.23.2-4.13.1 p11-kit-nss-trust-0.23.2-4.13.1 p11-kit-tools-0.23.2-4.13.1 p11-kit-tools-debuginfo-0.23.2-4.13.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): libp11-kit0-32bit-0.23.2-4.13.1 libp11-kit0-32bit-debuginfo-0.23.2-4.13.1 p11-kit-32bit-debuginfo-0.23.2-4.13.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libp11-kit0-0.23.2-4.13.1 libp11-kit0-debuginfo-0.23.2-4.13.1 p11-kit-0.23.2-4.13.1 p11-kit-debuginfo-0.23.2-4.13.1 p11-kit-debugsource-0.23.2-4.13.1 p11-kit-devel-0.23.2-4.13.1 p11-kit-nss-trust-0.23.2-4.13.1 p11-kit-tools-0.23.2-4.13.1 p11-kit-tools-debuginfo-0.23.2-4.13.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): libp11-kit0-32bit-0.23.2-4.13.1 libp11-kit0-32bit-debuginfo-0.23.2-4.13.1 p11-kit-32bit-debuginfo-0.23.2-4.13.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libp11-kit0-0.23.2-4.13.1 libp11-kit0-debuginfo-0.23.2-4.13.1 p11-kit-0.23.2-4.13.1 p11-kit-debuginfo-0.23.2-4.13.1 p11-kit-debugsource-0.23.2-4.13.1 p11-kit-devel-0.23.2-4.13.1 p11-kit-nss-trust-0.23.2-4.13.1 p11-kit-tools-0.23.2-4.13.1 p11-kit-tools-debuginfo-0.23.2-4.13.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libp11-kit0-32bit-0.23.2-4.13.1 libp11-kit0-32bit-debuginfo-0.23.2-4.13.1 p11-kit-32bit-debuginfo-0.23.2-4.13.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libp11-kit0-0.23.2-4.13.1 libp11-kit0-debuginfo-0.23.2-4.13.1 p11-kit-0.23.2-4.13.1 p11-kit-debuginfo-0.23.2-4.13.1 p11-kit-debugsource-0.23.2-4.13.1 p11-kit-devel-0.23.2-4.13.1 p11-kit-nss-trust-0.23.2-4.13.1 p11-kit-tools-0.23.2-4.13.1 p11-kit-tools-debuginfo-0.23.2-4.13.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libp11-kit0-32bit-0.23.2-4.13.1 libp11-kit0-32bit-debuginfo-0.23.2-4.13.1 p11-kit-32bit-debuginfo-0.23.2-4.13.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libp11-kit0-0.23.2-4.13.1 libp11-kit0-debuginfo-0.23.2-4.13.1 p11-kit-0.23.2-4.13.1 p11-kit-debuginfo-0.23.2-4.13.1 p11-kit-debugsource-0.23.2-4.13.1 p11-kit-devel-0.23.2-4.13.1 p11-kit-nss-trust-0.23.2-4.13.1 p11-kit-tools-0.23.2-4.13.1 p11-kit-tools-debuginfo-0.23.2-4.13.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libp11-kit0-32bit-0.23.2-4.13.1 libp11-kit0-32bit-debuginfo-0.23.2-4.13.1 p11-kit-32bit-debuginfo-0.23.2-4.13.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libp11-kit0-0.23.2-4.13.1 libp11-kit0-debuginfo-0.23.2-4.13.1 p11-kit-0.23.2-4.13.1 p11-kit-debuginfo-0.23.2-4.13.1 p11-kit-debugsource-0.23.2-4.13.1 p11-kit-devel-0.23.2-4.13.1 p11-kit-nss-trust-0.23.2-4.13.1 p11-kit-tools-0.23.2-4.13.1 p11-kit-tools-debuginfo-0.23.2-4.13.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libp11-kit0-32bit-0.23.2-4.13.1 libp11-kit0-32bit-debuginfo-0.23.2-4.13.1 p11-kit-32bit-debuginfo-0.23.2-4.13.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libp11-kit0-0.23.2-4.13.1 libp11-kit0-debuginfo-0.23.2-4.13.1 p11-kit-0.23.2-4.13.1 p11-kit-debuginfo-0.23.2-4.13.1 p11-kit-debugsource-0.23.2-4.13.1 p11-kit-devel-0.23.2-4.13.1 p11-kit-nss-trust-0.23.2-4.13.1 p11-kit-tools-0.23.2-4.13.1 p11-kit-tools-debuginfo-0.23.2-4.13.1 - SUSE Enterprise Storage 7 (x86_64): libp11-kit0-32bit-0.23.2-4.13.1 libp11-kit0-32bit-debuginfo-0.23.2-4.13.1 p11-kit-32bit-debuginfo-0.23.2-4.13.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libp11-kit0-0.23.2-4.13.1 libp11-kit0-debuginfo-0.23.2-4.13.1 p11-kit-0.23.2-4.13.1 p11-kit-debuginfo-0.23.2-4.13.1 p11-kit-debugsource-0.23.2-4.13.1 p11-kit-devel-0.23.2-4.13.1 p11-kit-nss-trust-0.23.2-4.13.1 p11-kit-tools-0.23.2-4.13.1 p11-kit-tools-debuginfo-0.23.2-4.13.1 - SUSE Enterprise Storage 6 (x86_64): libp11-kit0-32bit-0.23.2-4.13.1 libp11-kit0-32bit-debuginfo-0.23.2-4.13.1 p11-kit-32bit-debuginfo-0.23.2-4.13.1 - SUSE CaaS Platform 4.5 (aarch64 x86_64): libp11-kit0-0.23.2-4.13.1 libp11-kit0-debuginfo-0.23.2-4.13.1 p11-kit-0.23.2-4.13.1 p11-kit-debuginfo-0.23.2-4.13.1 p11-kit-debugsource-0.23.2-4.13.1 p11-kit-devel-0.23.2-4.13.1 p11-kit-nss-trust-0.23.2-4.13.1 p11-kit-tools-0.23.2-4.13.1 p11-kit-tools-debuginfo-0.23.2-4.13.1 - SUSE CaaS Platform 4.5 (x86_64): libp11-kit0-32bit-0.23.2-4.13.1 libp11-kit0-32bit-debuginfo-0.23.2-4.13.1 p11-kit-32bit-debuginfo-0.23.2-4.13.1 - SUSE CaaS Platform 4.0 (x86_64): libp11-kit0-0.23.2-4.13.1 libp11-kit0-32bit-0.23.2-4.13.1 libp11-kit0-32bit-debuginfo-0.23.2-4.13.1 libp11-kit0-debuginfo-0.23.2-4.13.1 p11-kit-0.23.2-4.13.1 p11-kit-32bit-debuginfo-0.23.2-4.13.1 p11-kit-debuginfo-0.23.2-4.13.1 p11-kit-debugsource-0.23.2-4.13.1 p11-kit-devel-0.23.2-4.13.1 p11-kit-nss-trust-0.23.2-4.13.1 p11-kit-tools-0.23.2-4.13.1 p11-kit-tools-debuginfo-0.23.2-4.13.1 References: https://www.suse.com/security/cve/CVE-2020-29361.html https://bugzilla.suse.com/1180064 https://bugzilla.suse.com/1187993 From sle-updates at lists.suse.com Wed Dec 22 14:41:36 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Dec 2021 15:41:36 +0100 (CET) Subject: SUSE-RU-2021:4156-1: moderate: Recommended update for grub2 Message-ID: <20211222144136.E16D4FC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4156-1 Rating: moderate References: #1071559 #1177751 #1189769 #1189874 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for grub2 fixes the following issues: - Fixed an issue when 'lvmid' disk cannot be found after second disk added to the root volume group. (bsc#1189874, bsc#1071559) - Fix for an error when '/boot/grub2/locale/POSIX.gmo' not found. (bsc#1189769) - Fix 'powerpc-ieee1275 lpar' takes long time to boot with increasing number of nvme namespace. (bsc#1177751) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-4156=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): grub2-2.02-121.15.3 grub2-debuginfo-2.02-121.15.3 - SUSE Linux Enterprise Server 12-SP5 (aarch64 s390x x86_64): grub2-debugsource-2.02-121.15.3 - SUSE Linux Enterprise Server 12-SP5 (ppc64le): grub2-powerpc-ieee1275-2.02-121.15.3 - SUSE Linux Enterprise Server 12-SP5 (aarch64): grub2-arm64-efi-2.02-121.15.3 - SUSE Linux Enterprise Server 12-SP5 (noarch): grub2-snapper-plugin-2.02-121.15.3 grub2-systemd-sleep-plugin-2.02-121.15.3 grub2-x86_64-xen-2.02-121.15.3 - SUSE Linux Enterprise Server 12-SP5 (x86_64): grub2-i386-pc-2.02-121.15.3 grub2-x86_64-efi-2.02-121.15.3 - SUSE Linux Enterprise Server 12-SP5 (s390x): grub2-s390x-emu-2.02-121.15.3 References: https://bugzilla.suse.com/1071559 https://bugzilla.suse.com/1177751 https://bugzilla.suse.com/1189769 https://bugzilla.suse.com/1189874 From sle-updates at lists.suse.com Wed Dec 22 17:16:33 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Dec 2021 18:16:33 +0100 (CET) Subject: SUSE-RU-2021:4159-1: Recommended update for release-notes-sles Message-ID: <20211222171633.B5138FC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4159-1 Rating: low References: #933411 SLE-22593 Affected Products: SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Installer 15-SP2 ______________________________________________________________________________ An update that has one recommended fix and contains one feature can now be installed. Description: This update for release-notes-sles fixes the following issue: Update release notes to version 15.2.20211208 (bsc#933411) - Added a note about unprivileged eBPF (jsc#SLE-22593) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-2021-4159=1 - SUSE Linux Enterprise Installer 15-SP2: zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2021-4159=1 Package List: - SUSE Linux Enterprise Server 15-SP2 (noarch): release-notes-sles-15.2.20211208-3.29.2 - SUSE Linux Enterprise Installer 15-SP2 (noarch): release-notes-sles-15.2.20211208-3.29.2 References: https://bugzilla.suse.com/933411 From sle-updates at lists.suse.com Wed Dec 22 20:16:40 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Dec 2021 21:16:40 +0100 (CET) Subject: SUSE-SU-2021:4161-1: important: Security update for python-Babel Message-ID: <20211222201641.000C0FC9F@maintenance.suse.de> SUSE Security Update: Security update for python-Babel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:4161-1 Rating: important References: #1185768 Cross-References: CVE-2021-42771 CVSS scores: CVE-2021-42771 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Babel fixes the following issues: - CVE-2021-42771: Fixed relative path traversal that may lead to arbitrary locale files loading and arbitrary code execution (bsc#1185768). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2021-4161=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-Babel-2.5.3-4.8.1 python3-Babel-2.5.3-4.8.1 References: https://www.suse.com/security/cve/CVE-2021-42771.html https://bugzilla.suse.com/1185768 From sle-updates at lists.suse.com Wed Dec 22 20:17:54 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Dec 2021 21:17:54 +0100 (CET) Subject: SUSE-OU-2021:4162-1: moderate: Feature update for trento-premium Message-ID: <20211222201754.CFCE3FC9F@maintenance.suse.de> SUSE Optional Update: Feature update for trento-premium ______________________________________________________________________________ Announcement ID: SUSE-OU-2021:4162-1 Rating: moderate References: SLE-22808 SLE-22809 SLE-22810 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP3 SUSE Linux Enterprise Module for SAP Applications 15-SP2 SUSE Linux Enterprise Module for SAP Applications 15-SP1 ______________________________________________________________________________ An update that has 0 optional fixes and contains three features can now be installed. Description: This update ships "trento-premium" monitoring solution for SLES 4 SAP. Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP3-2021-4162=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2021-4162=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2021-4162=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP3 (aarch64 ppc64le s390x x86_64): trento-premium-0.7.1+git.dev42.1640084952.33229fc-3.2.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2 (aarch64 ppc64le s390x x86_64): trento-premium-0.7.1+git.dev42.1640084952.33229fc-3.2.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1 (aarch64 ppc64le s390x x86_64): trento-premium-0.7.1+git.dev42.1640084952.33229fc-3.2.1 References: From sle-updates at lists.suse.com Wed Dec 22 20:19:05 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 22 Dec 2021 21:19:05 +0100 (CET) Subject: SUSE-SU-2021:4160-1: important: Security update for logstash, elasticsearch, kafka, zookeeper, openstack-monasca-agent, openstack-monasca-persister-java, openstack-monasca-thresh Message-ID: <20211222201905.60D2FFC9F@maintenance.suse.de> SUSE Security Update: Security update for logstash, elasticsearch, kafka, zookeeper, openstack-monasca-agent, openstack-monasca-persister-java, openstack-monasca-thresh ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:4160-1 Rating: important References: #1193662 Cross-References: CVE-2021-4104 CVSS scores: CVE-2021-4104 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for logstash, elasticsearch, kafka, zookeeper, openstack-monasca-agent, openstack-monasca-persister-java, openstack-monasca-thresh fixes the following issues: Fixed vulnerability related to log4j version 1.2.x: - CVE-2021-4104: Fixed remote code execution through the JMS API via the ldap JNDI parser (bsc#1193662) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-4160=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-4160=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): elasticsearch-2.4.2-6.3.1 openstack-monasca-agent-2.8.2~dev5-3.12.1 openstack-monasca-persister-java-1.12.1~dev9-12.2 openstack-monasca-thresh-2.1.1-5.3.1 python-monasca-agent-2.8.2~dev5-3.12.1 zookeeper-server-3.4.13-3.6.1 - SUSE OpenStack Cloud Crowbar 9 (x86_64): kafka-0.10.2.2-3.2.1 logstash-2.4.1-7.3.1 - SUSE OpenStack Cloud 9 (x86_64): kafka-0.10.2.2-3.2.1 logstash-2.4.1-7.3.1 - SUSE OpenStack Cloud 9 (noarch): elasticsearch-2.4.2-6.3.1 openstack-monasca-agent-2.8.2~dev5-3.12.1 openstack-monasca-persister-java-1.12.1~dev9-12.2 openstack-monasca-thresh-2.1.1-5.3.1 python-monasca-agent-2.8.2~dev5-3.12.1 venv-openstack-barbican-x86_64-7.0.1~dev24-3.27.1 venv-openstack-cinder-x86_64-13.0.10~dev23-3.30.1 venv-openstack-designate-x86_64-7.0.2~dev2-3.27.1 venv-openstack-glance-x86_64-17.0.1~dev30-3.25.1 venv-openstack-heat-x86_64-11.0.4~dev4-3.27.1 venv-openstack-horizon-x86_64-14.1.1~dev11-4.31.1 venv-openstack-ironic-x86_64-11.1.5~dev17-4.25.1 venv-openstack-keystone-x86_64-14.2.1~dev7-3.28.1 venv-openstack-magnum-x86_64-7.2.1~dev1-4.27.1 venv-openstack-manila-x86_64-7.4.2~dev60-3.33.1 venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.27.1 venv-openstack-monasca-x86_64-2.7.1~dev10-3.27.1 venv-openstack-neutron-x86_64-13.0.8~dev164-6.31.1 venv-openstack-nova-x86_64-18.3.1~dev91-3.31.1 venv-openstack-octavia-x86_64-3.2.3~dev7-4.27.1 venv-openstack-sahara-x86_64-9.0.2~dev15-3.27.1 venv-openstack-swift-x86_64-2.19.2~dev48-2.22.1 zookeeper-server-3.4.13-3.6.1 References: https://www.suse.com/security/cve/CVE-2021-4104.html https://bugzilla.suse.com/1193662 From sle-updates at lists.suse.com Thu Dec 23 02:20:05 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Dec 2021 03:20:05 +0100 (CET) Subject: SUSE-RU-2021:4163-1: moderate: Recommended update for grub2 Message-ID: <20211223022005.3573CFC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4163-1 Rating: moderate References: #1071559 #1189769 #1189874 #1191504 #1192522 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for grub2 fixes the following issues: - Fixed an issue when 'lvmid' disk cannot be found after second disk added to the root volume group. (bsc#1189874, bsc#1071559) - Fix for an error when '/boot/grub2/locale/POSIX.gmo' not found. (bsc#1189769) - Fix unknown TPM error on buggy uefi firmware. (bsc#1191504) - Fix arm64 kernel image not aligned on 64k boundary. (bsc#1192522) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-4163=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2021-4163=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-4163=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): grub2-x86_64-xen-2.04-22.6.3 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (noarch): grub2-arm64-efi-2.04-22.6.3 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): grub2-2.04-22.6.3 grub2-debuginfo-2.04-22.6.3 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 s390x x86_64): grub2-debugsource-2.04-22.6.3 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): grub2-arm64-efi-2.04-22.6.3 grub2-i386-pc-2.04-22.6.3 grub2-powerpc-ieee1275-2.04-22.6.3 grub2-snapper-plugin-2.04-22.6.3 grub2-systemd-sleep-plugin-2.04-22.6.3 grub2-x86_64-efi-2.04-22.6.3 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (s390x): grub2-s390x-emu-2.04-22.6.3 References: https://bugzilla.suse.com/1071559 https://bugzilla.suse.com/1189769 https://bugzilla.suse.com/1189874 https://bugzilla.suse.com/1191504 https://bugzilla.suse.com/1192522 From sle-updates at lists.suse.com Thu Dec 23 02:21:43 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Dec 2021 03:21:43 +0100 (CET) Subject: SUSE-RU-2021:4165-1: moderate: Recommended update for kmod Message-ID: <20211223022143.9FBE8FC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for kmod ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4165-1 Rating: moderate References: #1193430 Affected Products: SUSE MicroOS 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for kmod fixes the following issues: - Ensure that kmod and packages linking to libkmod provide same features. (bsc#1193430) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-4165=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-4165=1 Package List: - SUSE MicroOS 5.1 (aarch64 s390x x86_64): kmod-29-4.15.1 kmod-debuginfo-29-4.15.1 kmod-debugsource-29-4.15.1 libkmod2-29-4.15.1 libkmod2-debuginfo-29-4.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): kmod-29-4.15.1 kmod-debuginfo-29-4.15.1 kmod-debugsource-29-4.15.1 libkmod-devel-29-4.15.1 libkmod2-29-4.15.1 libkmod2-debuginfo-29-4.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): kmod-bash-completion-29-4.15.1 References: https://bugzilla.suse.com/1193430 From sle-updates at lists.suse.com Thu Dec 23 02:24:25 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Dec 2021 03:24:25 +0100 (CET) Subject: SUSE-RU-2021:4164-1: moderate: Recommended update for adcli Message-ID: <20211223022425.89EC3FC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for adcli ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4164-1 Rating: moderate References: SLE-21224 SLE-22892 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has 0 recommended fixes and contains two features can now be installed. Description: This update for adcli fixes the following issues: - Add 'dont-expire-password' option. (jsc#SLE-21224, jsc#SLE-22892) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-4164=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-4164=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): adcli-0.8.2-9.6.1 adcli-debuginfo-0.8.2-9.6.1 adcli-debugsource-0.8.2-9.6.1 adcli-doc-0.8.2-9.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): adcli-0.8.2-9.6.1 adcli-debuginfo-0.8.2-9.6.1 adcli-debugsource-0.8.2-9.6.1 adcli-doc-0.8.2-9.6.1 References: From sle-updates at lists.suse.com Thu Dec 23 02:25:35 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Dec 2021 03:25:35 +0100 (CET) Subject: SUSE-RU-2021:4166-1: moderate: Recommended update for ceph Message-ID: <20211223022535.6168AFC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for ceph ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4166-1 Rating: moderate References: #1192840 SES-704 Affected Products: SUSE MicroOS 5.1 SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Enterprise Storage 7 ______________________________________________________________________________ An update that has one recommended fix and contains one feature can now be installed. Description: This update for ceph fixes the following issues: - Rebase on top of Ceph v15.2.15 tag - Re-do some downstream patches - Fix parsing of kwargs arguments. (bsc#1192840, jsc#SES-704) (fixes an issue caused by downstream commit "pybing/mgr/mgr_module: allow keyword arguments") Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-4166=1 - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-4166=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-4166=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-4166=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2021-4166=1 Package List: - SUSE MicroOS 5.1 (aarch64 x86_64): ceph-debugsource-15.2.15.83+gf72054fa653-3.34.1 librados2-15.2.15.83+gf72054fa653-3.34.1 librados2-debuginfo-15.2.15.83+gf72054fa653-3.34.1 librbd1-15.2.15.83+gf72054fa653-3.34.1 librbd1-debuginfo-15.2.15.83+gf72054fa653-3.34.1 - SUSE MicroOS 5.0 (aarch64 x86_64): librados2-15.2.15.83+gf72054fa653-3.34.1 librados2-debuginfo-15.2.15.83+gf72054fa653-3.34.1 librbd1-15.2.15.83+gf72054fa653-3.34.1 librbd1-debuginfo-15.2.15.83+gf72054fa653-3.34.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): ceph-common-15.2.15.83+gf72054fa653-3.34.1 ceph-common-debuginfo-15.2.15.83+gf72054fa653-3.34.1 ceph-debugsource-15.2.15.83+gf72054fa653-3.34.1 libcephfs-devel-15.2.15.83+gf72054fa653-3.34.1 libcephfs2-15.2.15.83+gf72054fa653-3.34.1 libcephfs2-debuginfo-15.2.15.83+gf72054fa653-3.34.1 librados-devel-15.2.15.83+gf72054fa653-3.34.1 librados-devel-debuginfo-15.2.15.83+gf72054fa653-3.34.1 librados2-15.2.15.83+gf72054fa653-3.34.1 librados2-debuginfo-15.2.15.83+gf72054fa653-3.34.1 libradospp-devel-15.2.15.83+gf72054fa653-3.34.1 librbd-devel-15.2.15.83+gf72054fa653-3.34.1 librbd1-15.2.15.83+gf72054fa653-3.34.1 librbd1-debuginfo-15.2.15.83+gf72054fa653-3.34.1 librgw-devel-15.2.15.83+gf72054fa653-3.34.1 librgw2-15.2.15.83+gf72054fa653-3.34.1 librgw2-debuginfo-15.2.15.83+gf72054fa653-3.34.1 python3-ceph-argparse-15.2.15.83+gf72054fa653-3.34.1 python3-ceph-common-15.2.15.83+gf72054fa653-3.34.1 python3-cephfs-15.2.15.83+gf72054fa653-3.34.1 python3-cephfs-debuginfo-15.2.15.83+gf72054fa653-3.34.1 python3-rados-15.2.15.83+gf72054fa653-3.34.1 python3-rados-debuginfo-15.2.15.83+gf72054fa653-3.34.1 python3-rbd-15.2.15.83+gf72054fa653-3.34.1 python3-rbd-debuginfo-15.2.15.83+gf72054fa653-3.34.1 python3-rgw-15.2.15.83+gf72054fa653-3.34.1 python3-rgw-debuginfo-15.2.15.83+gf72054fa653-3.34.1 rados-objclass-devel-15.2.15.83+gf72054fa653-3.34.1 rbd-nbd-15.2.15.83+gf72054fa653-3.34.1 rbd-nbd-debuginfo-15.2.15.83+gf72054fa653-3.34.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): ceph-common-15.2.15.83+gf72054fa653-3.34.1 ceph-common-debuginfo-15.2.15.83+gf72054fa653-3.34.1 ceph-debugsource-15.2.15.83+gf72054fa653-3.34.1 libcephfs-devel-15.2.15.83+gf72054fa653-3.34.1 libcephfs2-15.2.15.83+gf72054fa653-3.34.1 libcephfs2-debuginfo-15.2.15.83+gf72054fa653-3.34.1 librados-devel-15.2.15.83+gf72054fa653-3.34.1 librados-devel-debuginfo-15.2.15.83+gf72054fa653-3.34.1 librados2-15.2.15.83+gf72054fa653-3.34.1 librados2-debuginfo-15.2.15.83+gf72054fa653-3.34.1 libradospp-devel-15.2.15.83+gf72054fa653-3.34.1 librbd-devel-15.2.15.83+gf72054fa653-3.34.1 librbd1-15.2.15.83+gf72054fa653-3.34.1 librbd1-debuginfo-15.2.15.83+gf72054fa653-3.34.1 librgw-devel-15.2.15.83+gf72054fa653-3.34.1 librgw2-15.2.15.83+gf72054fa653-3.34.1 librgw2-debuginfo-15.2.15.83+gf72054fa653-3.34.1 python3-ceph-argparse-15.2.15.83+gf72054fa653-3.34.1 python3-ceph-common-15.2.15.83+gf72054fa653-3.34.1 python3-cephfs-15.2.15.83+gf72054fa653-3.34.1 python3-cephfs-debuginfo-15.2.15.83+gf72054fa653-3.34.1 python3-rados-15.2.15.83+gf72054fa653-3.34.1 python3-rados-debuginfo-15.2.15.83+gf72054fa653-3.34.1 python3-rbd-15.2.15.83+gf72054fa653-3.34.1 python3-rbd-debuginfo-15.2.15.83+gf72054fa653-3.34.1 python3-rgw-15.2.15.83+gf72054fa653-3.34.1 python3-rgw-debuginfo-15.2.15.83+gf72054fa653-3.34.1 rados-objclass-devel-15.2.15.83+gf72054fa653-3.34.1 rbd-nbd-15.2.15.83+gf72054fa653-3.34.1 rbd-nbd-debuginfo-15.2.15.83+gf72054fa653-3.34.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): ceph-base-15.2.15.83+gf72054fa653-3.34.1 ceph-base-debuginfo-15.2.15.83+gf72054fa653-3.34.1 ceph-common-15.2.15.83+gf72054fa653-3.34.1 ceph-common-debuginfo-15.2.15.83+gf72054fa653-3.34.1 ceph-debugsource-15.2.15.83+gf72054fa653-3.34.1 libcephfs2-15.2.15.83+gf72054fa653-3.34.1 libcephfs2-debuginfo-15.2.15.83+gf72054fa653-3.34.1 librados2-15.2.15.83+gf72054fa653-3.34.1 librados2-debuginfo-15.2.15.83+gf72054fa653-3.34.1 librbd1-15.2.15.83+gf72054fa653-3.34.1 librbd1-debuginfo-15.2.15.83+gf72054fa653-3.34.1 librgw2-15.2.15.83+gf72054fa653-3.34.1 librgw2-debuginfo-15.2.15.83+gf72054fa653-3.34.1 python3-ceph-argparse-15.2.15.83+gf72054fa653-3.34.1 python3-ceph-common-15.2.15.83+gf72054fa653-3.34.1 python3-cephfs-15.2.15.83+gf72054fa653-3.34.1 python3-cephfs-debuginfo-15.2.15.83+gf72054fa653-3.34.1 python3-rados-15.2.15.83+gf72054fa653-3.34.1 python3-rados-debuginfo-15.2.15.83+gf72054fa653-3.34.1 python3-rbd-15.2.15.83+gf72054fa653-3.34.1 python3-rbd-debuginfo-15.2.15.83+gf72054fa653-3.34.1 python3-rgw-15.2.15.83+gf72054fa653-3.34.1 python3-rgw-debuginfo-15.2.15.83+gf72054fa653-3.34.1 rbd-nbd-15.2.15.83+gf72054fa653-3.34.1 rbd-nbd-debuginfo-15.2.15.83+gf72054fa653-3.34.1 - SUSE Enterprise Storage 7 (noarch): cephadm-15.2.15.83+gf72054fa653-3.34.1 References: https://bugzilla.suse.com/1192840 From sle-updates at lists.suse.com Thu Dec 23 14:17:27 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Dec 2021 15:17:27 +0100 (CET) Subject: SUSE-RU-2021:4167-1: moderate: Recommended update for openscap Message-ID: <20211223141727.C1E33FC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for openscap ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4167-1 Rating: moderate References: #1179314 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openscap fixes the following issues: - add SLES support to oscap-docker (bsc#1179314) Note that the oscap-docker currently requires python3-docker from PackageHub. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-4167=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-4167=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libopenscap25-1.3.5-3.10.1 libopenscap25-debuginfo-1.3.5-3.10.1 openscap-1.3.5-3.10.1 openscap-content-1.3.5-3.10.1 openscap-debuginfo-1.3.5-3.10.1 openscap-debugsource-1.3.5-3.10.1 openscap-devel-1.3.5-3.10.1 openscap-docker-1.3.5-3.10.1 openscap-utils-1.3.5-3.10.1 openscap-utils-debuginfo-1.3.5-3.10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libopenscap25-1.3.5-3.10.1 libopenscap25-debuginfo-1.3.5-3.10.1 openscap-1.3.5-3.10.1 openscap-content-1.3.5-3.10.1 openscap-debuginfo-1.3.5-3.10.1 openscap-debugsource-1.3.5-3.10.1 openscap-devel-1.3.5-3.10.1 openscap-utils-1.3.5-3.10.1 openscap-utils-debuginfo-1.3.5-3.10.1 References: https://bugzilla.suse.com/1179314 From sle-updates at lists.suse.com Thu Dec 23 14:19:44 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Dec 2021 15:19:44 +0100 (CET) Subject: SUSE-RU-2021:4177-1: important: Recommended update for ServiceReport Message-ID: <20211223141944.65E36FC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for ServiceReport ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4177-1 Rating: important References: #1193718 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ServiceReport fixes the following issues: - Fix build to require python-rpm-macros (bsc#1193718) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-4177=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): ServiceReport-2.2.3+git1.55a13db1c256-3.6.1 References: https://bugzilla.suse.com/1193718 From sle-updates at lists.suse.com Thu Dec 23 14:23:04 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Dec 2021 15:23:04 +0100 (CET) Subject: SUSE-RU-2021:4175-1: important: Recommended update for systemd Message-ID: <20211223142304.9D94DFC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4175-1 Rating: important References: #1192423 #1192858 #1193759 Affected Products: SUSE MicroOS 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for systemd fixes the following issues: - Bump the max number of inodes for /dev to a million (bsc#1192858) - sleep: don't skip resume device with low priority/available space (bsc#1192423) - test: use kbd-mode-map we ship in one more test case - test-keymap-util: always use kbd-model-map we ship - Add rules for virtual devices and enforce "none" for loop devices. (bsc#1193759) Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-4175=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-4175=1 Package List: - SUSE MicroOS 5.1 (aarch64 s390x x86_64): libsystemd0-246.16-7.28.1 libsystemd0-debuginfo-246.16-7.28.1 libudev1-246.16-7.28.1 libudev1-debuginfo-246.16-7.28.1 systemd-246.16-7.28.1 systemd-container-246.16-7.28.1 systemd-container-debuginfo-246.16-7.28.1 systemd-debuginfo-246.16-7.28.1 systemd-debugsource-246.16-7.28.1 systemd-journal-remote-246.16-7.28.1 systemd-journal-remote-debuginfo-246.16-7.28.1 systemd-sysvinit-246.16-7.28.1 udev-246.16-7.28.1 udev-debuginfo-246.16-7.28.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libsystemd0-246.16-7.28.1 libsystemd0-debuginfo-246.16-7.28.1 libudev-devel-246.16-7.28.1 libudev1-246.16-7.28.1 libudev1-debuginfo-246.16-7.28.1 systemd-246.16-7.28.1 systemd-container-246.16-7.28.1 systemd-container-debuginfo-246.16-7.28.1 systemd-coredump-246.16-7.28.1 systemd-coredump-debuginfo-246.16-7.28.1 systemd-debuginfo-246.16-7.28.1 systemd-debugsource-246.16-7.28.1 systemd-devel-246.16-7.28.1 systemd-doc-246.16-7.28.1 systemd-journal-remote-246.16-7.28.1 systemd-journal-remote-debuginfo-246.16-7.28.1 systemd-sysvinit-246.16-7.28.1 udev-246.16-7.28.1 udev-debuginfo-246.16-7.28.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libsystemd0-32bit-246.16-7.28.1 libsystemd0-32bit-debuginfo-246.16-7.28.1 libudev1-32bit-246.16-7.28.1 libudev1-32bit-debuginfo-246.16-7.28.1 systemd-32bit-246.16-7.28.1 systemd-32bit-debuginfo-246.16-7.28.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): systemd-lang-246.16-7.28.1 References: https://bugzilla.suse.com/1192423 https://bugzilla.suse.com/1192858 https://bugzilla.suse.com/1193759 From sle-updates at lists.suse.com Thu Dec 23 14:25:30 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Dec 2021 15:25:30 +0100 (CET) Subject: SUSE-RU-2021:4181-1: moderate: Recommended update for corosync Message-ID: <20211223142530.374F4FC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for corosync ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4181-1 Rating: moderate References: #1192467 Affected Products: SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for corosync fixes the following issues: - Fix corosync not recognizing isolated nodes when interface is down (bsc#1192467) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2021-4181=1 Package List: - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): corosync-2.4.5-9.19.1 corosync-debuginfo-2.4.5-9.19.1 corosync-debugsource-2.4.5-9.19.1 corosync-qdevice-2.4.5-9.19.1 corosync-qdevice-debuginfo-2.4.5-9.19.1 corosync-qnetd-2.4.5-9.19.1 corosync-qnetd-debuginfo-2.4.5-9.19.1 corosync-testagents-2.4.5-9.19.1 corosync-testagents-debuginfo-2.4.5-9.19.1 libcfg6-2.4.5-9.19.1 libcfg6-debuginfo-2.4.5-9.19.1 libcmap4-2.4.5-9.19.1 libcmap4-debuginfo-2.4.5-9.19.1 libcorosync-devel-2.4.5-9.19.1 libcorosync_common4-2.4.5-9.19.1 libcorosync_common4-debuginfo-2.4.5-9.19.1 libcpg4-2.4.5-9.19.1 libcpg4-debuginfo-2.4.5-9.19.1 libquorum5-2.4.5-9.19.1 libquorum5-debuginfo-2.4.5-9.19.1 libsam4-2.4.5-9.19.1 libsam4-debuginfo-2.4.5-9.19.1 libtotem_pg5-2.4.5-9.19.1 libtotem_pg5-debuginfo-2.4.5-9.19.1 libvotequorum8-2.4.5-9.19.1 libvotequorum8-debuginfo-2.4.5-9.19.1 References: https://bugzilla.suse.com/1192467 From sle-updates at lists.suse.com Thu Dec 23 14:30:11 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Dec 2021 15:30:11 +0100 (CET) Subject: SUSE-RU-2021:4174-1: moderate: Recommended update for gnu-compilers-hpc Message-ID: <20211223143011.AECE6FC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnu-compilers-hpc ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4174-1 Rating: moderate References: SLE-18780 SLE-18781 SLE-18782 SLE-18806 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for HPC 15-SP3 SUSE Linux Enterprise Module for HPC 15-SP2 ______________________________________________________________________________ An update that has 0 recommended fixes and contains four features can now be installed. Description: This update for gnu-compilers-hpc fixes the following issues: - Add build support for gcc11 to HPC build. (jsc#SLE-18780, jsc#SLE-18781, jsc#SLE-18782, jsc#SLE-18806) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-4174=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-4174=1 - SUSE Linux Enterprise Module for HPC 15-SP3: zypper in -t patch SUSE-SLE-Module-HPC-15-SP3-2021-4174=1 - SUSE Linux Enterprise Module for HPC 15-SP2: zypper in -t patch SUSE-SLE-Module-HPC-15-SP2-2021-4174=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch): gnu-compilers-hpc-1.4-3.14.3 gnu-compilers-hpc-devel-1.4-3.14.3 gnu-compilers-hpc-macros-devel-1.4-3.14.3 gnu10-compilers-hpc-1.4-3.14.3 gnu10-compilers-hpc-devel-1.4-3.14.3 gnu10-compilers-hpc-macros-devel-1.4-3.14.3 gnu11-compilers-hpc-1.4-3.14.2 gnu11-compilers-hpc-devel-1.4-3.14.2 gnu11-compilers-hpc-macros-devel-1.4-3.14.2 gnu9-compilers-hpc-1.4-3.14.3 gnu9-compilers-hpc-devel-1.4-3.14.3 gnu9-compilers-hpc-macros-devel-1.4-3.14.3 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (noarch): gnu-compilers-hpc-1.4-3.14.3 gnu-compilers-hpc-devel-1.4-3.14.3 gnu-compilers-hpc-macros-devel-1.4-3.14.3 gnu10-compilers-hpc-1.4-3.14.3 gnu10-compilers-hpc-devel-1.4-3.14.3 gnu10-compilers-hpc-macros-devel-1.4-3.14.3 gnu11-compilers-hpc-1.4-3.14.2 gnu11-compilers-hpc-devel-1.4-3.14.2 gnu11-compilers-hpc-macros-devel-1.4-3.14.2 gnu9-compilers-hpc-1.4-3.14.3 gnu9-compilers-hpc-devel-1.4-3.14.3 gnu9-compilers-hpc-macros-devel-1.4-3.14.3 - SUSE Linux Enterprise Module for HPC 15-SP3 (noarch): gnu-compilers-hpc-1.4-3.14.3 gnu-compilers-hpc-devel-1.4-3.14.3 gnu-compilers-hpc-macros-devel-1.4-3.14.3 gnu10-compilers-hpc-1.4-3.14.3 gnu10-compilers-hpc-devel-1.4-3.14.3 gnu10-compilers-hpc-macros-devel-1.4-3.14.3 gnu11-compilers-hpc-1.4-3.14.2 gnu11-compilers-hpc-devel-1.4-3.14.2 gnu11-compilers-hpc-macros-devel-1.4-3.14.2 gnu9-compilers-hpc-1.4-3.14.3 gnu9-compilers-hpc-devel-1.4-3.14.3 gnu9-compilers-hpc-macros-devel-1.4-3.14.3 - SUSE Linux Enterprise Module for HPC 15-SP2 (noarch): gnu-compilers-hpc-1.4-3.14.3 gnu-compilers-hpc-devel-1.4-3.14.3 gnu-compilers-hpc-macros-devel-1.4-3.14.3 gnu10-compilers-hpc-1.4-3.14.3 gnu10-compilers-hpc-devel-1.4-3.14.3 gnu10-compilers-hpc-macros-devel-1.4-3.14.3 gnu11-compilers-hpc-1.4-3.14.2 gnu11-compilers-hpc-devel-1.4-3.14.2 gnu11-compilers-hpc-macros-devel-1.4-3.14.2 gnu9-compilers-hpc-1.4-3.14.3 gnu9-compilers-hpc-devel-1.4-3.14.3 gnu9-compilers-hpc-macros-devel-1.4-3.14.3 References: From sle-updates at lists.suse.com Thu Dec 23 14:31:20 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Dec 2021 15:31:20 +0100 (CET) Subject: SUSE-SU-2021:14869-1: Security update for htmldoc Message-ID: <20211223143120.BFFE6FC9F@maintenance.suse.de> SUSE Security Update: Security update for htmldoc ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14869-1 Rating: low References: #1192357 Cross-References: CVE-2021-40985 CVSS scores: CVE-2021-40985 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: Subscription Management Tool for SUSE Linux Enterprise 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for htmldoc fixes the following issues: - CVE-2021-40985: Fixed a buffer overflow that may have let to a DoS via a crafted BMP image (bsc#1192357). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - Subscription Management Tool for SUSE Linux Enterprise 11-SP3: zypper in -t patch slesmtsp3-htmldoc-14869=1 Package List: - Subscription Management Tool for SUSE Linux Enterprise 11-SP3 (i586 s390x x86_64): htmldoc-1.8.27-170.4.3.1 References: https://www.suse.com/security/cve/CVE-2021-40985.html https://bugzilla.suse.com/1192357 From sle-updates at lists.suse.com Thu Dec 23 14:32:32 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Dec 2021 15:32:32 +0100 (CET) Subject: SUSE-RU-2021:4176-1: Recommended update for release-notes-sles Message-ID: <20211223143232.4D5C2FC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4176-1 Rating: low References: #1143465 #933411 SLE-11596 SLE-12573 SLE-12830 SLE-22593 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that has two recommended fixes and contains four features can now be installed. Description: This update for release-notes-sles fixes the following issues: Update release notes to version 12.3.20211208 (bsc#933411) - Added note about unprivileged eBPF (jsc#SLE-22593) - Added note about virtual users in `vsftpd` (jsc#SLE-12573) - Added note about LibreOffice 6.4 (jsc#SLE-11596) - Added note about Salt 3000 update (jsc#SLE-12830) - Added note about new `kernel-firmware` package (bsc#1143465) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-4176=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-4176=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-4176=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-4176=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-4176=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-4176=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): release-notes-sles-12.3.20211208-2.27.1 - SUSE OpenStack Cloud 8 (noarch): release-notes-sles-12.3.20211208-2.27.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): release-notes-sles-12.3.20211208-2.27.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): release-notes-sles-12.3.20211208-2.27.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): release-notes-sles-12.3.20211208-2.27.1 - HPE Helion Openstack 8 (noarch): release-notes-sles-12.3.20211208-2.27.1 References: https://bugzilla.suse.com/1143465 https://bugzilla.suse.com/933411 From sle-updates at lists.suse.com Thu Dec 23 14:33:53 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Dec 2021 15:33:53 +0100 (CET) Subject: SUSE-RU-2021:4183-1: moderate: Recommended update for cpuset Message-ID: <20211223143353.1025BFC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for cpuset ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4183-1 Rating: moderate References: #1191418 Affected Products: SUSE MicroOS 5.1 SUSE Linux Enterprise Real Time Extension 12-SP5 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cpuset fixes the following issues: - Fix wrong parentheses in the code that lead to an unsupported operand error (bsc#1191418) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-4183=1 - SUSE Linux Enterprise Real Time Extension 12-SP5: zypper in -t patch SUSE-SLE-RT-12-SP5-2021-4183=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-4183=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-4183=1 Package List: - SUSE MicroOS 5.1 (noarch): cpuset-1.6-3.3.1 - SUSE Linux Enterprise Real Time Extension 12-SP5 (x86_64): cpuset-1.6-3.3.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): cpuset-1.6-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): cpuset-1.6-3.3.1 References: https://bugzilla.suse.com/1191418 From sle-updates at lists.suse.com Thu Dec 23 14:35:05 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Dec 2021 15:35:05 +0100 (CET) Subject: SUSE-SU-2021:4168-1: moderate: Security update for libvpx Message-ID: <20211223143505.CC800FC9F@maintenance.suse.de> SUSE Security Update: Security update for libvpx ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:4168-1 Rating: moderate References: #1166066 Cross-References: CVE-2020-0034 CVSS scores: CVE-2020-0034 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-0034 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libvpx fixes the following issues: - CVE-2020-0034: Fixed out-of-bounds read on truncated key frames (bsc#1166066) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2021-4168=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-4168=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-4168=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): libvpx-debugsource-1.3.0-3.9.1 libvpx1-32bit-1.3.0-3.9.1 libvpx1-debuginfo-32bit-1.3.0-3.9.1 vpx-tools-1.3.0-3.9.1 vpx-tools-debuginfo-1.3.0-3.9.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libvpx-debugsource-1.3.0-3.9.1 libvpx-devel-1.3.0-3.9.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libvpx-debugsource-1.3.0-3.9.1 libvpx1-1.3.0-3.9.1 libvpx1-debuginfo-1.3.0-3.9.1 References: https://www.suse.com/security/cve/CVE-2020-0034.html https://bugzilla.suse.com/1166066 From sle-updates at lists.suse.com Thu Dec 23 14:36:21 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Dec 2021 15:36:21 +0100 (CET) Subject: SUSE-RU-2021:4182-1: moderate: Recommended update for zlib Message-ID: <20211223143621.21D12FC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for zlib ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4182-1 Rating: moderate References: #1192688 Affected Products: SUSE MicroOS 5.1 SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for zlib fixes the following issues: - Fix hardware compression incorrect result on z15 hardware (bsc#1192688) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-4182=1 - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-4182=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-4182=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-4182=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-4182=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-4182=1 Package List: - SUSE MicroOS 5.1 (aarch64 s390x x86_64): libz1-1.2.11-3.24.1 libz1-debuginfo-1.2.11-3.24.1 zlib-debugsource-1.2.11-3.24.1 - SUSE MicroOS 5.0 (aarch64 x86_64): libz1-1.2.11-3.24.1 libz1-debuginfo-1.2.11-3.24.1 zlib-debugsource-1.2.11-3.24.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (x86_64): zlib-debugsource-1.2.11-3.24.1 zlib-devel-32bit-1.2.11-3.24.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (x86_64): zlib-debugsource-1.2.11-3.24.1 zlib-devel-32bit-1.2.11-3.24.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libminizip1-1.2.11-3.24.1 libminizip1-debuginfo-1.2.11-3.24.1 libz1-1.2.11-3.24.1 libz1-debuginfo-1.2.11-3.24.1 minizip-devel-1.2.11-3.24.1 zlib-debugsource-1.2.11-3.24.1 zlib-devel-1.2.11-3.24.1 zlib-devel-static-1.2.11-3.24.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libz1-32bit-1.2.11-3.24.1 libz1-32bit-debuginfo-1.2.11-3.24.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libminizip1-1.2.11-3.24.1 libminizip1-debuginfo-1.2.11-3.24.1 libz1-1.2.11-3.24.1 libz1-debuginfo-1.2.11-3.24.1 minizip-devel-1.2.11-3.24.1 zlib-debugsource-1.2.11-3.24.1 zlib-devel-1.2.11-3.24.1 zlib-devel-static-1.2.11-3.24.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libz1-32bit-1.2.11-3.24.1 libz1-32bit-debuginfo-1.2.11-3.24.1 References: https://bugzilla.suse.com/1192688 From sle-updates at lists.suse.com Thu Dec 23 14:40:01 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Dec 2021 15:40:01 +0100 (CET) Subject: SUSE-RU-2021:4180-1: moderate: Recommended update for corosync Message-ID: <20211223144001.A49B1FC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for corosync ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4180-1 Rating: moderate References: #1192467 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for corosync fixes the following issues: - Fix corosync not recognizing isolated nodes when interface is down (bsc#1192467) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2021-4180=1 Package List: - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): corosync-2.4.5-5.16.1 corosync-debuginfo-2.4.5-5.16.1 corosync-debugsource-2.4.5-5.16.1 corosync-qdevice-2.4.5-5.16.1 corosync-qdevice-debuginfo-2.4.5-5.16.1 corosync-qnetd-2.4.5-5.16.1 corosync-qnetd-debuginfo-2.4.5-5.16.1 corosync-testagents-2.4.5-5.16.1 corosync-testagents-debuginfo-2.4.5-5.16.1 libcfg6-2.4.5-5.16.1 libcfg6-debuginfo-2.4.5-5.16.1 libcmap4-2.4.5-5.16.1 libcmap4-debuginfo-2.4.5-5.16.1 libcorosync-devel-2.4.5-5.16.1 libcorosync_common4-2.4.5-5.16.1 libcorosync_common4-debuginfo-2.4.5-5.16.1 libcpg4-2.4.5-5.16.1 libcpg4-debuginfo-2.4.5-5.16.1 libquorum5-2.4.5-5.16.1 libquorum5-debuginfo-2.4.5-5.16.1 libsam4-2.4.5-5.16.1 libsam4-debuginfo-2.4.5-5.16.1 libtotem_pg5-2.4.5-5.16.1 libtotem_pg5-debuginfo-2.4.5-5.16.1 libvotequorum8-2.4.5-5.16.1 libvotequorum8-debuginfo-2.4.5-5.16.1 References: https://bugzilla.suse.com/1192467 From sle-updates at lists.suse.com Thu Dec 23 14:41:14 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Dec 2021 15:41:14 +0100 (CET) Subject: SUSE-SU-2021:14870-1: important: Security update for openssh-openssl1 Message-ID: <20211223144114.18331FC9F@maintenance.suse.de> SUSE Security Update: Security update for openssh-openssl1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14870-1 Rating: important References: #1190975 Cross-References: CVE-2021-41617 CVSS scores: CVE-2021-41617 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-41617 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 11-SECURITY ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssh-openssl1 fixes the following issues: - CVE-2021-41617: Fixed privilege escalation when AuthorizedKeysCommand/AuthorizedPrincipalsCommand are configured (bsc#1190975). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-openssh-openssl1-14870=1 Package List: - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): openssh-openssl1-6.6p1-19.12.1 openssh-openssl1-helpers-6.6p1-19.12.1 References: https://www.suse.com/security/cve/CVE-2021-41617.html https://bugzilla.suse.com/1190975 From sle-updates at lists.suse.com Thu Dec 23 14:43:37 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Dec 2021 15:43:37 +0100 (CET) Subject: SUSE-SU-2021:4169-1: moderate: Security update for go1.16 Message-ID: <20211223144337.EAA59FC9F@maintenance.suse.de> SUSE Security Update: Security update for go1.16 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:4169-1 Rating: moderate References: #1182345 #1193597 #1193598 Cross-References: CVE-2021-44716 CVE-2021-44717 Affected Products: SUSE Manager Server 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Proxy 4.1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Enterprise Storage 7 SUSE CaaS Platform 4.5 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for go1.16 fixes the following issues: Updated to upstream version 1.16.12 to include security fixes to the compiler, syscall, runtime, the net/http, net/http/httptest, and time packages (bsc#1182345) - CVE-2021-44717: syscall: don't close fd 0 on ForkExec error (bsc#1193598). - CVE-2021-44716: net/http: limit growth of header canonicalization cache (bsc#1193597). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2021-4169=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2021-4169=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2021-4169=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2021-4169=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2021-4169=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2021-4169=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-4169=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-4169=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2021-4169=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2021-4169=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2021-4169=1 - SUSE CaaS Platform 4.5: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): go1.16-1.16.12-1.37.2 go1.16-doc-1.16.12-1.37.2 - SUSE Manager Server 4.1 (x86_64): go1.16-race-1.16.12-1.37.2 - SUSE Manager Retail Branch Server 4.1 (x86_64): go1.16-1.16.12-1.37.2 go1.16-doc-1.16.12-1.37.2 go1.16-race-1.16.12-1.37.2 - SUSE Manager Proxy 4.1 (x86_64): go1.16-1.16.12-1.37.2 go1.16-doc-1.16.12-1.37.2 go1.16-race-1.16.12-1.37.2 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): go1.16-1.16.12-1.37.2 go1.16-doc-1.16.12-1.37.2 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): go1.16-race-1.16.12-1.37.2 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): go1.16-1.16.12-1.37.2 go1.16-doc-1.16.12-1.37.2 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 x86_64): go1.16-race-1.16.12-1.37.2 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): go1.16-1.16.12-1.37.2 go1.16-doc-1.16.12-1.37.2 go1.16-race-1.16.12-1.37.2 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): go1.16-1.16.12-1.37.2 go1.16-doc-1.16.12-1.37.2 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64): go1.16-race-1.16.12-1.37.2 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): go1.16-1.16.12-1.37.2 go1.16-doc-1.16.12-1.37.2 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 x86_64): go1.16-race-1.16.12-1.37.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): go1.16-1.16.12-1.37.2 go1.16-doc-1.16.12-1.37.2 go1.16-race-1.16.12-1.37.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): go1.16-1.16.12-1.37.2 go1.16-doc-1.16.12-1.37.2 go1.16-race-1.16.12-1.37.2 - SUSE Enterprise Storage 7 (aarch64 x86_64): go1.16-1.16.12-1.37.2 go1.16-doc-1.16.12-1.37.2 go1.16-race-1.16.12-1.37.2 - SUSE CaaS Platform 4.5 (aarch64 x86_64): go1.16-1.16.12-1.37.2 go1.16-doc-1.16.12-1.37.2 go1.16-race-1.16.12-1.37.2 References: https://www.suse.com/security/cve/CVE-2021-44716.html https://www.suse.com/security/cve/CVE-2021-44717.html https://bugzilla.suse.com/1182345 https://bugzilla.suse.com/1193597 https://bugzilla.suse.com/1193598 From sle-updates at lists.suse.com Thu Dec 23 14:45:07 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Dec 2021 15:45:07 +0100 (CET) Subject: SUSE-SU-2021:4171-1: moderate: Security update for runc Message-ID: <20211223144507.CA317FC9F@maintenance.suse.de> SUSE Security Update: Security update for runc ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:4171-1 Rating: moderate References: #1193436 Cross-References: CVE-2021-43784 CVSS scores: CVE-2021-43784 (NVD) : 6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L Affected Products: SUSE MicroOS 5.1 SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Containers 15-SP3 SUSE Linux Enterprise Module for Containers 15-SP2 SUSE Enterprise Storage 7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for runc fixes the following issues: Update to runc v1.0.3. * CVE-2021-43784: Fixed a potential vulnerability related to the internal usage of netlink, which is believed to not be exploitable with any released versions of runc (bsc#1193436) * Fixed inability to start a container with read-write bind mount of a read-only fuse host mount. * Fixed inability to start when read-only /dev in set in spec. * Fixed not removing sub-cgroups upon container delete, when rootless cgroup v2 is used with older systemd. * Fixed returning error from GetStats when hugetlb is unsupported (which causes excessive logging for kubernetes). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-4171=1 - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-4171=1 - SUSE Linux Enterprise Module for Containers 15-SP3: zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2021-4171=1 - SUSE Linux Enterprise Module for Containers 15-SP2: zypper in -t patch SUSE-SLE-Module-Containers-15-SP2-2021-4171=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2021-4171=1 Package List: - SUSE MicroOS 5.1 (aarch64 s390x x86_64): runc-1.0.3-27.1 runc-debuginfo-1.0.3-27.1 - SUSE MicroOS 5.0 (aarch64 x86_64): runc-1.0.3-27.1 runc-debuginfo-1.0.3-27.1 - SUSE Linux Enterprise Module for Containers 15-SP3 (aarch64 ppc64le s390x x86_64): runc-1.0.3-27.1 runc-debuginfo-1.0.3-27.1 - SUSE Linux Enterprise Module for Containers 15-SP2 (aarch64 ppc64le s390x x86_64): runc-1.0.3-27.1 runc-debuginfo-1.0.3-27.