From sle-updates at lists.suse.com Mon Jan 4 04:16:16 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 4 Jan 2021 12:16:16 +0100 (CET) Subject: SUSE-RU-2021:0006-1: moderate: Recommended update for libdlm Message-ID: <20210104111616.B2CCEFF0B@maintenance.suse.de> SUSE Recommended Update: Recommended update for libdlm ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0006-1 Rating: moderate References: #1098449 #1144793 #1168771 #1177533 #1177658 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for libdlm fixes the following issues: - Rework libdlm3 require with a shared library version tag instead so it propagates to all consuming packages.(bsc#1177658, bsc#1098449) - Add support for type 'uint64_t' to corosync ringid. (bsc#1168771) - Include some fixes/enhancements for dlm_controld. (bsc#1144793) - Fixed an issue where /boot logical volume was accidentally unmounted. (bsc#1177533) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-6=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-6=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): device-mapper-1.02.163-8.15.5 device-mapper-debuginfo-1.02.163-8.15.5 device-mapper-devel-1.02.163-8.15.5 libdevmapper-event1_03-1.02.163-8.15.5 libdevmapper-event1_03-debuginfo-1.02.163-8.15.5 libdevmapper1_03-1.02.163-8.15.5 libdevmapper1_03-debuginfo-1.02.163-8.15.5 liblvm2cmd2_03-2.03.05-8.15.5 liblvm2cmd2_03-debuginfo-2.03.05-8.15.5 lvm2-2.03.05-8.15.5 lvm2-debuginfo-2.03.05-8.15.5 lvm2-debugsource-2.03.05-8.15.5 lvm2-devel-2.03.05-8.15.5 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libdevmapper1_03-32bit-1.02.163-8.15.5 libdevmapper1_03-32bit-debuginfo-1.02.163-8.15.5 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): lvm2-lockd-2.03.05-8.15.5 lvm2-lockd-debuginfo-2.03.05-8.15.5 lvm2-lvmlockd-debugsource-2.03.05-8.15.5 References: https://bugzilla.suse.com/1098449 https://bugzilla.suse.com/1144793 https://bugzilla.suse.com/1168771 https://bugzilla.suse.com/1177533 https://bugzilla.suse.com/1177658 From sle-updates at lists.suse.com Mon Jan 4 04:17:45 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 4 Jan 2021 12:17:45 +0100 (CET) Subject: SUSE-RU-2021:0001-1: moderate: Recommended update for pesign-obs-integration Message-ID: <20210104111745.23344FF0B@maintenance.suse.de> SUSE Recommended Update: Recommended update for pesign-obs-integration ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0001-1 Rating: moderate References: #1180242 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for pesign-obs-integration fixes the following issues: - Fix for the wrongly created noarch subpackages. (bsc#1180242) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2021-1=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): pesign-obs-integration-10.1-3.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): pesign-obs-integration-10.1-3.12.1 References: https://bugzilla.suse.com/1180242 From sle-updates at lists.suse.com Mon Jan 4 04:18:44 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 4 Jan 2021 12:18:44 +0100 (CET) Subject: SUSE-RU-2021:0002-1: moderate: Recommended update for alsa-utils Message-ID: <20210104111844.96BBEFF0B@maintenance.suse.de> SUSE Recommended Update: Recommended update for alsa-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0002-1 Rating: moderate References: #1179904 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for alsa-utils fixes the following issues: - Fix for alsa restore behavior during locking and restore saved settings. (bsc#1179904) - Remove unnecessary condition for alsa-restore.service Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-2=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-2=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-2=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2021-2=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): alsa-utils-1.1.5-4.6.1 alsa-utils-debuginfo-1.1.5-4.6.1 alsa-utils-debugsource-1.1.5-4.6.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): alsa-utils-1.1.5-4.6.1 alsa-utils-debuginfo-1.1.5-4.6.1 alsa-utils-debugsource-1.1.5-4.