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): runc-1.0.3-27.1 runc-debuginfo-1.0.3-27.1 References: https://www.suse.com/security/cve/CVE-2021-43784.html https://bugzilla.suse.com/1193436 From sle-updates at lists.suse.com Thu Dec 23 14:49:48 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Dec 2021 15:49:48 +0100 (CET) Subject: SUSE-SU-2021:4170-1: moderate: Security update for libaom Message-ID: <20211223144948.5D46FFC9F@maintenance.suse.de> SUSE Security Update: Security update for libaom ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:4170-1 Rating: moderate References: #1193356 #1193365 #1193366 #1193369 Cross-References: CVE-2020-36129 CVE-2020-36130 CVE-2020-36131 CVE-2020-36135 CVSS scores: CVE-2020-36129 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-36130 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-36131 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-36135 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for libaom fixes the following issues: - CVE-2020-36129: Fixed stack buffer overflow via the component src/aom_image.c (bsc#1193356). - CVE-2020-36131: Fixed stack buffer overflow via the component stats/rate_hist.c (bsc#1193365). - CVE-2020-36135: Fixed NULL pointer dereference via the component rate_hist.c (bsc#1193366). - CVE-2020-36130: Fixed NULL pointer dereference via the component av1/av1_dx_iface.c (bsc#1193369). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-4170=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-4170=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libaom-debugsource-1.0.0-3.9.1 libaom0-1.0.0-3.9.1 libaom0-debuginfo-1.0.0-3.9.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): libaom-debugsource-1.0.0-3.9.1 libaom0-1.0.0-3.9.1 libaom0-debuginfo-1.0.0-3.9.1 References: https://www.suse.com/security/cve/CVE-2020-36129.html https://www.suse.com/security/cve/CVE-2020-36130.html https://www.suse.com/security/cve/CVE-2020-36131.html https://www.suse.com/security/cve/CVE-2020-36135.html https://bugzilla.suse.com/1193356 https://bugzilla.suse.com/1193365 https://bugzilla.suse.com/1193366 https://bugzilla.suse.com/1193369 From sle-updates at lists.suse.com Thu Dec 23 14:52:18 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Dec 2021 15:52:18 +0100 (CET) Subject: SUSE-FU-2021:4184-1: moderate: Feature update for tboot Message-ID: <20211223145218.0D73BFC9F@maintenance.suse.de> SUSE Feature Update: Feature update for tboot ______________________________________________________________________________ Announcement ID: SUSE-FU-2021:4184-1 Rating: moderate References: SLE-19516 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has 0 feature fixes and contains one feature can now be installed. Description: This feature update for tboot fixes the following issues: Update to upstream version 1.10.2 of tboot to sync with SLE-15-SP4 status (jsc#SLE-19516) - `acminfo` and `parse_err` now are called `txt-acminfo` and `txt-parse_err` - lcptools are deprecated (tpm 1.2, TrouSerS dependency) and are no longer packaged - tpmnv_* binaries are deprecated and no longer packaged - lcptools-v2: implement SM2 signing and SM2 signature verification and add pconf2 policy element support - Add SHA256, SHA384 and SHA512 support in `tb_polgen` - Add Doxygen documentation - Add SHA384 and SHA512 digest algorithms - Add support for 64bit framebuffer address - Add warning when using SHA1 as hashing algorithm - Default to D/A mapping instead of legacy when TPM1.2 and CBnT platform - Enable VGA logging for EFI platforms - Ensure `txt-acminfo` does not print false information if msr module is not loaded - Fix ACM chipset/processor list validation - Fix a harmless overflow caused by wrong loop limits - Fix issue with TPM1.2 - invalid default policy - Fix issue with multiboot(1) booting - infinite loop during boot - Fix warnings after "Avoid unsafe functions" scan - Print latest tag in logs - README is now README.md - Replace VMAC with Poly1305 - Strip executable file before generating tboot.gz - Update GRUB scripts to use multiboot2 only - Use SHA256 as default hashing algorithm - Validate TPM NV index attributes Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-4184=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-4184=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): tboot-20170711_1.10.2-15.12.1 tboot-debuginfo-20170711_1.10.2-15.12.1 tboot-debugsource-20170711_1.10.2-15.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): tboot-20170711_1.10.2-15.12.1 tboot-debuginfo-20170711_1.10.2-15.12.1 tboot-debugsource-20170711_1.10.2-15.12.1 References: From sle-updates at lists.suse.com Thu Dec 23 14:53:21 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Dec 2021 15:53:21 +0100 (CET) Subject: SUSE-RU-2021:4178-1: important: Recommended update for cpupower Message-ID: <20211223145321.5FBAEFC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for cpupower ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4178-1 Rating: important References: #1193557 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cpupower fixes the following issues: - Fix `turbostat` immediately exiting on AMD Zen machines (bsc#1193557) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-4178=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): cpupower-5.10-3.6.1 cpupower-debuginfo-5.10-3.6.1 cpupower-debugsource-5.10-3.6.1 cpupower-devel-5.10-3.6.1 libcpupower0-5.10-3.6.1 libcpupower0-debuginfo-5.10-3.6.1 References: https://bugzilla.suse.com/1193557 From sle-updates at lists.suse.com Thu Dec 23 14:54:39 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Dec 2021 15:54:39 +0100 (CET) Subject: SUSE-RU-2021:4173-1: important: Recommended update for samba Message-ID: <20211223145439.B9FE2FC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for samba ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4173-1 Rating: important References: #1192849 Affected Products: SUSE Manager Server 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Proxy 4.1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Availability 15-SP2 SUSE Enterprise Storage 7 SUSE CaaS Platform 4.5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for samba fixes the following issues: The username map advice from the CVE-2020-25717 advisory note has undesired side effects for the local nt token. Fallback to a SID/UID based mapping if the name based lookup fails (bsc#1192849). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2021-4173=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2021-4173=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2021-4173=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2021-4173=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2021-4173=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2021-4173=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2021-4173=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2021-4173=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-4173=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2021-4173=1 - SUSE CaaS Platform 4.5: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libdcerpc-binding0-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-binding0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-devel-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-samr-devel-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-samr0-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-samr0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc0-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-devel-4.11.14+git.313.d4e302805e1-4.32.1 libndr-krb5pac-devel-4.11.14+git.313.d4e302805e1-4.32.1 libndr-krb5pac0-4.11.14+git.313.d4e302805e1-4.32.1 libndr-krb5pac0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-nbt-devel-4.11.14+git.313.d4e302805e1-4.32.1 libndr-nbt0-4.11.14+git.313.d4e302805e1-4.32.1 libndr-nbt0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-standard-devel-4.11.14+git.313.d4e302805e1-4.32.1 libndr-standard0-4.11.14+git.313.d4e302805e1-4.32.1 libndr-standard0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr0-4.11.14+git.313.d4e302805e1-4.32.1 libndr0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libnetapi-devel-4.11.14+git.313.d4e302805e1-4.32.1 libnetapi0-4.11.14+git.313.d4e302805e1-4.32.1 libnetapi0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-credentials-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-credentials0-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-credentials0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-errors-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-errors0-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-errors0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-hostconfig-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-hostconfig0-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-hostconfig0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-passdb-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-passdb0-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-passdb0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-policy-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-policy-python3-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-policy0-python3-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-policy0-python3-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-util-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-util0-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-util0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamdb-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamdb0-4.11.14+git.313.d4e302805e1-4.32.1 libsamdb0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsmbclient-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsmbclient0-4.11.14+git.313.d4e302805e1-4.32.1 libsmbclient0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsmbconf-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsmbconf0-4.11.14+git.313.d4e302805e1-4.32.1 libsmbconf0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsmbldap-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsmbldap2-4.11.14+git.313.d4e302805e1-4.32.1 libsmbldap2-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libtevent-util-devel-4.11.14+git.313.d4e302805e1-4.32.1 libtevent-util0-4.11.14+git.313.d4e302805e1-4.32.1 libtevent-util0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libwbclient-devel-4.11.14+git.313.d4e302805e1-4.32.1 libwbclient0-4.11.14+git.313.d4e302805e1-4.32.1 libwbclient0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-4.11.14+git.313.d4e302805e1-4.32.1 samba-ad-dc-4.11.14+git.313.d4e302805e1-4.32.1 samba-ad-dc-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-client-4.11.14+git.313.d4e302805e1-4.32.1 samba-client-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-core-devel-4.11.14+git.313.d4e302805e1-4.32.1 samba-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-debugsource-4.11.14+git.313.d4e302805e1-4.32.1 samba-dsdb-modules-4.11.14+git.313.d4e302805e1-4.32.1 samba-dsdb-modules-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-python3-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-python3-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-python3-4.11.14+git.313.d4e302805e1-4.32.1 samba-python3-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-winbind-4.11.14+git.313.d4e302805e1-4.32.1 samba-winbind-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 - SUSE Manager Server 4.1 (x86_64): libdcerpc-binding0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-binding0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-krb5pac0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libndr-krb5pac0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-nbt0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libndr-nbt0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-standard0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libndr-standard0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libndr0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libnetapi0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libnetapi0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-credentials0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-credentials0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-errors0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-errors0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-hostconfig0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-hostconfig0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-passdb0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-passdb0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-util0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-util0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamdb0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamdb0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsmbconf0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsmbconf0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsmbldap2-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsmbldap2-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libtevent-util0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libtevent-util0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libwbclient0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libwbclient0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-ceph-4.11.14+git.313.d4e302805e1-4.32.1 samba-ceph-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-32bit-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-winbind-32bit-4.11.14+git.313.d4e302805e1-4.32.1 samba-winbind-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libdcerpc-binding0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-binding0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-binding0-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-binding0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-devel-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-samr-devel-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-samr0-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-samr0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc0-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-devel-4.11.14+git.313.d4e302805e1-4.32.1 libndr-krb5pac-devel-4.11.14+git.313.d4e302805e1-4.32.1 libndr-krb5pac0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libndr-krb5pac0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-krb5pac0-4.11.14+git.313.d4e302805e1-4.32.1 libndr-krb5pac0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-nbt-devel-4.11.14+git.313.d4e302805e1-4.32.1 libndr-nbt0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libndr-nbt0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-nbt0-4.11.14+git.313.d4e302805e1-4.32.1 libndr-nbt0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-standard-devel-4.11.14+git.313.d4e302805e1-4.32.1 libndr-standard0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libndr-standard0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-standard0-4.11.14+git.313.d4e302805e1-4.32.1 libndr-standard0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libndr0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr0-4.11.14+git.313.d4e302805e1-4.32.1 libndr0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libnetapi-devel-4.11.14+git.313.d4e302805e1-4.32.1 libnetapi0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libnetapi0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libnetapi0-4.11.14+git.313.d4e302805e1-4.32.1 libnetapi0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-credentials-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-credentials0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-credentials0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-credentials0-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-credentials0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-errors-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-errors0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-errors0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-errors0-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-errors0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-hostconfig-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-hostconfig0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-hostconfig0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-hostconfig0-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-hostconfig0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-passdb-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-passdb0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-passdb0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-passdb0-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-passdb0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-policy-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-policy-python3-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-policy0-python3-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-policy0-python3-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-util-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-util0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-util0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-util0-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-util0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamdb-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamdb0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamdb0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamdb0-4.11.14+git.313.d4e302805e1-4.32.1 libsamdb0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsmbclient-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsmbclient0-4.11.14+git.313.d4e302805e1-4.32.1 libsmbclient0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsmbconf-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsmbconf0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsmbconf0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsmbconf0-4.11.14+git.313.d4e302805e1-4.32.1 libsmbconf0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsmbldap-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsmbldap2-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsmbldap2-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsmbldap2-4.11.14+git.313.d4e302805e1-4.32.1 libsmbldap2-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libtevent-util-devel-4.11.14+git.313.d4e302805e1-4.32.1 libtevent-util0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libtevent-util0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libtevent-util0-4.11.14+git.313.d4e302805e1-4.32.1 libtevent-util0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libwbclient-devel-4.11.14+git.313.d4e302805e1-4.32.1 libwbclient0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libwbclient0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libwbclient0-4.11.14+git.313.d4e302805e1-4.32.1 libwbclient0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-4.11.14+git.313.d4e302805e1-4.32.1 samba-ad-dc-4.11.14+git.313.d4e302805e1-4.32.1 samba-ad-dc-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-ceph-4.11.14+git.313.d4e302805e1-4.32.1 samba-ceph-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-client-4.11.14+git.313.d4e302805e1-4.32.1 samba-client-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-core-devel-4.11.14+git.313.d4e302805e1-4.32.1 samba-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-debugsource-4.11.14+git.313.d4e302805e1-4.32.1 samba-dsdb-modules-4.11.14+git.313.d4e302805e1-4.32.1 samba-dsdb-modules-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-32bit-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-python3-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-python3-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-python3-4.11.14+git.313.d4e302805e1-4.32.1 samba-python3-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-winbind-32bit-4.11.14+git.313.d4e302805e1-4.32.1 samba-winbind-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-winbind-4.11.14+git.313.d4e302805e1-4.32.1 samba-winbind-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 - SUSE Manager Proxy 4.1 (x86_64): libdcerpc-binding0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-binding0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-binding0-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-binding0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-devel-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-samr-devel-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-samr0-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-samr0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc0-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-devel-4.11.14+git.313.d4e302805e1-4.32.1 libndr-krb5pac-devel-4.11.14+git.313.d4e302805e1-4.32.1 libndr-krb5pac0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libndr-krb5pac0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-krb5pac0-4.11.14+git.313.d4e302805e1-4.32.1 libndr-krb5pac0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-nbt-devel-4.11.14+git.313.d4e302805e1-4.32.1 libndr-nbt0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libndr-nbt0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-nbt0-4.11.14+git.313.d4e302805e1-4.32.1 libndr-nbt0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-standard-devel-4.11.14+git.313.d4e302805e1-4.32.1 libndr-standard0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libndr-standard0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-standard0-4.11.14+git.313.d4e302805e1-4.32.1 libndr-standard0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libndr0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr0-4.11.14+git.313.d4e302805e1-4.32.1 libndr0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libnetapi-devel-4.11.14+git.313.d4e302805e1-4.32.1 libnetapi0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libnetapi0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libnetapi0-4.11.14+git.313.d4e302805e1-4.32.1 libnetapi0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-credentials-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-credentials0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-credentials0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-credentials0-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-credentials0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-errors-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-errors0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-errors0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-errors0-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-errors0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-hostconfig-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-hostconfig0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-hostconfig0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-hostconfig0-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-hostconfig0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-passdb-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-passdb0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-passdb0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-passdb0-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-passdb0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-policy-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-policy-python3-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-policy0-python3-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-policy0-python3-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-util-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-util0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-util0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-util0-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-util0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamdb-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamdb0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamdb0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamdb0-4.11.14+git.313.d4e302805e1-4.32.1 libsamdb0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsmbclient-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsmbclient0-4.11.14+git.313.d4e302805e1-4.32.1 libsmbclient0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsmbconf-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsmbconf0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsmbconf0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsmbconf0-4.11.14+git.313.d4e302805e1-4.32.1 libsmbconf0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsmbldap-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsmbldap2-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsmbldap2-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsmbldap2-4.11.14+git.313.d4e302805e1-4.32.1 libsmbldap2-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libtevent-util-devel-4.11.14+git.313.d4e302805e1-4.32.1 libtevent-util0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libtevent-util0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libtevent-util0-4.11.14+git.313.d4e302805e1-4.32.1 libtevent-util0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libwbclient-devel-4.11.14+git.313.d4e302805e1-4.32.1 libwbclient0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libwbclient0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libwbclient0-4.11.14+git.313.d4e302805e1-4.32.1 libwbclient0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-4.11.14+git.313.d4e302805e1-4.32.1 samba-ad-dc-4.11.14+git.313.d4e302805e1-4.32.1 samba-ad-dc-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-ceph-4.11.14+git.313.d4e302805e1-4.32.1 samba-ceph-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-client-4.11.14+git.313.d4e302805e1-4.32.1 samba-client-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-core-devel-4.11.14+git.313.d4e302805e1-4.32.1 samba-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-debugsource-4.11.14+git.313.d4e302805e1-4.32.1 samba-dsdb-modules-4.11.14+git.313.d4e302805e1-4.32.1 samba-dsdb-modules-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-32bit-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-python3-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-python3-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-python3-4.11.14+git.313.d4e302805e1-4.32.1 samba-python3-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-winbind-32bit-4.11.14+git.313.d4e302805e1-4.32.1 samba-winbind-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-winbind-4.11.14+git.313.d4e302805e1-4.32.1 samba-winbind-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libdcerpc-binding0-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-binding0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-devel-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-samr-devel-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-samr0-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-samr0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc0-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-devel-4.11.14+git.313.d4e302805e1-4.32.1 libndr-krb5pac-devel-4.11.14+git.313.d4e302805e1-4.32.1 libndr-krb5pac0-4.11.14+git.313.d4e302805e1-4.32.1 libndr-krb5pac0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-nbt-devel-4.11.14+git.313.d4e302805e1-4.32.1 libndr-nbt0-4.11.14+git.313.d4e302805e1-4.32.1 libndr-nbt0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-standard-devel-4.11.14+git.313.d4e302805e1-4.32.1 libndr-standard0-4.11.14+git.313.d4e302805e1-4.32.1 libndr-standard0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr0-4.11.14+git.313.d4e302805e1-4.32.1 libndr0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libnetapi-devel-4.11.14+git.313.d4e302805e1-4.32.1 libnetapi0-4.11.14+git.313.d4e302805e1-4.32.1 libnetapi0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-credentials-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-credentials0-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-credentials0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-errors-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-errors0-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-errors0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-hostconfig-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-hostconfig0-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-hostconfig0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-passdb-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-passdb0-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-passdb0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-policy-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-policy-python3-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-policy0-python3-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-policy0-python3-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-util-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-util0-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-util0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamdb-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamdb0-4.11.14+git.313.d4e302805e1-4.32.1 libsamdb0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsmbclient-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsmbclient0-4.11.14+git.313.d4e302805e1-4.32.1 libsmbclient0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsmbconf-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsmbconf0-4.11.14+git.313.d4e302805e1-4.32.1 libsmbconf0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsmbldap-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsmbldap2-4.11.14+git.313.d4e302805e1-4.32.1 libsmbldap2-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libtevent-util-devel-4.11.14+git.313.d4e302805e1-4.32.1 libtevent-util0-4.11.14+git.313.d4e302805e1-4.32.1 libtevent-util0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libwbclient-devel-4.11.14+git.313.d4e302805e1-4.32.1 libwbclient0-4.11.14+git.313.d4e302805e1-4.32.1 libwbclient0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-4.11.14+git.313.d4e302805e1-4.32.1 samba-ad-dc-4.11.14+git.313.d4e302805e1-4.32.1 samba-ad-dc-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-client-4.11.14+git.313.d4e302805e1-4.32.1 samba-client-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-core-devel-4.11.14+git.313.d4e302805e1-4.32.1 samba-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-debugsource-4.11.14+git.313.d4e302805e1-4.32.1 samba-dsdb-modules-4.11.14+git.313.d4e302805e1-4.32.1 samba-dsdb-modules-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-python3-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-python3-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-python3-4.11.14+git.313.d4e302805e1-4.32.1 samba-python3-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-winbind-4.11.14+git.313.d4e302805e1-4.32.1 samba-winbind-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): libdcerpc-binding0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-binding0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-krb5pac0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libndr-krb5pac0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-nbt0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libndr-nbt0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-standard0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libndr-standard0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libndr0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libnetapi0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libnetapi0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-credentials0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-credentials0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-errors0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-errors0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-hostconfig0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-hostconfig0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-passdb0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-passdb0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-util0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-util0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamdb0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamdb0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsmbconf0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsmbconf0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsmbldap2-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsmbldap2-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libtevent-util0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libtevent-util0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libwbclient0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libwbclient0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-ceph-4.11.14+git.313.d4e302805e1-4.32.1 samba-ceph-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-32bit-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-winbind-32bit-4.11.14+git.313.d4e302805e1-4.32.1 samba-winbind-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-binding0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-devel-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-samr-devel-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-samr0-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-samr0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc0-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-devel-4.11.14+git.313.d4e302805e1-4.32.1 libndr-krb5pac-devel-4.11.14+git.313.d4e302805e1-4.32.1 libndr-krb5pac0-4.11.14+git.313.d4e302805e1-4.32.1 libndr-krb5pac0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-nbt-devel-4.11.14+git.313.d4e302805e1-4.32.1 libndr-nbt0-4.11.14+git.313.d4e302805e1-4.32.1 libndr-nbt0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-standard-devel-4.11.14+git.313.d4e302805e1-4.32.1 libndr-standard0-4.11.14+git.313.d4e302805e1-4.32.1 libndr-standard0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr0-4.11.14+git.313.d4e302805e1-4.32.1 libndr0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libnetapi-devel-4.11.14+git.313.d4e302805e1-4.32.1 libnetapi0-4.11.14+git.313.d4e302805e1-4.32.1 libnetapi0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-credentials-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-credentials0-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-credentials0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-errors-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-errors0-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-errors0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-hostconfig-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-hostconfig0-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-hostconfig0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-passdb-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-passdb0-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-passdb0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-policy-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-policy-python3-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-policy0-python3-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-policy0-python3-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-util-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-util0-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-util0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamdb-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamdb0-4.11.14+git.313.d4e302805e1-4.32.1 libsamdb0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsmbclient-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsmbclient0-4.11.14+git.313.d4e302805e1-4.32.1 libsmbclient0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsmbconf-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsmbconf0-4.11.14+git.313.d4e302805e1-4.32.1 libsmbconf0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsmbldap-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsmbldap2-4.11.14+git.313.d4e302805e1-4.32.1 libsmbldap2-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libtevent-util-devel-4.11.14+git.313.d4e302805e1-4.32.1 libtevent-util0-4.11.14+git.313.d4e302805e1-4.32.1 libtevent-util0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libwbclient-devel-4.11.14+git.313.d4e302805e1-4.32.1 libwbclient0-4.11.14+git.313.d4e302805e1-4.32.1 libwbclient0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-4.11.14+git.313.d4e302805e1-4.32.1 samba-ad-dc-4.11.14+git.313.d4e302805e1-4.32.1 samba-ad-dc-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-client-4.11.14+git.313.d4e302805e1-4.32.1 samba-client-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-core-devel-4.11.14+git.313.d4e302805e1-4.32.1 samba-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-debugsource-4.11.14+git.313.d4e302805e1-4.32.1 samba-dsdb-modules-4.11.14+git.313.d4e302805e1-4.32.1 samba-dsdb-modules-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-python3-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-python3-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-python3-4.11.14+git.313.d4e302805e1-4.32.1 samba-python3-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-winbind-4.11.14+git.313.d4e302805e1-4.32.1 samba-winbind-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 x86_64): samba-ceph-4.11.14+git.313.d4e302805e1-4.32.1 samba-ceph-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): libdcerpc-binding0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-binding0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-krb5pac0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libndr-krb5pac0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-nbt0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libndr-nbt0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-standard0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libndr-standard0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libndr0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libnetapi0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libnetapi0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-credentials0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-credentials0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-errors0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-errors0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-hostconfig0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-hostconfig0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-passdb0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-passdb0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-util0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-util0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamdb0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamdb0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsmbconf0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsmbconf0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsmbldap2-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsmbldap2-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libtevent-util0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libtevent-util0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libwbclient0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libwbclient0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-32bit-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-winbind-32bit-4.11.14+git.313.d4e302805e1-4.32.1 samba-winbind-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libdcerpc-binding0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-binding0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-binding0-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-binding0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-devel-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-samr-devel-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-samr0-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-samr0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc0-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-devel-4.11.14+git.313.d4e302805e1-4.32.1 libndr-krb5pac-devel-4.11.14+git.313.d4e302805e1-4.32.1 libndr-krb5pac0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libndr-krb5pac0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-krb5pac0-4.11.14+git.313.d4e302805e1-4.32.1 libndr-krb5pac0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-nbt-devel-4.11.14+git.313.d4e302805e1-4.32.1 libndr-nbt0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libndr-nbt0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-nbt0-4.11.14+git.313.d4e302805e1-4.32.1 libndr-nbt0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-standard-devel-4.11.14+git.313.d4e302805e1-4.32.1 libndr-standard0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libndr-standard0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-standard0-4.11.14+git.313.d4e302805e1-4.32.1 libndr-standard0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libndr0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr0-4.11.14+git.313.d4e302805e1-4.32.1 libndr0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libnetapi-devel-4.11.14+git.313.d4e302805e1-4.32.1 libnetapi0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libnetapi0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libnetapi0-4.11.14+git.313.d4e302805e1-4.32.1 libnetapi0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-credentials-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-credentials0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-credentials0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-credentials0-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-credentials0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-errors-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-errors0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-errors0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-errors0-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-errors0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-hostconfig-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-hostconfig0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-hostconfig0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-hostconfig0-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-hostconfig0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-passdb-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-passdb0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-passdb0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-passdb0-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-passdb0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-policy-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-policy-python3-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-policy0-python3-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-policy0-python3-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-util-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-util0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-util0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-util0-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-util0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamdb-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamdb0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamdb0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamdb0-4.11.14+git.313.d4e302805e1-4.32.1 libsamdb0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsmbclient-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsmbclient0-4.11.14+git.313.d4e302805e1-4.32.1 libsmbclient0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsmbconf-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsmbconf0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsmbconf0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsmbconf0-4.11.14+git.313.d4e302805e1-4.32.1 libsmbconf0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsmbldap-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsmbldap2-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsmbldap2-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsmbldap2-4.11.14+git.313.d4e302805e1-4.32.1 libsmbldap2-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libtevent-util-devel-4.11.14+git.313.d4e302805e1-4.32.1 libtevent-util0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libtevent-util0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libtevent-util0-4.11.14+git.313.d4e302805e1-4.32.1 libtevent-util0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libwbclient-devel-4.11.14+git.313.d4e302805e1-4.32.1 libwbclient0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libwbclient0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libwbclient0-4.11.14+git.313.d4e302805e1-4.32.1 libwbclient0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-4.11.14+git.313.d4e302805e1-4.32.1 samba-ceph-4.11.14+git.313.d4e302805e1-4.32.1 samba-ceph-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-client-4.11.14+git.313.d4e302805e1-4.32.1 samba-client-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-core-devel-4.11.14+git.313.d4e302805e1-4.32.1 samba-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-debugsource-4.11.14+git.313.d4e302805e1-4.32.1 samba-dsdb-modules-4.11.14+git.313.d4e302805e1-4.32.1 samba-dsdb-modules-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-32bit-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-python3-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-python3-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-python3-4.11.14+git.313.d4e302805e1-4.32.1 samba-python3-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-winbind-32bit-4.11.14+git.313.d4e302805e1-4.32.1 samba-winbind-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-winbind-4.11.14+git.313.d4e302805e1-4.32.1 samba-winbind-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libdcerpc-binding0-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-binding0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-devel-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-samr-devel-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-samr0-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-samr0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc0-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-devel-4.11.14+git.313.d4e302805e1-4.32.1 libndr-krb5pac-devel-4.11.14+git.313.d4e302805e1-4.32.1 libndr-krb5pac0-4.11.14+git.313.d4e302805e1-4.32.1 libndr-krb5pac0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-nbt-devel-4.11.14+git.313.d4e302805e1-4.32.1 libndr-nbt0-4.11.14+git.313.d4e302805e1-4.32.1 libndr-nbt0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-standard-devel-4.11.14+git.313.d4e302805e1-4.32.1 libndr-standard0-4.11.14+git.313.d4e302805e1-4.32.1 libndr-standard0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr0-4.11.14+git.313.d4e302805e1-4.32.1 libndr0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libnetapi-devel-4.11.14+git.313.d4e302805e1-4.32.1 libnetapi0-4.11.14+git.313.d4e302805e1-4.32.1 libnetapi0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-credentials-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-credentials0-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-credentials0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-errors-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-errors0-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-errors0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-hostconfig-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-hostconfig0-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-hostconfig0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-passdb-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-passdb0-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-passdb0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-policy-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-policy-python3-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-policy0-python3-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-policy0-python3-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-util-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-util0-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-util0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamdb-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamdb0-4.11.14+git.313.d4e302805e1-4.32.1 libsamdb0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsmbclient-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsmbclient0-4.11.14+git.313.d4e302805e1-4.32.1 libsmbclient0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsmbconf-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsmbconf0-4.11.14+git.313.d4e302805e1-4.32.1 libsmbconf0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsmbldap-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsmbldap2-4.11.14+git.313.d4e302805e1-4.32.1 libsmbldap2-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libtevent-util-devel-4.11.14+git.313.d4e302805e1-4.32.1 libtevent-util0-4.11.14+git.313.d4e302805e1-4.32.1 libtevent-util0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libwbclient-devel-4.11.14+git.313.d4e302805e1-4.32.1 libwbclient0-4.11.14+git.313.d4e302805e1-4.32.1 libwbclient0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-4.11.14+git.313.d4e302805e1-4.32.1 samba-ad-dc-4.11.14+git.313.d4e302805e1-4.32.1 samba-ad-dc-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-ceph-4.11.14+git.313.d4e302805e1-4.32.1 samba-ceph-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-client-4.11.14+git.313.d4e302805e1-4.32.1 samba-client-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-core-devel-4.11.14+git.313.d4e302805e1-4.32.1 samba-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-debugsource-4.11.14+git.313.d4e302805e1-4.32.1 samba-dsdb-modules-4.11.14+git.313.d4e302805e1-4.32.1 samba-dsdb-modules-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-python3-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-python3-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-python3-4.11.14+git.313.d4e302805e1-4.32.1 samba-python3-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-winbind-4.11.14+git.313.d4e302805e1-4.32.1 samba-winbind-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): libdcerpc-binding0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-binding0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-krb5pac0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libndr-krb5pac0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-nbt0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libndr-nbt0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-standard0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libndr-standard0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libndr0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libnetapi0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libnetapi0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-credentials0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-credentials0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-errors0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-errors0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-hostconfig0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-hostconfig0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-passdb0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-passdb0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-util0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-util0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamdb0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamdb0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsmbconf0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsmbconf0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsmbldap2-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsmbldap2-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libtevent-util0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libtevent-util0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libwbclient0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libwbclient0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-32bit-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-winbind-32bit-4.11.14+git.313.d4e302805e1-4.32.1 samba-winbind-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libdcerpc-binding0-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-binding0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-devel-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-samr-devel-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-samr0-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-samr0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc0-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-devel-4.11.14+git.313.d4e302805e1-4.32.1 libndr-krb5pac-devel-4.11.14+git.313.d4e302805e1-4.32.1 libndr-krb5pac0-4.11.14+git.313.d4e302805e1-4.32.1 libndr-krb5pac0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-nbt-devel-4.11.14+git.313.d4e302805e1-4.32.1 libndr-nbt0-4.11.14+git.313.d4e302805e1-4.32.1 libndr-nbt0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-standard-devel-4.11.14+git.313.d4e302805e1-4.32.1 libndr-standard0-4.11.14+git.313.d4e302805e1-4.32.1 libndr-standard0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr0-4.11.14+git.313.d4e302805e1-4.32.1 libndr0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libnetapi-devel-4.11.14+git.313.d4e302805e1-4.32.1 libnetapi0-4.11.14+git.313.d4e302805e1-4.32.1 libnetapi0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-credentials-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-credentials0-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-credentials0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-errors-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-errors0-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-errors0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-hostconfig-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-hostconfig0-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-hostconfig0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-passdb-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-passdb0-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-passdb0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-policy-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-policy-python3-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-policy0-python3-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-policy0-python3-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-util-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-util0-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-util0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamdb-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamdb0-4.11.14+git.313.d4e302805e1-4.32.1 libsamdb0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsmbclient-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsmbclient0-4.11.14+git.313.d4e302805e1-4.32.1 libsmbclient0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsmbconf-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsmbconf0-4.11.14+git.313.d4e302805e1-4.32.1 libsmbconf0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsmbldap-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsmbldap2-4.11.14+git.313.d4e302805e1-4.32.1 libsmbldap2-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libtevent-util-devel-4.11.14+git.313.d4e302805e1-4.32.1 libtevent-util0-4.11.14+git.313.d4e302805e1-4.32.1 libtevent-util0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libwbclient-devel-4.11.14+git.313.d4e302805e1-4.32.1 libwbclient0-4.11.14+git.313.d4e302805e1-4.32.1 libwbclient0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-4.11.14+git.313.d4e302805e1-4.32.1 samba-ad-dc-4.11.14+git.313.d4e302805e1-4.32.1 samba-ad-dc-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-ceph-4.11.14+git.313.d4e302805e1-4.32.1 samba-ceph-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-client-4.11.14+git.313.d4e302805e1-4.32.1 samba-client-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-core-devel-4.11.14+git.313.d4e302805e1-4.32.1 samba-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-debugsource-4.11.14+git.313.d4e302805e1-4.32.1 samba-dsdb-modules-4.11.14+git.313.d4e302805e1-4.32.1 samba-dsdb-modules-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-python3-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-python3-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-python3-4.11.14+git.313.d4e302805e1-4.32.1 samba-python3-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-winbind-4.11.14+git.313.d4e302805e1-4.32.1 samba-winbind-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): libdcerpc-binding0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-binding0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-krb5pac0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libndr-krb5pac0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-nbt0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libndr-nbt0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-standard0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libndr-standard0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libndr0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libnetapi0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libnetapi0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-credentials0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-credentials0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-errors0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-errors0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-hostconfig0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-hostconfig0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-passdb0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-passdb0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-util0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-util0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamdb0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamdb0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsmbconf0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsmbconf0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsmbldap2-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsmbldap2-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libtevent-util0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libtevent-util0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libwbclient0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libwbclient0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-32bit-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-winbind-32bit-4.11.14+git.313.d4e302805e1-4.32.1 samba-winbind-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): ctdb-4.11.14+git.313.d4e302805e1-4.32.1 ctdb-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-debugsource-4.11.14+git.313.d4e302805e1-4.32.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libdcerpc-binding0-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-binding0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-devel-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-samr-devel-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-samr0-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-samr0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc0-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-devel-4.11.14+git.313.d4e302805e1-4.32.1 libndr-krb5pac-devel-4.11.14+git.313.d4e302805e1-4.32.1 libndr-krb5pac0-4.11.14+git.313.d4e302805e1-4.32.1 libndr-krb5pac0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-nbt-devel-4.11.14+git.313.d4e302805e1-4.32.1 libndr-nbt0-4.11.14+git.313.d4e302805e1-4.32.1 libndr-nbt0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-standard-devel-4.11.14+git.313.d4e302805e1-4.32.1 libndr-standard0-4.11.14+git.313.d4e302805e1-4.32.1 libndr-standard0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr0-4.11.14+git.313.d4e302805e1-4.32.1 libndr0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libnetapi-devel-4.11.14+git.313.d4e302805e1-4.32.1 libnetapi0-4.11.14+git.313.d4e302805e1-4.32.1 libnetapi0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-credentials-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-credentials0-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-credentials0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-errors-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-errors0-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-errors0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-hostconfig-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-hostconfig0-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-hostconfig0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-passdb-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-passdb0-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-passdb0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-policy-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-policy-python3-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-policy0-python3-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-policy0-python3-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-util-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-util0-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-util0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamdb-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamdb0-4.11.14+git.313.d4e302805e1-4.32.1 libsamdb0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsmbclient-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsmbclient0-4.11.14+git.313.d4e302805e1-4.32.1 libsmbclient0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsmbconf-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsmbconf0-4.11.14+git.313.d4e302805e1-4.32.1 libsmbconf0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsmbldap-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsmbldap2-4.11.14+git.313.d4e302805e1-4.32.1 libsmbldap2-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libtevent-util-devel-4.11.14+git.313.d4e302805e1-4.32.1 libtevent-util0-4.11.14+git.313.d4e302805e1-4.32.1 libtevent-util0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libwbclient-devel-4.11.14+git.313.d4e302805e1-4.32.1 libwbclient0-4.11.14+git.313.d4e302805e1-4.32.1 libwbclient0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-4.11.14+git.313.d4e302805e1-4.32.1 samba-ad-dc-4.11.14+git.313.d4e302805e1-4.32.1 samba-ad-dc-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-ceph-4.11.14+git.313.d4e302805e1-4.32.1 samba-ceph-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-client-4.11.14+git.313.d4e302805e1-4.32.1 samba-client-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-core-devel-4.11.14+git.313.d4e302805e1-4.32.1 samba-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-debugsource-4.11.14+git.313.d4e302805e1-4.32.1 samba-dsdb-modules-4.11.14+git.313.d4e302805e1-4.32.1 samba-dsdb-modules-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-python3-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-python3-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-python3-4.11.14+git.313.d4e302805e1-4.32.1 samba-python3-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-winbind-4.11.14+git.313.d4e302805e1-4.32.1 samba-winbind-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 - SUSE Enterprise Storage 7 (x86_64): libdcerpc-binding0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-binding0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-krb5pac0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libndr-krb5pac0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-nbt0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libndr-nbt0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-standard0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libndr-standard0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libndr0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libnetapi0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libnetapi0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-credentials0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-credentials0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-errors0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-errors0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-hostconfig0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-hostconfig0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-passdb0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-passdb0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-util0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-util0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamdb0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamdb0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsmbconf0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsmbconf0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsmbldap2-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsmbldap2-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libtevent-util0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libtevent-util0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libwbclient0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libwbclient0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-32bit-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-winbind-32bit-4.11.14+git.313.d4e302805e1-4.32.1 samba-winbind-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 - SUSE CaaS Platform 4.5 (aarch64 x86_64): libdcerpc-binding0-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-binding0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-devel-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-samr-devel-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-samr0-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-samr0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc0-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-devel-4.11.14+git.313.d4e302805e1-4.32.1 libndr-krb5pac-devel-4.11.14+git.313.d4e302805e1-4.32.1 libndr-krb5pac0-4.11.14+git.313.d4e302805e1-4.32.1 libndr-krb5pac0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-nbt-devel-4.11.14+git.313.d4e302805e1-4.32.1 libndr-nbt0-4.11.14+git.313.d4e302805e1-4.32.1 libndr-nbt0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-standard-devel-4.11.14+git.313.d4e302805e1-4.32.1 libndr-standard0-4.11.14+git.313.d4e302805e1-4.32.1 libndr-standard0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr0-4.11.14+git.313.d4e302805e1-4.32.1 libndr0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libnetapi-devel-4.11.14+git.313.d4e302805e1-4.32.1 libnetapi0-4.11.14+git.313.d4e302805e1-4.32.1 libnetapi0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-credentials-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-credentials0-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-credentials0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-errors-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-errors0-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-errors0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-hostconfig-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-hostconfig0-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-hostconfig0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-passdb-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-passdb0-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-passdb0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-policy-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-policy-python3-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-policy0-python3-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-policy0-python3-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-util-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-util0-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-util0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamdb-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamdb0-4.11.14+git.313.d4e302805e1-4.32.1 libsamdb0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsmbclient-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsmbclient0-4.11.14+git.313.d4e302805e1-4.32.1 libsmbclient0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsmbconf-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsmbconf0-4.11.14+git.313.d4e302805e1-4.32.1 libsmbconf0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsmbldap-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsmbldap2-4.11.14+git.313.d4e302805e1-4.32.1 libsmbldap2-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libtevent-util-devel-4.11.14+git.313.d4e302805e1-4.32.1 libtevent-util0-4.11.14+git.313.d4e302805e1-4.32.1 libtevent-util0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libwbclient-devel-4.11.14+git.313.d4e302805e1-4.32.1 libwbclient0-4.11.14+git.313.d4e302805e1-4.32.1 libwbclient0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-4.11.14+git.313.d4e302805e1-4.32.1 samba-ad-dc-4.11.14+git.313.d4e302805e1-4.32.1 samba-ad-dc-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-ceph-4.11.14+git.313.d4e302805e1-4.32.1 samba-ceph-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-client-4.11.14+git.313.d4e302805e1-4.32.1 samba-client-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-core-devel-4.11.14+git.313.d4e302805e1-4.32.1 samba-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-debugsource-4.11.14+git.313.d4e302805e1-4.32.1 samba-dsdb-modules-4.11.14+git.313.d4e302805e1-4.32.1 samba-dsdb-modules-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-python3-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-python3-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-python3-4.11.14+git.313.d4e302805e1-4.32.1 samba-python3-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-winbind-4.11.14+git.313.d4e302805e1-4.32.1 samba-winbind-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 - SUSE CaaS Platform 4.5 (x86_64): libdcerpc-binding0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-binding0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-krb5pac0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libndr-krb5pac0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-nbt0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libndr-nbt0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-standard0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libndr-standard0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libndr0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libnetapi0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libnetapi0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-credentials0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-credentials0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-errors0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-errors0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-hostconfig0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-hostconfig0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-passdb0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-passdb0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-util0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-util0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamdb0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamdb0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsmbconf0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsmbconf0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsmbldap2-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsmbldap2-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libtevent-util0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libtevent-util0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libwbclient0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libwbclient0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-32bit-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-winbind-32bit-4.11.14+git.313.d4e302805e1-4.32.1 samba-winbind-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 References: https://www.suse.com/security/cve/CVE-2020-25717.html https://bugzilla.suse.com/1192849 From sle-updates at lists.suse.com Thu Dec 23 14:56:00 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Dec 2021 15:56:00 +0100 (CET) Subject: SUSE-SU-2021:4015-2: moderate: Security update for python3 Message-ID: <20211223145600.4458CFC9F@maintenance.suse.de> SUSE Security Update: Security update for python3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:4015-2 Rating: moderate References: #1180125 #1183374 #1183858 #1185588 #1187338 #1187668 #1189241 #1189287 Cross-References: CVE-2021-3426 CVE-2021-3733 CVE-2021-3737 CVSS scores: CVE-2021-3426 (NVD) : 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-3426 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-3733 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-3737 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that solves three vulnerabilities and has 5 fixes is now available. Description: This update for python3 fixes the following issues: - CVE-2021-3737: Fixed http client infinite line reading (DoS) after a http 100. (bsc#1189241) - CVE-2021-3733: Fixed ReDoS in urllib.request. (bsc#1189287) - CVE-2021-3426: Fixed an information disclosure via pydoc. (bsc#1183374) - Rebuild to get new headers, avoid building in support for stropts.h (bsc#1187338). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-4015=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-4015=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-4015=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-4015=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-4015=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-4015=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-4015=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-4015=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-4015=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-4015=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libpython3_6m1_0-3.6.15-3.91.3 libpython3_6m1_0-debuginfo-3.6.15-3.91.3 python3-3.6.15-3.91.4 python3-base-3.6.15-3.91.3 python3-curses-3.6.15-3.91.4 python3-curses-debuginfo-3.6.15-3.91.4 python3-dbm-3.6.15-3.91.4 python3-dbm-debuginfo-3.6.15-3.91.4 python3-debuginfo-3.6.15-3.91.4 python3-debugsource-3.6.15-3.91.4 python3-devel-3.6.15-3.91.3 python3-devel-debuginfo-3.6.15-3.91.3 python3-idle-3.6.15-3.91.4 python3-testsuite-3.6.15-3.91.3 python3-tk-3.6.15-3.91.4 python3-tk-debuginfo-3.6.15-3.91.4 python3-tools-3.6.15-3.91.3 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libpython3_6m1_0-3.6.15-3.91.3 libpython3_6m1_0-debuginfo-3.6.15-3.91.3 python3-3.6.15-3.91.4 python3-base-3.6.15-3.91.3 python3-curses-3.6.15-3.91.4 python3-curses-debuginfo-3.6.15-3.91.4 python3-dbm-3.6.15-3.91.4 python3-dbm-debuginfo-3.6.15-3.91.4 python3-debuginfo-3.6.15-3.91.4 python3-debugsource-3.6.15-3.91.4 python3-devel-3.6.15-3.91.3 python3-devel-debuginfo-3.6.15-3.91.3 python3-idle-3.6.15-3.91.4 python3-tk-3.6.15-3.91.4 python3-tk-debuginfo-3.6.15-3.91.4 python3-tools-3.6.15-3.91.3 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.15-3.91.3 libpython3_6m1_0-debuginfo-3.6.15-3.91.3 python3-3.6.15-3.91.4 python3-base-3.6.15-3.91.3 python3-curses-3.6.15-3.91.4 python3-curses-debuginfo-3.6.15-3.91.4 python3-dbm-3.6.15-3.91.4 python3-dbm-debuginfo-3.6.15-3.91.4 python3-debuginfo-3.6.15-3.91.4 python3-debugsource-3.6.15-3.91.4 python3-devel-3.6.15-3.91.3 python3-devel-debuginfo-3.6.15-3.91.3 python3-idle-3.6.15-3.91.4 python3-testsuite-3.6.15-3.91.3 python3-tk-3.6.15-3.91.4 python3-tk-debuginfo-3.6.15-3.91.4 python3-tools-3.6.15-3.91.3 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libpython3_6m1_0-3.6.15-3.91.3 libpython3_6m1_0-debuginfo-3.6.15-3.91.3 python3-3.6.15-3.91.4 python3-base-3.6.15-3.91.3 python3-curses-3.6.15-3.91.4 python3-curses-debuginfo-3.6.15-3.91.4 python3-dbm-3.6.15-3.91.4 python3-dbm-debuginfo-3.6.15-3.91.4 python3-debuginfo-3.6.15-3.91.4 python3-debugsource-3.6.15-3.91.4 python3-devel-3.6.15-3.91.3 python3-devel-debuginfo-3.6.15-3.91.3 python3-idle-3.6.15-3.91.4 python3-testsuite-3.6.15-3.91.3 python3-tk-3.6.15-3.91.4 python3-tk-debuginfo-3.6.15-3.91.4 python3-tools-3.6.15-3.91.3 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libpython3_6m1_0-3.6.15-3.91.3 libpython3_6m1_0-debuginfo-3.6.15-3.91.3 python3-3.6.15-3.91.4 python3-base-3.6.15-3.91.3 python3-curses-3.6.15-3.91.4 python3-curses-debuginfo-3.6.15-3.91.4 python3-dbm-3.6.15-3.91.4 python3-dbm-debuginfo-3.6.15-3.91.4 python3-debuginfo-3.6.15-3.91.4 python3-debugsource-3.6.15-3.91.4 python3-devel-3.6.15-3.91.3 python3-devel-debuginfo-3.6.15-3.91.3 python3-idle-3.6.15-3.91.4 python3-tk-3.6.15-3.91.4 python3-tk-debuginfo-3.6.15-3.91.4 python3-tools-3.6.15-3.91.3 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libpython3_6m1_0-3.6.15-3.91.3 libpython3_6m1_0-debuginfo-3.6.15-3.91.3 python3-3.6.15-3.91.4 python3-base-3.6.15-3.91.3 python3-curses-3.6.15-3.91.4 python3-curses-debuginfo-3.6.15-3.91.4 python3-dbm-3.6.15-3.91.4 python3-dbm-debuginfo-3.6.15-3.91.4 python3-debuginfo-3.6.15-3.91.4 python3-debugsource-3.6.15-3.91.4 python3-devel-3.6.15-3.91.3 python3-devel-debuginfo-3.6.15-3.91.3 python3-idle-3.6.15-3.91.4 python3-testsuite-3.6.15-3.91.3 python3-tk-3.6.15-3.91.4 python3-tk-debuginfo-3.6.15-3.91.4 python3-tools-3.6.15-3.91.3 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libpython3_6m1_0-3.6.15-3.91.3 libpython3_6m1_0-debuginfo-3.6.15-3.91.3 python3-3.6.15-3.91.4 python3-base-3.6.15-3.91.3 python3-curses-3.6.15-3.91.4 python3-curses-debuginfo-3.6.15-3.91.4 python3-dbm-3.6.15-3.91.4 python3-dbm-debuginfo-3.6.15-3.91.4 python3-debuginfo-3.6.15-3.91.4 python3-debugsource-3.6.15-3.91.4 python3-devel-3.6.15-3.91.3 python3-devel-debuginfo-3.6.15-3.91.3 python3-idle-3.6.15-3.91.4 python3-testsuite-3.6.15-3.91.3 python3-tk-3.6.15-3.91.4 python3-tk-debuginfo-3.6.15-3.91.4 python3-tools-3.6.15-3.91.3 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libpython3_6m1_0-3.6.15-3.91.3 libpython3_6m1_0-debuginfo-3.6.15-3.91.3 python3-3.6.15-3.91.4 python3-base-3.6.15-3.91.3 python3-curses-3.6.15-3.91.4 python3-curses-debuginfo-3.6.15-3.91.4 python3-dbm-3.6.15-3.91.4 python3-dbm-debuginfo-3.6.15-3.91.4 python3-debuginfo-3.6.15-3.91.4 python3-debugsource-3.6.15-3.91.4 python3-devel-3.6.15-3.91.3 python3-devel-debuginfo-3.6.15-3.91.3 python3-idle-3.6.15-3.91.4 python3-tk-3.6.15-3.91.4 python3-tk-debuginfo-3.6.15-3.91.4 python3-tools-3.6.15-3.91.3 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libpython3_6m1_0-3.6.15-3.91.3 libpython3_6m1_0-debuginfo-3.6.15-3.91.3 python3-3.6.15-3.91.4 python3-base-3.6.15-3.91.3 python3-curses-3.6.15-3.91.4 python3-curses-debuginfo-3.6.15-3.91.4 python3-dbm-3.6.15-3.91.4 python3-dbm-debuginfo-3.6.15-3.91.4 python3-debuginfo-3.6.15-3.91.4 python3-debugsource-3.6.15-3.91.4 python3-devel-3.6.15-3.91.3 python3-devel-debuginfo-3.6.15-3.91.3 python3-idle-3.6.15-3.91.4 python3-tk-3.6.15-3.91.4 python3-tk-debuginfo-3.6.15-3.91.4 python3-tools-3.6.15-3.91.3 - SUSE Enterprise Storage 6 (aarch64 x86_64): libpython3_6m1_0-3.6.15-3.91.3 libpython3_6m1_0-debuginfo-3.6.15-3.91.3 python3-3.6.15-3.91.4 python3-base-3.6.15-3.91.3 python3-curses-3.6.15-3.91.4 python3-curses-debuginfo-3.6.15-3.91.4 python3-dbm-3.6.15-3.91.4 python3-dbm-debuginfo-3.6.15-3.91.4 python3-debuginfo-3.6.15-3.91.4 python3-debugsource-3.6.15-3.91.4 python3-devel-3.6.15-3.91.3 python3-devel-debuginfo-3.6.15-3.91.3 python3-idle-3.6.15-3.91.4 python3-testsuite-3.6.15-3.91.3 python3-tk-3.6.15-3.91.4 python3-tk-debuginfo-3.6.15-3.91.4 python3-tools-3.6.15-3.91.3 - SUSE CaaS Platform 4.0 (x86_64): libpython3_6m1_0-3.6.15-3.91.3 libpython3_6m1_0-debuginfo-3.6.15-3.91.3 python3-3.6.15-3.91.4 python3-base-3.6.15-3.91.3 python3-curses-3.6.15-3.91.4 python3-curses-debuginfo-3.6.15-3.91.4 python3-dbm-3.6.15-3.91.4 python3-dbm-debuginfo-3.6.15-3.91.4 python3-debuginfo-3.6.15-3.91.4 python3-debugsource-3.6.15-3.91.4 python3-devel-3.6.15-3.91.3 python3-devel-debuginfo-3.6.15-3.91.3 python3-idle-3.6.15-3.91.4 python3-testsuite-3.6.15-3.91.3 python3-tk-3.6.15-3.91.4 python3-tk-debuginfo-3.6.15-3.91.4 python3-tools-3.6.15-3.91.3 References: https://www.suse.com/security/cve/CVE-2021-3426.html https://www.suse.com/security/cve/CVE-2021-3733.html https://www.suse.com/security/cve/CVE-2021-3737.html https://bugzilla.suse.com/1180125 https://bugzilla.suse.com/1183374 https://bugzilla.suse.com/1183858 https://bugzilla.suse.com/1185588 https://bugzilla.suse.com/1187338 https://bugzilla.suse.com/1187668 https://bugzilla.suse.com/1189241 https://bugzilla.suse.com/1189287 From sle-updates at lists.suse.com Thu Dec 23 14:57:56 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Dec 2021 15:57:56 +0100 (CET) Subject: SUSE-RU-2021:4179-1: moderate: Recommended update for corosync Message-ID: <20211223145756.8FC11FC9F@maintenance.suse.de> SUSE Recommended Update: Recommended update for corosync ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4179-1 Rating: moderate References: #1192467 Affected Products: SUSE Linux Enterprise High Availability 15-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for corosync fixes the following issues: - Fix corosync not recognizing isolated nodes when interface is down (bsc#1192467) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2021-4179=1 Package List: - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): corosync-2.4.5-12.7.1 corosync-debuginfo-2.4.5-12.7.1 corosync-debugsource-2.4.5-12.7.1 corosync-qdevice-2.4.5-12.7.1 corosync-qdevice-debuginfo-2.4.5-12.7.1 corosync-qnetd-2.4.5-12.7.1 corosync-qnetd-debuginfo-2.4.5-12.7.1 corosync-testagents-2.4.5-12.7.1 corosync-testagents-debuginfo-2.4.5-12.7.1 libcfg6-2.4.5-12.7.1 libcfg6-debuginfo-2.4.5-12.7.1 libcmap4-2.4.5-12.7.1 libcmap4-debuginfo-2.4.5-12.7.1 libcorosync-devel-2.4.5-12.7.1 libcorosync_common4-2.4.5-12.7.1 libcorosync_common4-debuginfo-2.4.5-12.7.1 libcpg4-2.4.5-12.7.1 libcpg4-debuginfo-2.4.5-12.7.1 libquorum5-2.4.5-12.7.1 libquorum5-debuginfo-2.4.5-12.7.1 libsam4-2.4.5-12.7.1 libsam4-debuginfo-2.4.5-12.7.1 libtotem_pg5-2.4.5-12.7.1 libtotem_pg5-debuginfo-2.4.5-12.7.1 libvotequorum8-2.4.5-12.7.1 libvotequorum8-debuginfo-2.4.5-12.7.1 References: https://bugzilla.suse.com/1192467 From sle-updates at lists.suse.com Thu Dec 23 15:00:39 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 23 Dec 2021 16:00:39 +0100 (CET) Subject: SUSE-SU-2021:4186-1: moderate: Security update for go1.17 Message-ID: <20211223150039.F12D0FC9F@maintenance.suse.de> SUSE Security Update: Security update for go1.17 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:4186-1 Rating: moderate References: #1190649 #1193597 #1193598 Cross-References: CVE-2021-44716 CVE-2021-44717 Affected Products: SUSE Manager Server 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Proxy 4.1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Enterprise Storage 7 SUSE CaaS Platform 4.5 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for go1.17 fixes the following issues: Updated to upstream version 1.17.5 to include fixes to the compiler, linker, syscall, runtime, the net/http, go/types, and time packages (bsc#1190649) - CVE-2021-44717: syscall: don't close fd 0 on ForkExec error (bsc#1193598). - CVE-2021-44716: net/http: limit growth of header canonicalization cache (bsc#1193597). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2021-4186=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2021-4186=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2021-4186=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2021-4186=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2021-4186=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2021-4186=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-4186=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-4186=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2021-4186=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2021-4186=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2021-4186=1 - SUSE CaaS Platform 4.5: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): go1.17-1.17.5-1.14.2 go1.17-doc-1.17.5-1.14.2 - SUSE Manager Server 4.1 (x86_64): go1.17-race-1.17.5-1.14.2 - SUSE Manager Retail Branch Server 4.1 (x86_64): go1.17-1.17.5-1.14.2 go1.17-doc-1.17.5-1.14.2 go1.17-race-1.17.5-1.14.2 - SUSE Manager Proxy 4.1 (x86_64): go1.17-1.17.5-1.14.2 go1.17-doc-1.17.5-1.14.2 go1.17-race-1.17.5-1.14.2 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): go1.17-1.17.5-1.14.2 go1.17-doc-1.17.5-1.14.2 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): go1.17-race-1.17.5-1.14.2 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): go1.17-1.17.5-1.14.2 go1.17-doc-1.17.5-1.14.2 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 x86_64): go1.17-race-1.17.5-1.14.2 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): go1.17-1.17.5-1.14.2 go1.17-doc-1.17.5-1.14.2 go1.17-race-1.17.5-1.14.2 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): go1.17-1.17.5-1.14.2 go1.17-doc-1.17.5-1.14.2 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64): go1.17-race-1.17.5-1.14.2 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): go1.17-1.17.5-1.14.2 go1.17-doc-1.17.5-1.14.2 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 x86_64): go1.17-race-1.17.5-1.14.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): go1.17-1.17.5-1.14.2 go1.17-doc-1.17.5-1.14.2 go1.17-race-1.17.5-1.14.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): go1.17-1.17.5-1.14.2 go1.17-doc-1.17.5-1.14.2 go1.17-race-1.17.5-1.14.2 - SUSE Enterprise Storage 7 (aarch64 x86_64): go1.17-1.17.5-1.14.2 go1.17-doc-1.17.5-1.14.2 go1.17-race-1.17.5-1.14.2 - SUSE CaaS Platform 4.5 (aarch64 x86_64): go1.17-1.17.5-1.14.2 go1.17-doc-1.17.5-1.14.2 go1.17-race-1.17.5-1.14.2 References: https://www.suse.com/security/cve/CVE-2021-44716.html https://www.suse.com/security/cve/CVE-2021-44717.html https://bugzilla.suse.com/1190649 https://bugzilla.suse.com/1193597 https://bugzilla.suse.com/1193598 From sle-updates at lists.suse.com Fri Dec 24 08:16:32 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Dec 2021 09:16:32 +0100 (CET) Subject: SUSE-RU-2021:4188-1: moderate: Recommended update for scap-security-guide Message-ID: <20211224081632.B5D5EFBB3@maintenance.suse.de> SUSE Recommended Update: Recommended update for scap-security-guide ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4188-1 Rating: moderate References: ECO-3319 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for scap-security-guide fixes the following issues: Update to 0.1.59 release (jsc#ECO-3319) - Support for Debian 11 - NERC CIP profiles for OCP4 and RHCOS - HIPAA profile for SLE15 - Delta Tailoring Files for STIG profiles Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-4188=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (noarch): scap-security-guide-0.1.59-3.20.1 scap-security-guide-debian-0.1.59-3.20.1 scap-security-guide-redhat-0.1.59-3.20.1 scap-security-guide-ubuntu-0.1.59-3.20.1 References: From sle-updates at lists.suse.com Fri Dec 24 11:16:47 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Dec 2021 12:16:47 +0100 (CET) Subject: SUSE-RU-2021:4189-1: moderate: Recommended update for scap-security-guide Message-ID: <20211224111647.D7E1DFBB3@maintenance.suse.de> SUSE Recommended Update: Recommended update for scap-security-guide ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4189-1 Rating: moderate References: ECO-3319 Affected Products: SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for scap-security-guide fixes the following issues: - updated to 0.1.59 release (jsc#ECO-3319) - Support for Debian 11 - NERC CIP profiles for OCP4 and RHCOS - HIPAA profile for SLE15 - Delta Tailoring Files for STIG profiles Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-4189=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-4189=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-4189=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-4189=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-4189=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-4189=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-4189=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-4189=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-4189=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-4189=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-4189=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-4189=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): scap-security-guide-0.1.59-1.24.3 scap-security-guide-debian-0.1.59-1.24.3 scap-security-guide-redhat-0.1.59-1.24.3 scap-security-guide-ubuntu-0.1.59-1.24.3 - SUSE Linux Enterprise Server for SAP 15 (noarch): scap-security-guide-0.1.59-1.24.3 scap-security-guide-debian-0.1.59-1.24.3 scap-security-guide-redhat-0.1.59-1.24.3 scap-security-guide-ubuntu-0.1.59-1.24.3 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): scap-security-guide-0.1.59-1.24.3 scap-security-guide-debian-0.1.59-1.24.3 scap-security-guide-redhat-0.1.59-1.24.3 scap-security-guide-ubuntu-0.1.59-1.24.3 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): scap-security-guide-0.1.59-1.24.3 scap-security-guide-debian-0.1.59-1.24.3 scap-security-guide-redhat-0.1.59-1.24.3 scap-security-guide-ubuntu-0.1.59-1.24.3 - SUSE Linux Enterprise Server 15-LTSS (noarch): scap-security-guide-0.1.59-1.24.3 scap-security-guide-debian-0.1.59-1.24.3 scap-security-guide-redhat-0.1.59-1.24.3 scap-security-guide-ubuntu-0.1.59-1.24.3 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): scap-security-guide-0.1.59-1.24.3 scap-security-guide-debian-0.1.59-1.24.3 scap-security-guide-redhat-0.1.59-1.24.3 scap-security-guide-ubuntu-0.1.59-1.24.3 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): scap-security-guide-0.1.59-1.24.3 scap-security-guide-debian-0.1.59-1.24.3 scap-security-guide-redhat-0.1.59-1.24.3 scap-security-guide-ubuntu-0.1.59-1.24.3 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): scap-security-guide-0.1.59-1.24.3 scap-security-guide-debian-0.1.59-1.24.3 scap-security-guide-redhat-0.1.59-1.24.3 scap-security-guide-ubuntu-0.1.59-1.24.3 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): scap-security-guide-0.1.59-1.24.3 scap-security-guide-debian-0.1.59-1.24.3 scap-security-guide-redhat-0.1.59-1.24.3 scap-security-guide-ubuntu-0.1.59-1.24.3 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): scap-security-guide-0.1.59-1.24.3 scap-security-guide-debian-0.1.59-1.24.3 scap-security-guide-redhat-0.1.59-1.24.3 scap-security-guide-ubuntu-0.1.59-1.24.3 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): scap-security-guide-0.1.59-1.24.3 scap-security-guide-debian-0.1.59-1.24.3 scap-security-guide-redhat-0.1.59-1.24.3 scap-security-guide-ubuntu-0.1.59-1.24.3 - SUSE Enterprise Storage 6 (noarch): scap-security-guide-0.1.59-1.24.3 scap-security-guide-debian-0.1.59-1.24.3 scap-security-guide-redhat-0.1.59-1.24.3 scap-security-guide-ubuntu-0.1.59-1.24.3 - SUSE CaaS Platform 4.0 (noarch): scap-security-guide-0.1.59-1.24.3 scap-security-guide-debian-0.1.59-1.24.3 scap-security-guide-redhat-0.1.59-1.24.3 scap-security-guide-ubuntu-0.1.59-1.24.3 References: From sle-updates at lists.suse.com Fri Dec 24 14:16:20 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 24 Dec 2021 15:16:20 +0100 (CET) Subject: SUSE-SU-2021:4190-1: important: Security update for logstash Message-ID: <20211224141620.94A09FBB3@maintenance.suse.de> SUSE Security Update: Security update for logstash ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:4190-1 Rating: important References: #1193662 Cross-References: CVE-2021-4104 CVSS scores: CVE-2021-4104 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for logstash fixes the following issues: Fixed vulnerability related to log4j version 1.2.x - CVE-2021-4104: Fixed remote code execution through the JMS API via the ldap JNDI parser (bsc#1193662) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-4190=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-4190=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-4190=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): kafka-0.10.2.2-5.9.1 logstash-2.4.1-5.7.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): elasticsearch-2.4.2-5.3.1 openstack-monasca-agent-2.2.6~dev4-3.21.1 openstack-monasca-persister-java-1.7.1~a0~dev2-3.6.1 openstack-monasca-thresh-2.1.1-4.3.1 python-monasca-agent-2.2.6~dev4-3.21.1 zookeeper-server-3.4.10-3.9.1 - SUSE OpenStack Cloud 8 (noarch): elasticsearch-2.4.2-5.3.1 openstack-monasca-agent-2.2.6~dev4-3.21.1 openstack-monasca-persister-java-1.7.1~a0~dev2-3.6.1 openstack-monasca-thresh-2.1.1-4.3.1 python-monasca-agent-2.2.6~dev4-3.21.1 venv-openstack-aodh-x86_64-5.1.1~dev7-12.34.1 venv-openstack-barbican-x86_64-5.0.2~dev3-12.35.1 venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.32.1 venv-openstack-cinder-x86_64-11.2.3~dev29-14.36.1 venv-openstack-designate-x86_64-5.0.3~dev7-12.33.1 venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.30.1 venv-openstack-glance-x86_64-15.0.3~dev3-12.33.1 venv-openstack-heat-x86_64-9.0.8~dev22-12.37.1 venv-openstack-horizon-x86_64-12.0.5~dev6-14.40.1 venv-openstack-ironic-x86_64-9.1.8~dev8-12.35.1 venv-openstack-keystone-x86_64-12.0.4~dev11-11.37.1 venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.34.1 venv-openstack-manila-x86_64-5.1.1~dev5-12.39.1 venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.30.1 venv-openstack-monasca-x86_64-2.2.2~dev1-11.34.1 venv-openstack-murano-x86_64-4.0.2~dev2-12.30.1 venv-openstack-neutron-x86_64-11.0.9~dev69-13.40.1 venv-openstack-nova-x86_64-16.1.9~dev92-11.38.1 venv-openstack-octavia-x86_64-1.0.6~dev3-12.35.1 venv-openstack-sahara-x86_64-7.0.5~dev4-11.34.1 venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.25.1 venv-openstack-trove-x86_64-8.0.2~dev2-11.34.1 zookeeper-server-3.4.10-3.9.1 - SUSE OpenStack Cloud 8 (x86_64): kafka-0.10.2.2-5.9.1 logstash-2.4.1-5.7.1 - HPE Helion Openstack 8 (x86_64): kafka-0.10.2.2-5.9.1 logstash-2.4.1-5.7.1 - HPE Helion Openstack 8 (noarch): elasticsearch-2.4.2-5.3.1 openstack-monasca-agent-2.2.6~dev4-3.21.1 openstack-monasca-persister-java-1.7.1~a0~dev2-3.6.1 openstack-monasca-thresh-2.1.1-4.3.1 python-monasca-agent-2.2.6~dev4-3.21.1 venv-openstack-aodh-x86_64-5.1.1~dev7-12.34.1 venv-openstack-barbican-x86_64-5.0.2~dev3-12.35.1 venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.32.1 venv-openstack-cinder-x86_64-11.2.3~dev29-14.36.1 venv-openstack-designate-x86_64-5.0.3~dev7-12.33.1 venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.30.1 venv-openstack-glance-x86_64-15.0.3~dev3-12.33.1 venv-openstack-heat-x86_64-9.0.8~dev22-12.37.1 venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.40.1 venv-openstack-ironic-x86_64-9.1.8~dev8-12.35.1 venv-openstack-keystone-x86_64-12.0.4~dev11-11.37.1 venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.34.1 venv-openstack-manila-x86_64-5.1.1~dev5-12.39.1 venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.30.1 venv-openstack-monasca-x86_64-2.2.2~dev1-11.34.1 venv-openstack-murano-x86_64-4.0.2~dev2-12.30.1 venv-openstack-neutron-x86_64-11.0.9~dev69-13.40.1 venv-openstack-nova-x86_64-16.1.9~dev92-11.38.1 venv-openstack-octavia-x86_64-1.0.6~dev3-12.35.1 venv-openstack-sahara-x86_64-7.0.5~dev4-11.34.1 venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.25.1 venv-openstack-trove-x86_64-8.0.2~dev2-11.34.1 zookeeper-server-3.4.10-3.9.1 References: https://www.suse.com/security/cve/CVE-2021-4104.html https://bugzilla.suse.com/1193662 From sle-updates at lists.suse.com Sat Dec 25 07:35:24 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 25 Dec 2021 08:35:24 +0100 (CET) Subject: SUSE-CU-2021:599-1: Security update of ses/7/cephcsi/cephcsi Message-ID: <20211225073524.05CB5FBB3@maintenance.suse.de> SUSE Container Update Advisory: ses/7/cephcsi/cephcsi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:599-1 Container Tags : ses/7/cephcsi/cephcsi:3.3.1 , ses/7/cephcsi/cephcsi:3.3.1.0.3.670 , ses/7/cephcsi/cephcsi:latest , ses/7/cephcsi/cephcsi:sle15.2.octopus , ses/7/cephcsi/cephcsi:v3.3.1 , ses/7/cephcsi/cephcsi:v3.3.1.0 Container Release : 3.670 Severity : critical Type : security References : 1027496 1029961 1065729 1085917 1113013 1122417 1125886 1134353 1148868 1152489 1154353 1159886 1161276 1162581 1164548 1167773 1170774 1171962 1172505 1172973 1172974 1173746 1174504 1176473 1176940 1177100 1177460 1178236 1179416 1179898 1179899 1179900 1179901 1179902 1179903 1180064 1180125 1180451 1180454 1180461 1181291 1181299 1181306 1181309 1181371 1181452 1181535 1181536 1182252 1183028 1183085 1183374 1183511 1183543 1183545 1183561 1183632 1183659 1183818 1183858 1183909 1184439 1184517 1184519 1184614 1184620 1184794 1184804 1184994 1185016 1185246 1185299 1185302 1185524 1185588 1185677 1185726 1185748 1185762 1185768 1186348 1186489 1186503 1186602 1186910 1187153 1187167 1187196 1187224 1187270 1187273 1187338 1187425 1187466 1187512 1187654 1187668 1187670 1187738 1187760 1187911 1187993 1188018 1188063 1188067 1188156 1188291 1188344 1188435 1188548 1188571 1188623 1188651 1188651 1188713 1188921 1188941 1188979 1188986 1189031 1189173 1189206 1189241 1189287 1189297 1189465 1189465 1189480 1189520 1189521 1189521 1189534 1189552 1189554 1189683 1189803 1189841 1189841 1189884 1189929 1189983 1189984 1189996 1190023 1190052 1190059 1190062 1190115 1190159 1190199 1190234 1190325 1190356 1190358 1190373 1190374 1190406 1190432 1190440 1190465 1190467 1190523 1190534 1190543 1190576 1190595 1190596 1190598 1190598 1190620 1190626 1190645 1190679 1190705 1190712 1190717 1190739 1190746 1190758 1190772 1190784 1190785 1190793 1190815 1190858 1190915 1190933 1190984 1191019 1191172 1191193 1191200 1191240 1191252 1191260 1191286 1191292 1191324 1191370 1191473 1191480 1191500 1191563 1191566 1191609 1191675 1191690 1191690 1191736 1191804 1191922 1191987 1192161 1192248 1192267 1192337 1192367 1192436 1192688 1192717 1192840 1193481 1193521 CVE-2016-10228 CVE-2019-20838 CVE-2020-12049 CVE-2020-14155 CVE-2020-16590 CVE-2020-16591 CVE-2020-16592 CVE-2020-16593 CVE-2020-16598 CVE-2020-16599 CVE-2020-29361 CVE-2020-35448 CVE-2020-35493 CVE-2020-35496 CVE-2020-35507 CVE-2020-3702 CVE-2021-20197 CVE-2021-20266 CVE-2021-20271 CVE-2021-20284 CVE-2021-20294 CVE-2021-22946 CVE-2021-22947 CVE-2021-33574 CVE-2021-33910 CVE-2021-3421 CVE-2021-3426 CVE-2021-3487 CVE-2021-35942 CVE-2021-36222 CVE-2021-3669 CVE-2021-3711 CVE-2021-3712 CVE-2021-3712 CVE-2021-3733 CVE-2021-3737 CVE-2021-3744 CVE-2021-3752 CVE-2021-37600 CVE-2021-3764 CVE-2021-37750 CVE-2021-38185 CVE-2021-38185 CVE-2021-39537 CVE-2021-40490 CVE-2021-42771 CVE-2021-43618 ----------------------------------------------------------------- The container ses/7/cephcsi/cephcsi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-OU-2020:3026-1 Released: Fri Oct 23 15:35:49 2020 Summary: Optional update for the Public Cloud Module Type: optional Severity: moderate References: This update adds the Google Cloud Storage packages to the Public Cloud module (jsc#ECO-2398). The following packages were included: - python3-grpcio - python3-protobuf - python3-google-api-core - python3-google-cloud-core - python3-google-cloud-storage - python3-google-resumable-media - python3-googleapis-common-protos - python3-grpcio-gcp - python3-mock (updated to version 3.0.5) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:294-1 Released: Wed Feb 3 12:54:28 2021 Summary: Recommended update for libprotobuf Type: recommended Severity: moderate References: libprotobuf was updated to fix: - ship the libprotobuf-lite15 on the basesystem module and the INSTALLER channel. (jsc#ECO-2911) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2689-1 Released: Mon Aug 16 10:54:52 2021 Summary: Security update for cpio Type: security Severity: important References: 1189206,CVE-2021-38185 This update for cpio fixes the following issues: It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2763-1 Released: Tue Aug 17 17:16:22 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465 This update for cpio fixes the following issues: - A regression in last update would cause builds to hang on various architectures(bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2780-1 Released: Thu Aug 19 16:09:15 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465,CVE-2021-38185 This update for cpio fixes the following issues: - A regression in the previous update could lead to crashes (bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2800-1 Released: Fri Aug 20 10:43:04 2021 Summary: Security update for krb5 Type: security Severity: important References: 1188571,CVE-2021-36222 This update for krb5 fixes the following issues: - CVE-2021-36222: Fixed KDC null deref on bad encrypted challenge. (bsc#1188571) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2810-1 Released: Mon Aug 23 12:14:30 2021 Summary: Security update for dbus-1 Type: security Severity: moderate References: 1172505,CVE-2020-12049 This update for dbus-1 fixes the following issues: - CVE-2020-12049: truncated messages lead to resource exhaustion. (bsc#1172505) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:2816-1 Released: Mon Aug 23 14:17:09 2021 Summary: Optional update for python-kubernetes Type: optional Severity: low References: This patch provides the python3-kubernetes package to the following modules: - Container Module for SUSE Linux Enterprise 15 SP2 - Container Module for SUSE Linux Enterprise 15 SP3 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2830-1 Released: Tue Aug 24 16:20:18 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1189520,1189521,CVE-2021-3711,CVE-2021-3712 This update for openssl-1_1 fixes the following security issues: - CVE-2021-3711: A bug in the implementation of the SM2 decryption code could lead to buffer overflows. [bsc#1189520] - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2863-1 Released: Mon Aug 30 08:18:50 2021 Summary: Recommended update for python-dbus-python Type: recommended Severity: moderate References: 1183818 This update for python-dbus-python fixes the following issues: - Update to latest version from tumbleweed. (jsc#ECO-3589, bsc#1183818) - update to 1.2.16: * All tests are run even if the 'tap.py' module is not available, althoug diagnostics for failing tests will be better if it is present. - Support builds with more than one python3 flavor - Clean duplicate python flavor variables for configure - Version update to version 1.2.14: * Ensure that the numeric types from dbus.types get the same str() under Python 3.8 that they did under previous versions. * Disable -Winline. * Add clearer license information using SPDX-License-Identifier. * Include inherited methods and properties when documenting objects, which regressed when migrating from epydoc to sphinx. * Add missing variant_level member to UnixFd type, for parity with the other dbus.types types * Don't reply to method calls if they have the NO_REPLY_EXPECTED flag * Silence '-Wcast-function-type' with gcc 8. * Fix distcheck with python3.7 by deleting '__pycache__' during uninstall. * Consistently save and restore the exception indicator when called from C code. - Add missing dependency for pkg-config files - Version update to version 1.2.8: * Python 2.7 required or 3.4 respectively * Upstream dropped epydoc completely - Add dbus-1-python3 package - Make BusConnection.list_activatable_names actually call struct entries than the signature allows with libdbus 1.4 imports dbus, is finalized, is re-initialized, and re-imports - When removing signal matches, clean up internal state, avoiding a memory leak in long-lived Python processes that connect to - When setting the sender of a message, allow it to be org.freedesktop.DBus so you can implement a D-Bus daemon - New package: dbus-1-python-devel ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2895-1 Released: Tue Aug 31 19:40:50 2021 Summary: Recommended update for unixODBC Type: recommended Severity: moderate References: This update for unixODBC fixes the following issues: - ECO: Update unixODBC to 2.3.9 in SLE 15. (jsc#SLE-18004) - Fix incorrect permission for documentation files. - Update requires and baselibs for new libodbc2. - Employ shared library packaging guideline: new subpacakge libodbc2. - Update to 2.3.9: * Remove '#define UNIXODBC_SOURCE' from unixodbc_conf.h - Update to 2.3.8: * Add configure support for editline * SQLDriversW was ignoring user config * SQLDataSources Fix termination character * Fix for pooling seg fault * Make calling SQLSetStmtAttrW call the W function in the driver is its there * Try and fix race condition clearing system odbc.ini file * Remove trailing space from isql/iusql SQL * When setting connection attributes set before connect also check if the W entry poins can be used * Try calling the W error functions first if available in the driver * Add iconvperdriver configure option to allow calling unicode_setup in SQLAllocHandle * iconv handles was being lost when reusing pooled connection * Catch null copy in iniPropertyInsert * Fix a few leaks - Update to 2.3.7: * Fix for pkg-config file update on no linux platforms * Add W entry for GUI work * Various fixes for SQLBrowseConnect/W, SQLGetConnectAttr/W,and SQLSetConnectAttr/W * Fix buffer overflows in SQLConnect/W and refine behaviour of SQLGet/WritePrivateProfileString * SQLBrowseConnect/W allow disconnecting a started browse session after error * Add --with-stats-ftok-name configure option to allow the selection of a file name used to generate the IPC id when collecting stats. Default is the system odbc.ini file * Improve diag record handling with the behavior of Windows DM and export SQLCancelHandle * bug fix when SQLGetPrivateProfileString() is called to get a list of sections or a list of keys * Connection pooling: Fix liveness check for Unicode drivers ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2938-1 Released: Fri Sep 3 09:19:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - openldap2-contrib is shipped to the Legacy Module. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2966-1 Released: Tue Sep 7 09:49:14 2021 Summary: Security update for openssl-1_1 Type: security Severity: low References: 1189521,CVE-2021-3712 This update for openssl-1_1 fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3001-1 Released: Thu Sep 9 15:08:13 2021 Summary: Recommended update for netcfg Type: recommended Severity: moderate References: 1189683 This update for netcfg fixes the following issues: - add submissions port/protocol to services file for message submission over TLS protocol [bsc#1189683] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3021-1 Released: Mon Sep 13 10:32:31 2021 Summary: Recommended update for ceph Type: recommended Severity: moderate References: 1181291,1183561,1184517,1185246,1186348,1188979,1189173 This update for ceph fixes the following issues: - cls/rgw: look for plane entries in non-ascii plain namespace too (bsc#1184517) - rgw: check object locks in multi-object delete (bsc#1185246) - mgr/zabbix: adapt zabbix_sender default path (bsc#1186348) - mgr/cephadm: pass --container-init to 'cephadm deploy' if specified (bsc#1188979) - mgr/dashboard: Downstream branding: Adapt latest upstream changes to branded navigation component (bsc#1189173) - qa/tasks/salt_manager: allow gatherlogs for files in subdir - qa/tasks/ceph_salt: gather /var/log/ceph/cephadm.out - mgr/zabbix: adapt zabbix_sender default path (bsc#1186348) - Revert 'cephadm: default container_init to False' (bsc#1188979) - mgr/cephadm: alias rgw-nfs -> nfs (bsc#1181291) - mgr/cephadm: on ssh connection error, advice chmod 0600 (bsc#1183561) - Update _constraints: only honor physical memory, not 'any memory' (e.g. swap). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3030-1 Released: Tue Sep 14 09:27:45 2021 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: 1189534,1189554 This update of patterns-base fixes the following issue: - The fips pattern should also install 'openssh-fips' if 'openssh' is installed (bsc#1189554 bsc#1189534) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3034-1 Released: Tue Sep 14 13:49:23 2021 Summary: Recommended update for python-pytz Type: recommended Severity: moderate References: 1185748 This update for python-pytz fixes the following issues: - Add %pyunittest shim for platforms where it is missing. - Remove real directory of %{python_sitelib}/pytz/zoneinfo when upgrading, before it is replaced by a symlink. (bsc#1185748) - update to 2021.1: * update to IANA 2021a timezone release - update to 2020.5: * update to IANA 2020e timezone release - update to 2020.4: * update to IANA 2020d timezone release - update to version 2020.1: * Test against Python 3.8 and Python 3.9 * Bump version numbers to 2020.1/2020a * use .rst extension name * Make FixedOffset part of public API - Update to 2019.3 * IANA 2019c - Add versioned dependency on timezone database to ensure the correct data is installed - Add a symlink to the system timezone database - update to 2019.2 * IANA 2019b * Defer generating case-insensitive lookups ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3182-1 Released: Tue Sep 21 17:04:26 2021 Summary: Recommended update for file Type: recommended Severity: moderate References: 1189996 This update for file fixes the following issues: - Fixes exception thrown by memory allocation problem (bsc#1189996) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3233-1 Released: Mon Sep 27 15:02:21 2021 Summary: Recommended update for xfsprogs Type: recommended Severity: moderate References: 1085917,1181299,1181306,1181309,1181535,1181536,1188651,1189552 This update for xfsprogs fixes the following issues: - Fixes an issue when 'fstests' with 'xfs' fail. (bsc#1181309, bsc#1181299) - xfsprogs: Split 'libhandle1' into a separate package, since nothing within xfsprogs dynamically links against it. The shared library is still required by xfsdump as a runtime dependency. - mkfs.xfs: Fix 'ASSERT' on too-small device with stripe geometry. (bsc#1181536) - mkfs.xfs: If either 'sunit' or 'swidth' is not zero, the other must be as well. (bsc#1085917, bsc#1181535) - xfs_growfs: Refactor geometry reporting. (bsc#1181306) - xfs_growfs: Allow mounted device node as argument. (bsc#1181299) - xfs_repair: Rebuild directory when non-root leafn blocks claim block 0. (bsc#1181309) - xfs_repair: Check plausibility of root dir pointer before trashing it. (bsc#1188651) - xfs_bmap: Remove '-c' from manpage. (bsc#1189552) - xfs_bmap: Do not reject '-e'. (bsc#1189552) - Implement 'libhandle1' through ECO. (jsc#SLE-20360) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3274-1 Released: Fri Oct 1 10:34:17 2021 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1190858 This update for ca-certificates-mozilla fixes the following issues: - remove one of the Letsencrypt CAs DST_Root_CA_X3.pem, as it expires September 30th 2021 and openssl certificate chain handling does not handle this correctly in openssl 1.0.2 and older. (bsc#1190858) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3298-1 Released: Wed Oct 6 16:54:52 2021 Summary: Security update for curl Type: security Severity: moderate References: 1190373,1190374,CVE-2021-22946,CVE-2021-22947 This update for curl fixes the following issues: - CVE-2021-22947: Fixed STARTTLS protocol injection via MITM (bsc#1190374). - CVE-2021-22946: Fixed protocol downgrade required TLS bypassed (bsc#1190373). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3318-1 Released: Wed Oct 6 19:31:19 2021 Summary: Recommended update for sudo Type: recommended Severity: moderate References: 1176473,1181371 This update for sudo fixes the following issues: - Update to sudo 1.8.27 (jsc#SLE-17083). - Fixed special handling of ipa_hostname (bsc#1181371). - Restore sudo ldap behavior to ignore expire dates when SUDOERS_TIMED option is not set in /etc/ldap.conf (bsc#1176473). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3348-1 Released: Tue Oct 12 13:08:06 2021 Summary: Security update for systemd Type: security Severity: moderate References: 1134353,1171962,1184994,1188018,1188063,1188291,1188713,1189480,1190234,CVE-2021-33910 This update for systemd fixes the following issues: - CVE-2021-33910: Fixed use of strdupa() on a path (bsc#1188063). - logind: terminate cleanly on SIGTERM/SIGINT (bsc#1188018). - Adopting BFQ to control I/O (jsc#SLE-21032, bsc#1134353). - Rules weren't applied to dm devices (multipath) (bsc#1188713). - Ignore obsolete 'elevator' kernel parameter (bsc#1184994, bsc#1190234). - Make sure the versions of both udev and systemd packages are always the same (bsc#1189480). - Avoid error message when udev is updated due to udev being already active when the sockets are started again (bsc#1188291). - Allow the systemd sysusers config files to be overriden during system installation (bsc#1171962). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3382-1 Released: Tue Oct 12 14:30:17 2021 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: This update for ca-certificates-mozilla fixes the following issues: - A new sub-package for minimal base containers (jsc#SLE-22162) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3385-1 Released: Tue Oct 12 15:54:31 2021 Summary: Security update for glibc Type: security Severity: moderate References: 1186489,1187911,CVE-2021-33574,CVE-2021-35942 This update for glibc fixes the following issues: - CVE-2021-35942: wordexp: handle overflow in positional parameter number (bsc#1187911) - CVE-2021-33574: Use __pthread_attr_copy in mq_notify (bsc#1186489) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3411-1 Released: Wed Oct 13 10:42:25 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1191019 This update for lvm2 fixes the following issues: - Do not crash vgextend when extending VG with missing PV. (bsc#1191019) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3412-1 Released: Wed Oct 13 10:50:33 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: important References: 1189841,1190598 This update for suse-module-tools fixes the following issues: - Fixed an issue where the queuing of secure boot certificates did not happen (bsc#1189841, bsc#1190598) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3444-1 Released: Fri Oct 15 09:03:07 2021 Summary: Security update for rpm Type: security Severity: important References: 1179416,1183543,1183545,1183632,1183659,1185299,1187670,1188548,CVE-2021-20266,CVE-2021-20271,CVE-2021-3421 This update for rpm fixes the following issues: Security issues fixed: - CVE-2021-3421, CVE-2021-20271, CVE-2021-20266: Multiple header check improvements (bsc#1183543, bsc#1183545, bsc#1183632) - PGP hardening changes (bsc#1185299) - Fixed potential access of freed mem in ndb's glue code (bsc#1179416) Maintaince issues fixed: - Fixed zstd detection (bsc#1187670) - Added ndb rofs support (bsc#1188548) - Fixed deadlock when multiple rpm processes try tp acquire the database lock (bsc#1183659) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3447-1 Released: Fri Oct 15 09:05:12 2021 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1148868,1152489,1154353,1159886,1167773,1170774,1173746,1176940,1184439,1184804,1185302,1185677,1185726,1185762,1187167,1188067,1188651,1188986,1189297,1189841,1189884,1190023,1190062,1190115,1190159,1190358,1190406,1190432,1190467,1190523,1190534,1190543,1190576,1190595,1190596,1190598,1190620,1190626,1190679,1190705,1190717,1190746,1190758,1190784,1190785,1191172,1191193,1191240,1191292,CVE-2020-3702,CVE-2021-3669,CVE-2021-3744,CVE-2021-3752,CVE-2021-3764,CVE-2021-40490 The SUSE Linux Enterprise 15 SP2 kernel was updated. The following security bugs were fixed: - CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bnc#1191193) - CVE-2021-3752: Fixed a use after free vulnerability in the Linux kernel's bluetooth module. (bsc#1190023) - CVE-2021-40490: Fixed a race condition discovered in the ext4 subsystem that could leat to local priviledge escalation. (bnc#1190159) - CVE-2021-3744: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1189884) - CVE-2021-3764: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1190534) - CVE-2021-3669: Fixed a bug that doesn't allow /proc/sysvipc/shm to scale with large shared memory segment counts which could lead to resource exhaustion and DoS. (bsc#1188986) The following non-security bugs were fixed: - ALSA: firewire-motu: fix truncated bytes in message tracepoints (git-fixes). - apparmor: remove duplicate macro list_entry_is_head() (git-fixes). - ASoC: fsl_micfil: register platform component before registering cpu dai (git-fixes). - ASoC: mediatek: common: handle NULL case in suspend/resume function (git-fixes). - ASoC: rockchip: i2s: Fix regmap_ops hang (git-fixes). - ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B (git-fixes). - ASoC: SOF: Fix DSP oops stack dump output contents (git-fixes). - ath9k: fix OOB read ar9300_eeprom_restore_internal (git-fixes). - ath9k: fix sleeping in atomic context (git-fixes). - blk-mq: do not deactivate hctx if managed irq isn't used (bsc#1185762). - blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762). - blk-mq: mark if one queue map uses managed irq (bsc#1185762). - Bluetooth: skip invalid hci_sync_conn_complete_evt (git-fixes). - bnx2x: fix an error code in bnx2x_nic_load() (git-fixes). - bnxt_en: Add missing DMA memory barriers (git-fixes). - bnxt_en: Disable aRFS if running on 212 firmware (git-fixes). - bnxt_en: Do not enable legacy TX push on older firmware (git-fixes). - bnxt_en: Store the running firmware version code (git-fixes). - bnxt: count Tx drops (git-fixes). - bnxt: disable napi before canceling DIM (git-fixes). - bnxt: do not lock the tx queue from napi poll (git-fixes). - bnxt: make sure xmit_more + errors does not miss doorbells (git-fixes). - btrfs: prevent rename2 from exchanging a subvol with a directory from different parents (bsc#1190626). - clk: at91: clk-generated: Limit the requested rate to our range (git-fixes). - clk: at91: clk-generated: pass the id of changeable parent at registration (git-fixes). - console: consume APC, DM, DCS (git-fixes). - cuse: fix broken release (bsc#1190596). - cxgb4: dont touch blocked freelist bitmap after free (git-fixes). - debugfs: Return error during {full/open}_proxy_open() on rmmod (bsc#1173746). - devlink: Break parameter notification sequence to be before/after unload/load driver (bsc#1154353). - dmaengine: ioat: depends on !UML (git-fixes). - dmaengine: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes). - dmaengine: xilinx_dma: Set DMA mask for coherent APIs (git-fixes). - docs: Fix infiniband uverbs minor number (git-fixes). - drivers: gpu: amd: Initialize amdgpu_dm_backlight_caps object to 0 in amdgpu_dm_update_backlight_caps (git-fixes). - drm: avoid blocking in drm_clients_info's rcu section (git-fixes). - drm/amd/amdgpu: Update debugfs link_settings output link_rate field in hex (git-fixes). - drm/amd/display: Fix timer_per_pixel unit error (git-fixes). - drm/amdgpu: Fix BUG_ON assert (git-fixes). - drm/gma500: Fix end of loop tests for list_for_each_entry (git-fixes). - drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV (git-fixes). - drm/panfrost: Clamp lock region to Bifrost minimum (git-fixes). - e1000e: Do not take care about recovery NVM checksum (jsc#SLE-8100). - e1000e: Fix the max snoop/no-snoop latency for 10M (git-fixes). - EDAC/i10nm: Fix NVDIMM detection (bsc#1152489). - EDAC/synopsys: Fix wrong value type assignment for edac_mode (bsc#1152489). - erofs: fix up erofs_lookup tracepoint (git-fixes). - fbmem: do not allow too huge resolutions (git-fixes). - fpga: machxo2-spi: Fix missing error code in machxo2_write_complete() (git-fixes). - fpga: machxo2-spi: Return an error on failure (git-fixes). - fuse: flush extending writes (bsc#1190595). - fuse: truncate pagecache on atomic_o_trunc (bsc#1190705). - genirq: add device_has_managed_msi_irq (bsc#1185762). - gpio: uniphier: Fix void functions to remove return value (git-fixes). - gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port() (git-fixes). - gve: fix the wrong AdminQ buffer overflow check (bsc#1176940). - hv_netvsc: Make netvsc/VF binding check both MAC and serial number (jsc#SLE-18779, bsc#1185726). - hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#1185726). - hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs (git-fixes). - hwmon: (tmp421) fix rounding for negative values (git-fixes). - hwmon: (tmp421) report /PVLD condition as fault (git-fixes). - i40e: Add additional info to PHY type error (git-fixes). - i40e: Fix firmware LLDP agent related warning (git-fixes). - i40e: Fix log TC creation failure when max num of queues is exceeded (git-fixes). - i40e: Fix logic of disabling queues (git-fixes). - i40e: Fix queue-to-TC mapping on Tx (git-fixes). - iavf: Fix ping is lost after untrusted VF had tried to change MAC (jsc#SLE-7940). - iavf: Set RSS LUT and key in reset handle path (git-fixes). - ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510). - ibmvnic: Consolidate code in replenish_rx_pool() (bsc#1190758 ltc#191943). - ibmvnic: Fix up some comments and messages (bsc#1190758 ltc#191943). - ibmvnic: init_tx_pools move loop-invariant code (bsc#1190758 ltc#191943). - ibmvnic: Reuse LTB when possible (bsc#1190758 ltc#191943). - ibmvnic: Reuse rx pools when possible (bsc#1190758 ltc#191943). - ibmvnic: Reuse tx pools when possible (bsc#1190758 ltc#191943). - ibmvnic: Use bitmap for LTB map_ids (bsc#1190758 ltc#191943). - ibmvnic: Use/rename local vars in init_rx_pools (bsc#1190758 ltc#191943). - ibmvnic: Use/rename local vars in init_tx_pools (bsc#1190758 ltc#191943). - ice: Prevent probing virtual functions (git-fixes). - iio: dac: ad5624r: Fix incorrect handling of an optional regulator (git-fixes). - include/linux/list.h: add a macro to test if entry is pointing to the head (git-fixes). - iomap: Fix negative assignment to unsigned sis->pages in iomap_swapfile_activate (bsc#1190784). - ionic: cleanly release devlink instance (bsc#1167773). - ionic: count csum_none when offload enabled (bsc#1167773). - ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115). - ipc/util.c: use binary search for max_idx (bsc#1159886). - ipvs: allow connection reuse for unconfirmed conntrack (bsc#1190467). - ipvs: avoid expiring many connections from timer (bsc#1190467). - ipvs: Fix up kabi for expire_nodest_conn_work addition (bsc#1190467). - ipvs: queue delayed work to expire no destination connections if expire_nodest_conn=1 (bsc#1190467). - iwlwifi: mvm: fix a memory leak in iwl_mvm_mac_ctxt_beacon_changed (git-fixes). - kernel-binary.spec: Check for no kernel signing certificates. Also remove unused variable. - kernel-binary.spec: Do not fail silently when KMP is empty (bsc#1190358). Copy the code from kernel-module-subpackage that deals with empty KMPs. - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167 bsc#1191240 ltc#194716). - kernel-binary.spec.in Stop templating the scriptlets for subpackages (bsc#1190358). The script part for base package case is completely separate from the part for subpackages. Remove the part for subpackages from the base package script and use the KMP scripts for subpackages instead. - libata: fix ata_host_start() (git-fixes). - mac80211-hwsim: fix late beacon hrtimer handling (git-fixes). - mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug (git-fixes). - mac80211: fix use-after-free in CCMP/GCMP RX (git-fixes). - mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap (git-fixes). - mac80211: mesh: fix potentially unaligned access (git-fixes). - media: cedrus: Fix SUNXI tile size calculation (git-fixes). - media: coda: fix frame_mem_ctrl for YUV420 and YVU420 formats (git-fixes). - media: dib8000: rewrite the init prbs logic (git-fixes). - media: imx258: Limit the max analogue gain to 480 (git-fixes). - media: imx258: Rectify mismatch of VTS value (git-fixes). - media: rc-loopback: return number of emitters rather than error (git-fixes). - media: TDA1997x: fix tda1997x_query_dv_timings() return value (git-fixes). - media: uvc: do not do DMA on stack (git-fixes). - media: v4l2-dv-timings.c: fix wrong condition in two for-loops (git-fixes). - mfd: Do not use irq_create_mapping() to resolve a mapping (git-fixes). - mlx4: Fix missing error code in mlx4_load_one() (git-fixes). - mm: always have io_remap_pfn_range() set pgprot_decrypted() (git-fixes). - mm/swap: consider max pages in iomap_swapfile_add_extent (bsc#1190785). - mmc: core: Return correct emmc response in case of ioctl error (git-fixes). - mmc: rtsx_pci: Fix long reads when clock is prescaled (git-fixes). - mmc: sdhci-of-arasan: Check return value of non-void funtions (git-fixes). - net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#SLE-18779, bsc#1185726). - net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185726). - net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779, bsc#1185726). - net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779, bsc#1185726). - net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185726). - net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185726). - net: mana: Prefer struct_size over open coded arithmetic (jsc#SLE-18779, bsc#1185726). - net: mana: remove redundant initialization of variable err (jsc#SLE-18779, bsc#1185726). - net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#SLE-18779, bsc#1185726). - net: mana: Use struct_size() in kzalloc() (jsc#SLE-18779, bsc#1185726). - net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32 (git-fixes). - net: sched: sch_teql: fix null-pointer dereference (bsc#1190717). - net/mlx5: E-Switch, handle devcom events only for ports on the same device (git-fixes). - net/mlx5: Fix flow table chaining (git-fixes). - net/mlx5: Fix return value from tracer initialization (git-fixes). - net/mlx5: Unload device upon firmware fatal error (git-fixes). - net/mlx5e: Avoid creating tunnel headers for local route (git-fixes). - net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev() (git-fixes). - net/mlx5e: Prohibit inner indir TIRs in IPoIB (git-fixes). - netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state (bsc#1190062). - nfp: update ethtool reporting of pauseframe control (git-fixes). - NFS: change nfs_access_get_cached to only report the mask (bsc#1190746). - NFS: do not store 'struct cred *' in struct nfs_access_entry (bsc#1190746). - NFS: pass cred explicitly for access tests (bsc#1190746). - nvme: avoid race in shutdown namespace removal (bsc#1188067). - nvme: fix refcounting imbalance when all paths are down (bsc#1188067). - parport: remove non-zero check on count (git-fixes). - PCI: aardvark: Fix checking for PIO status (git-fixes). - PCI: aardvark: Fix masking and unmasking legacy INTx interrupts (git-fixes). - PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response (git-fixes). - PCI: Add ACS quirks for Cavium multi-function devices (git-fixes). - PCI: Add ACS quirks for NXP LX2xx0 and LX2xx2 platforms (git-fixes). - PCI: Add AMD GPU multi-function power dependencies (git-fixes). - PCI: ibmphp: Fix double unmap of io_mem (git-fixes). - PCI: pci-bridge-emul: Add PCIe Root Capabilities Register (git-fixes). - PCI: pci-bridge-emul: Fix array overruns, improve safety (git-fixes). - PCI: pci-bridge-emul: Fix big-endian support (git-fixes). - PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported (git-fixes). - PCI: Use pci_update_current_state() in pci_enable_device_flags() (git-fixes). - PM: base: power: do not try to use non-existing RTC for storing data (git-fixes). - PM: EM: Increase energy calculation precision (git-fixes). - power: supply: axp288_fuel_gauge: Report register-address on readb / writeb errors (git-fixes). - power: supply: max17042_battery: fix typo in MAx17042_TOFF (git-fixes). - powercap: intel_rapl: add support for Sapphire Rapids (jsc#SLE-15289). - powerpc: fix function annotations to avoid section mismatch warnings with gcc-10 (bsc#1148868). - powerpc/drmem: Make LMB walk a bit more flexible (bsc#1190543 ltc#194523). - powerpc/perf: Drop the case of returning 0 as instruction pointer (bsc#1065729). - powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not set (bsc#1065729). - powerpc/perf: Fix the check for SIAR value (bsc#1065729). - powerpc/perf: Use regs->nip when SIAR is zero (bsc#1065729). - powerpc/perf: Use stack siar instead of mfspr (bsc#1065729). - powerpc/perf: Use the address from SIAR register to set cpumode flags (bsc#1065729). - powerpc/perf/hv-gpci: Fix counter value parsing (bsc#1065729). - powerpc/powernv: Fix machine check reporting of async store errors (bsc#1065729). - powerpc/pseries: Prevent free CPU ids being reused on another node (bsc#1190620 ltc#194498). - powerpc/pseries/dlpar: use rtas_get_sensor() (bsc#1065729). - pseries/drmem: update LMBs after LPM (bsc#1190543 ltc#194523). - pwm: img: Do not modify HW state in .remove() callback (git-fixes). - pwm: rockchip: Do not modify HW state in .remove() callback (git-fixes). - pwm: stm32-lp: Do not modify HW state in .remove() callback (git-fixes). - qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom (git-fixes). - RDMA/bnxt_re: Remove unpaired rtnl unlock in bnxt_re_dev_init() (bsc#1170774). - Re-enable UAS for LaCie Rugged USB3-FW with fk quirk (git-fixes). - regmap: fix page selection for noinc reads (git-fixes). - regmap: fix page selection for noinc writes (git-fixes). - regmap: fix the offset of register error log (git-fixes). - Restore kabi after NFS: pass cred explicitly for access tests (bsc#1190746). - rpm: Abolish scritplet templating (bsc#1189841). Outsource kernel-binary and KMP scriptlets to suse-module-tools. This allows fixing bugs in the scriptlets as well as defining initrd regeneration policy independent of the kernel packages. - rpm/kernel-binary.spec: Use only non-empty certificates. - rpm/kernel-binary.spec.in: avoid conflicting suse-release suse-release had arbitrary values in staging, we can't use it for dependencies. The filesystem one has to be enough (boo#1184804). - rtc: rx8010: select REGMAP_I2C (git-fixes). - rtc: tps65910: Correct driver module alias (git-fixes). - s390/unwind: use current_frame_address() to unwind current task (bsc#1185677). - sched/fair: Add ancestors of unthrottled undecayed cfs_rq (bsc#1191292). - scsi: core: Add helper to return number of logical blocks in a request (bsc#1190576). - scsi: core: Introduce the scsi_cmd_to_rq() function (bsc#1190576). - scsi: fc: Add EDC ELS definition (bsc#1190576). - scsi: fc: Update formal FPIN descriptor definitions (bsc#1190576). - scsi: lpfc: Add bsg support for retrieving adapter cmf data (bsc#1190576). - scsi: lpfc: Add cm statistics buffer support (bsc#1190576). - scsi: lpfc: Add cmf_info sysfs entry (bsc#1190576). - scsi: lpfc: Add cmfsync WQE support (bsc#1190576). - scsi: lpfc: Add debugfs support for cm framework buffers (bsc#1190576). - scsi: lpfc: Add EDC ELS support (bsc#1190576). - scsi: lpfc: Add MIB feature enablement support (bsc#1190576). - scsi: lpfc: Add rx monitoring statistics (bsc#1190576). - scsi: lpfc: Add SET_HOST_DATA mbox cmd to pass date/time info to firmware (bsc#1190576). - scsi: lpfc: Add support for cm enablement buffer (bsc#1190576). - scsi: lpfc: Add support for maintaining the cm statistics buffer (bsc#1190576). - scsi: lpfc: Add support for the CM framework (bsc#1190576). - scsi: lpfc: Adjust bytes received vales during cmf timer interval (bsc#1190576). - scsi: lpfc: Copyright updates for 14.0.0.1 patches (bsc#1190576). - scsi: lpfc: Do not release final kref on Fport node while ABTS outstanding (bsc#1190576). - scsi: lpfc: Do not remove ndlp on PRLI errors in P2P mode (bsc#1190576). - scsi: lpfc: Expand FPIN and RDF receive logging (bsc#1190576). - scsi: lpfc: Fix compilation errors on kernels with no CONFIG_DEBUG_FS (bsc#1190576). - scsi: lpfc: Fix CPU to/from endian warnings introduced by ELS processing (bsc#1190576). - scsi: lpfc: Fix EEH support for NVMe I/O (bsc#1190576). - scsi: lpfc: Fix FCP I/O flush functionality for TMF routines (bsc#1190576). - scsi: lpfc: Fix gcc -Wstringop-overread warning, again (bsc#1190576). - scsi: lpfc: Fix hang on unload due to stuck fport node (bsc#1190576). - scsi: lpfc: Fix I/O block after enabling managed congestion mode (bsc#1190576). - scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() (bsc#1190576). - scsi: lpfc: Fix NVMe I/O failover to non-optimized path (bsc#1190576). - scsi: lpfc: Fix premature rpi release for unsolicited TPLS and LS_RJT (bsc#1190576). - scsi: lpfc: Fix rediscovery of tape device after LIP (bsc#1190576). - scsi: lpfc: Fix sprintf() overflow in lpfc_display_fpin_wwpn() (bsc#1190576). - scsi: lpfc: Improve PBDE checks during SGL processing (bsc#1190576). - scsi: lpfc: Remove unneeded variable (bsc#1190576). - scsi: lpfc: Update lpfc version to 14.0.0.1 (bsc#1190576). - scsi: lpfc: Update lpfc version to 14.0.0.2 (bsc#1190576). - scsi: lpfc: Use correct scnprintf() limit (bsc#1190576). - scsi: lpfc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190576). - scsi: lpfc: Use the proper SCSI midlayer interfaces for PI (bsc#1190576). - scsi: lpfc: Zero CGN stats only during initial driver load and stat reset (bsc#1190576). - scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V (bsc#1189297). - serial: 8250_pci: make setup_port() parameters explicitly unsigned (git-fixes). - serial: 8250: Define RX trigger levels for OxSemi 950 devices (git-fixes). - serial: mvebu-uart: fix driver's tx_empty callback (git-fixes). - serial: sh-sci: fix break handling for sysrq (git-fixes). - spi: Fix tegra20 build with CONFIG_PM=n (git-fixes). - staging: board: Fix uninitialized spinlock when attaching genpd (git-fixes). - staging: ks7010: Fix the initialization of the 'sleep_status' structure (git-fixes). - staging: rts5208: Fix get_ms_information() heap buffer size (git-fixes). - thermal/core: Potential buffer overflow in thermal_build_list_of_policies() (git-fixes). - time: Handle negative seconds correctly in timespec64_to_ns() (git-fixes). - tty: Fix data race between tiocsti() and flush_to_ldisc() (git-fixes). - tty: serial: jsm: hold port lock when reporting modem line changes (git-fixes). - tty: synclink_gt, drop unneeded forward declarations (git-fixes). - usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c (git-fixes). - usb: core: hcd: Add support for deferring roothub registration (git-fixes). - usb: dwc2: Add missing cleanups when usb_add_gadget_udc() fails (git-fixes). - usb: dwc2: Avoid leaving the error_debugfs label unused (git-fixes). - usb: dwc2: gadget: Fix ISOC flow for BDMA and Slave (git-fixes). - usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA (git-fixes). - usb: EHCI: ehci-mv: improve error handling in mv_ehci_enable() (git-fixes). - usb: gadget: r8a66597: fix a loop in set_feature() (git-fixes). - usb: gadget: u_ether: fix a potential null pointer dereference (git-fixes). - usb: host: fotg210: fix the actual_length of an iso packet (git-fixes). - usb: host: fotg210: fix the endpoint's transactional opportunities calculation (git-fixes). - usb: musb: musb_dsps: request_irq() after initializing musb (git-fixes). - usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned() (git-fixes). - usb: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter (git-fixes). - usb: serial: option: add device id for Foxconn T99W265 (git-fixes). - usb: serial: option: add Telit LN920 compositions (git-fixes). - usb: serial: option: remove duplicate USB device ID (git-fixes). - usbip: give back URBs for unsent unlink requests during cleanup (git-fixes). - usbip:vhci_hcd USB port can get stuck in the disabled state (git-fixes). - video: fbdev: asiliantfb: Error out if 'pixclock' equals zero (git-fixes). - video: fbdev: kyro: Error out if 'pixclock' equals zero (git-fixes). - video: fbdev: kyro: fix a DoS bug by restricting user input (git-fixes). - video: fbdev: riva: Error out if 'pixclock' equals zero (git-fixes). - vmxnet3: add support for 32 Tx/Rx queues (bsc#1190406). - vmxnet3: add support for ESP IPv6 RSS (bsc#1190406). - vmxnet3: increase maximum configurable mtu to 9190 (bsc#1190406). - vmxnet3: prepare for version 6 changes (bsc#1190406). - vmxnet3: remove power of 2 limitation on the queues (bsc#1190406). - vmxnet3: set correct hash type based on rss information (bsc#1190406). - vmxnet3: update to version 6 (bsc#1190406). - watchdog/sb_watchdog: fix compilation problem due to COMPILE_TEST (git-fixes). - x86/alternatives: Teach text_poke_bp() to emulate instructions (bsc#1185302). - x86/apic/msi: Plug non-maskable MSI affinity race (bsc#1184439). - x86/cpu: Fix core name for Sapphire Rapids (jsc#SLE-15289). - x86/mm: Fix kern_addr_valid() to cope with existing but not present entries (bsc#1152489). - x86/resctrl: Fix a maybe-uninitialized build warning treated as error (bsc#1152489). - x86/resctrl: Fix default monitoring groups reporting (bsc#1152489). - xfs: allow mount/remount when stripe width alignment is zero (bsc#1188651). - xfs: sync lazy sb accounting on quiesce of read-only mounts (bsc#1190679). - xgene-v2: Fix a resource leak in the error handling path of 'xge_probe()' (git-fixes). - xhci: Set HCD flag to defer primary roothub registration (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3454-1 Released: Mon Oct 18 09:29:26 2021 Summary: Security update for krb5 Type: security Severity: moderate References: 1189929,CVE-2021-37750 This update for krb5 fixes the following issues: - CVE-2021-37750: Fixed KDC null pointer dereference via a FAST inner body that lacks a server field (bsc#1189929). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3480-1 Released: Wed Oct 20 11:24:08 2021 Summary: Recommended update for yast2-network Type: recommended Severity: moderate References: 1185016,1185524,1186910,1187270,1187512,1188344,1190645,1190739,1190915,1190933 This update for yast2-network fixes the following issues: - Don't crash when the interfaces table contains a not configured one (bnc#1190645, bsc#1190915). - Fix the shown description using the interface friendly name when it is empty (bsc#1190933). - Consider aliases sections as case insensitive (bsc#1190739). - Display user defined device name in the devices overview (bnc#1190645). - Don't crash when defined aliases in AutoYaST profile are not defined as a map (bsc#1188344). - Support 'boot' and 'on' as aliases for the 'auto' startmode (bsc#1186910). - Fix desktop file so the control center tooltip is translated (bsc#1187270). - Use the linuxrc proxy settings for the HTTPS and FTP proxies (bsc#1185016). - Don't crash at the end of installation when storing wifi configuration for NetworkManager (bsc#1185524, bsc#1187512). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3490-1 Released: Wed Oct 20 16:31:55 2021 Summary: Security update for ncurses Type: security Severity: moderate References: 1190793,CVE-2021-39537 This update for ncurses fixes the following issues: - CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3494-1 Released: Wed Oct 20 16:48:46 2021 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1190052 This update for pam fixes the following issues: - Added pam_faillock to the set of available PAM modules. (jsc#SLE-20638) - Added new file macros.pam on request of systemd. (bsc#1190052) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3501-1 Released: Fri Oct 22 10:42:46 2021 Summary: Recommended update for libzypp, zypper, libsolv, protobuf Type: recommended Severity: moderate References: 1186503,1186602,1187224,1187425,1187466,1187738,1187760,1188156,1188435,1189031,1190059,1190199,1190465,1190712,1190815 This update for libzypp, zypper, libsolv and protobuf fixes the following issues: - Choice rules: treat orphaned packages as newest (bsc#1190465) - Avoid calling 'su' to detect a too restrictive sudo user umask (bsc#1186602) - Do not check of signatures and keys two times(redundant) (bsc#1190059) - Rephrase vendor conflict message in case 2 packages are involved (bsc#1187760) - Show key fpr from signature when signature check fails (bsc#1187224) - Fix solver jobs for PTFs (bsc#1186503) - Fix purge-kernels fails (bsc#1187738) - Fix obs:// platform guessing for Leap (bsc#1187425) - Make sure to keep states alives while transitioning. (bsc#1190199) - Manpage: Improve description about patch updates(bsc#1187466) - Manpage: Recommend the needs-rebooting command to test whether a system reboot is suggested. - Fix kernel-*-livepatch removal in purge-kernels. (bsc#1190815) - Fix crashes in logging code when shutting down (bsc#1189031) - Do not download full files even if the checkExistsOnly flag is set. (bsc#1190712) - Add need reboot/restart hint to XML install summary (bsc#1188435) - Prompt: choose exact match if prompt options are not prefix free (bsc#1188156) - Include libprotobuf-lite20 in products to enable parallel downloads. (jsc#ECO-2911, jsc#SLE-16862) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3510-1 Released: Tue Oct 26 11:22:15 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1191987 This update for pam fixes the following issues: - Fixed a bad directive file which resulted in the 'securetty' file to be installed as 'macros.pam'. (bsc#1191987) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3515-1 Released: Tue Oct 26 13:48:04 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: important References: 1191200,1191260,1191480,1191804,1191922 This update for suse-module-tools fixes the following issues: Update to version 15.2.15: - Fix bad exit status in openQA. (bsc#1191922) - Deal with existing certificates that should be de-enrolled. (bsc#1191804) - Ignore kernel keyring for kernel certificates. (bsc#1191480) - Print 'mokutil' output in verbose mode. - Skip certificate scriptlet on non-UEFI systems. (bsc#1191260) - Don't pass existing files to weak-modules2. (bsc#1191200) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3523-1 Released: Tue Oct 26 15:40:13 2021 Summary: Security update for util-linux Type: security Severity: moderate References: 1122417,1125886,1178236,1188921,CVE-2021-37600 This update for util-linux fixes the following issues: Update to version 2.33.2 to provide seamless update from SLE12 SP5 to SLE15 SP2: - CVE-2021-37600: Fixed an integer overflow which could lead to a buffer overflow in get_sem_elements() in sys-utils/ipcutils.c (bsc#1188921). - agetty: Fix 8-bit processing in get_logname() (bsc#1125886). - mount: Fix 'mount' output for net file systems (bsc#1122417). - ipcs: Avoid overflows (bsc#1178236) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3529-1 Released: Wed Oct 27 09:23:32 2021 Summary: Security update for pcre Type: security Severity: moderate References: 1172973,1172974,CVE-2019-20838,CVE-2020-14155 This update for pcre fixes the following issues: Update pcre to version 8.45: - CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974). - CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3567-1 Released: Wed Oct 27 22:14:01 2021 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1191690 This update for apparmor fixes the following issues: - Fixed an issue when apparmor provides python2 and python3 libraries with the same name. (bsc#1191690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3616-1 Released: Thu Nov 4 12:29:15 2021 Summary: Security update for binutils Type: security Severity: moderate References: 1179898,1179899,1179900,1179901,1179902,1179903,1180451,1180454,1180461,1181452,1182252,1183511,1184620,1184794,CVE-2020-16590,CVE-2020-16591,CVE-2020-16592,CVE-2020-16593,CVE-2020-16598,CVE-2020-16599,CVE-2020-35448,CVE-2020-35493,CVE-2020-35496,CVE-2020-35507,CVE-2021-20197,CVE-2021-20284,CVE-2021-3487 This update for binutils fixes the following issues: Update to binutils 2.37: * The GNU Binutils sources now requires a C99 compiler and library to build. * Support for Realm Management Extension (RME) for AArch64 has been added. * A new linker option '-z report-relative-reloc' for x86 ELF targets has been added to report dynamic relative relocations. * A new linker option '-z start-stop-gc' has been added to disable special treatment of __start_*/__stop_* references when --gc-sections. * A new linker options '-Bno-symbolic' has been added which will cancel the '-Bsymbolic' and '-Bsymbolic-functions' options. * The readelf tool has a new command line option which can be used to specify how the numeric values of symbols are reported. --sym-base=0|8|10|16 tells readelf to display the values in base 8, base 10 or base 16. A sym base of 0 represents the default action of displaying values under 10000 in base 10 and values above that in base 16. * A new format has been added to the nm program. Specifying '--format=just-symbols' (or just using -j) will tell the program to only display symbol names and nothing else. * A new command line option '--keep-section-symbols' has been added to objcopy and strip. This stops the removal of unused section symbols when the file is copied. Removing these symbols saves space, but sometimes they are needed by other tools. * The '--weaken', '--weaken-symbol' and '--weaken-symbols' options supported by objcopy now make undefined symbols weak on targets that support weak symbols. * Readelf and objdump can now display and use the contents of .debug_sup sections. * Readelf and objdump will now follow links to separate debug info files by default. This behaviour can be stopped via the use of the new '-wN' or '--debug-dump=no-follow-links' options for readelf and the '-WN' or '--dwarf=no-follow-links' options for objdump. Also the old behaviour can be restored by the use of the '--enable-follow-debug-links=no' configure time option. The semantics of the =follow-links option have also been slightly changed. When enabled, the option allows for the loading of symbol tables and string tables from the separate files which can be used to enhance the information displayed when dumping other sections, but it does not automatically imply that information from the separate files should be displayed. If other debug section display options are also enabled (eg '--debug-dump=info') then the contents of matching sections in both the main file and the separate debuginfo file *will* be displayed. This is because in most cases the debug section will only be present in one of the files. If however non-debug section display options are enabled (eg '--sections') then the contents of matching parts of the separate debuginfo file will *not* be displayed. This is because in most cases the user probably only wanted to load the symbol information from the separate debuginfo file. In order to change this behaviour a new command line option --process-links can be used. This will allow di0pslay options to applied to both the main file and any separate debuginfo files. * Nm has a new command line option: '--quiet'. This suppresses 'no symbols' diagnostic. Update to binutils 2.36: New features in the Assembler: - General: * When setting the link order attribute of ELF sections, it is now possible to use a numeric section index instead of symbol name. * Added a .nop directive to generate a single no-op instruction in a target neutral manner. This instruction does have an effect on DWARF line number generation, if that is active. * Removed --reduce-memory-overheads and --hash-size as gas now uses hash tables that can be expand and shrink automatically. - X86/x86_64: * Add support for AVX VNNI, HRESET, UINTR, TDX, AMX and Key Locker instructions. * Support non-absolute segment values for lcall and ljmp. * Add {disp16} pseudo prefix to x86 assembler. * Configure with --enable-x86-used-note by default for Linux/x86. - ARM/AArch64: * Add support for Cortex-A78, Cortex-A78AE and Cortex-X1, Cortex-R82, Neoverse V1, and Neoverse N2 cores. * Add support for ETMv4 (Embedded Trace Macrocell), ETE (Embedded Trace Extension), TRBE (Trace Buffer Extension), CSRE (Call Stack Recorder Extension) and BRBE (Branch Record Buffer Extension) system registers. * Add support for Armv8-R and Armv8.7-A ISA extensions. * Add support for DSB memory nXS barrier, WFET and WFIT instruction for Armv8.7. * Add support for +csre feature for -march. Add CSR PDEC instruction for CSRE feature in AArch64. * Add support for +flagm feature for -march in Armv8.4 AArch64. * Add support for +ls64 feature for -march in Armv8.7 AArch64. Add atomic 64-byte load/store instructions for this feature. * Add support for +pauth (Pointer Authentication) feature for -march in AArch64. New features in the Linker: * Add --error-handling-script= command line option to allow a helper script to be invoked when an undefined symbol or a missing library is encountered. This option can be suppressed via the configure time switch: --enable-error-handling-script=no. * Add -z x86-64-{baseline|v[234]} to the x86 ELF linker to mark x86-64-{baseline|v[234]} ISA level as needed. * Add -z unique-symbol to avoid duplicated local symbol names. * The creation of PE format DLLs now defaults to using a more secure set of DLL characteristics. * The linker now deduplicates the types in .ctf sections. The new command-line option --ctf-share-types describes how to do this: its default value, share-unconflicted, produces the most compact output. * The linker now omits the 'variable section' from .ctf sections by default, saving space. This is almost certainly what you want unless you are working on a project that has its own analogue of symbol tables that are not reflected in the ELF symtabs. New features in other binary tools: * The ar tool's previously unused l modifier is now used for specifying dependencies of a static library. The arguments of this option (or --record-libdeps long form option) will be stored verbatim in the __.LIBDEP member of the archive, which the linker may read at link time. * Readelf can now display the contents of LTO symbol table sections when asked to do so via the --lto-syms command line option. * Readelf now accepts the -C command line option to enable the demangling of symbol names. In addition the --demangle=