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): alsa-utils-1.1.5-4.6.1 alsa-utils-debuginfo-1.1.5-4.6.1 alsa-utils-debugsource-1.1.5-4.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): alsa-utils-1.1.5-4.6.1 alsa-utils-debuginfo-1.1.5-4.6.1 alsa-utils-debugsource-1.1.5-4.6.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): alsa-utils-1.1.5-4.6.1 alsa-utils-debuginfo-1.1.5-4.6.1 alsa-utils-debugsource-1.1.5-4.6.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): alsa-utils-1.1.5-4.6.1 alsa-utils-debuginfo-1.1.5-4.6.1 alsa-utils-debugsource-1.1.5-4.6.1 References: https://bugzilla.suse.com/1179904 From sle-updates at lists.suse.com Mon Jan 4 04:19:44 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 4 Jan 2021 12:19:44 +0100 (CET) Subject: SUSE-RU-2021:0005-1: moderate: Recommended update for yast2-tune Message-ID: <20210104111944.CE9BBFF0B@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-tune ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0005-1 Rating: moderate References: #1168036 #1178797 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2-tune fixes the following issues: - Add I/O device autoconfig checkbox on s390 for installer pre-configuration. (bsc#1168036) - Remove elevator settings kernel boot parameter as it is obsolte. (bsc#1178797) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-5=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): yast2-tune-4.2.5-3.5.1 References: https://bugzilla.suse.com/1168036 https://bugzilla.suse.com/1178797 From sle-updates at lists.suse.com Mon Jan 4 04:20:51 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 4 Jan 2021 12:20:51 +0100 (CET) Subject: SUSE-RU-2021:0004-1: moderate: Recommended update for release-notes-sles Message-ID: <20210104112051.48F75FF11@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0004-1 Rating: moderate References: #1150224 #1150672 #1163166 #1180184 SLE-12396 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Installer 15 ______________________________________________________________________________ An update that has four recommended fixes and contains one feature can now be installed. Description: This update for release-notes-sles fixes the following issues: - 15.0.20201217 (tracked in bsc#1180184) - Added note about Git 2.26.2 update (jsc#SLE-12396) - Added note about removal of libjpeg-turbo (bsc#1150224) - Added note about alternatives system & display manager (bsc#1163166) - Updated URL for source code download (bsc#1150672) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-4=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-4=1 - SUSE Linux Enterprise Installer 15: zypper in -t patch SUSE-SLE-INSTALLER-15-2021-4=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (noarch): release-notes-sles-15.0.20201217-3.18.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): release-notes-sles-15.0.20201217-3.18.1 - SUSE Linux Enterprise Installer 15 (noarch): release-notes-sles-15.0.20201217-3.18.1 References: https://bugzilla.suse.com/1150224 https://bugzilla.suse.com/1150672 https://bugzilla.suse.com/1163166 https://bugzilla.suse.com/1180184 From sle-updates at lists.suse.com Mon Jan 4 04:22:07 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 4 Jan 2021 12:22:07 +0100 (CET) Subject: SUSE-RU-2021:0003-1: moderate: Recommended update for yast2 Message-ID: <20210104112207.B606EFF11@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0003-1 Rating: moderate References: #1176276 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2 fixes the following issues: - Log more details when several resolvables (instead of a single one) are unexpectedely found. (bsc#1176276) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-3=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): yast2-4.2.88-3.11.1 yast2-logs-4.2.88-3.11.1 References: https://bugzilla.suse.com/1176276 From sle-updates at lists.suse.com Mon Jan 4 07:15:53 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 4 Jan 2021 15:15:53 +0100 (CET) Subject: SUSE-SU-2021:0015-1: moderate: Security update for gimp Message-ID: <20210104141553.0AB86FEDA@maintenance.suse.de> SUSE Security Update: Security update for gimp ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0015-1 Rating: moderate References: #1073624 #1073625 #1073626 Cross-References: CVE-2017-17784 CVE-2017-17785 CVE-2017-17786 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for gimp fixes the following issues: - CVE-2017-17784: Fixed an insufficient string validation for input names (bsc#1073624). - CVE-2017-17785: Fixed an heap-based buffer overflow in FLI import (bsc#1073625). - CVE-2017-17786: Fixed an out-of-bounds read in TGA (bsc#1073626). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2021-15=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-15=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (noarch): gimp-lang-2.8.18-9.18.1 - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): gimp-2.8.18-9.18.1 gimp-debuginfo-2.8.18-9.18.1 gimp-debugsource-2.8.18-9.18.1 gimp-plugins-python-2.8.18-9.18.1 gimp-plugins-python-debuginfo-2.8.18-9.18.1 libgimp-2_0-0-2.8.18-9.18.1 libgimp-2_0-0-debuginfo-2.8.18-9.18.1 libgimpui-2_0-0-2.8.18-9.18.1 libgimpui-2_0-0-debuginfo-2.8.18-9.18.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): gimp-debuginfo-2.8.18-9.18.1 gimp-debugsource-2.8.18-9.18.1 gimp-devel-2.8.18-9.18.1 gimp-devel-debuginfo-2.8.18-9.18.1 libgimp-2_0-0-2.8.18-9.18.1 libgimp-2_0-0-debuginfo-2.8.18-9.18.1 libgimpui-2_0-0-2.8.18-9.18.1 libgimpui-2_0-0-debuginfo-2.8.18-9.18.1 References: https://www.suse.com/security/cve/CVE-2017-17784.html https://www.suse.com/security/cve/CVE-2017-17785.html https://www.suse.com/security/cve/CVE-2017-17786.html https://bugzilla.suse.com/1073624 https://bugzilla.suse.com/1073625 https://bugzilla.suse.com/1073626 From sle-updates at lists.suse.com Mon Jan 4 07:17:05 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 4 Jan 2021 15:17:05 +0100 (CET) Subject: SUSE-RU-2021:0008-1: Recommended update for release-notes-sles Message-ID: <20210104141705.7672FFEDA@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0008-1 Rating: low References: #1174679 #1180186 SLE-10633 SLE-11590 SLE-12396 SLE-4591 Affected Products: SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Installer 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes and contains four features can now be installed. Description: This update for release-notes-sles fixes the following issues: Release notes 15.1.20201217 (bsc#1180186) - Added note about Git 2.26 update (jsc#SLE-12396) - Added note about QEMU Guest Agent (jsc#SLE-4591) - Added note that seccheck runs from systemd timers (bsc#1174679) - Added note about LibreOffice 6.4 (jsc#SLE-11590) - Added note about Vagrant (jsc#SLE-10633) - Move NVDIMM note to Storage section Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-2021-8=1 - SUSE Linux Enterprise Installer 15-SP1: zypper in -t patch SUSE-SLE-INSTALLER-15-SP1-2021-8=1 Package List: - SUSE Linux Enterprise Server 15-SP1 (noarch): release-notes-sles-15.1.20201217-3.14.1 - SUSE Linux Enterprise Installer 15-SP1 (noarch): release-notes-sles-15.1.20201217-3.14.1 References: https://bugzilla.suse.com/1174679 https://bugzilla.suse.com/1180186 From sle-updates at lists.suse.com Mon Jan 4 07:18:10 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 4 Jan 2021 15:18:10 +0100 (CET) Subject: SUSE-RU-2021:0010-1: moderate: Recommended update for dmidecode Message-ID: <20210104141810.AAE00FEDA@maintenance.suse.de> SUSE Recommended Update: Recommended update for dmidecode ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0010-1 Rating: moderate References: #1174257 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for dmidecode fixes the following issue: - Two missing commas in the data arrays cause "OUT OF SPEC" messages during the index resolution. (bnc#1174257) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-10=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2021-10=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 x86_64): dmidecode-3.2-9.11.1 dmidecode-debuginfo-3.2-9.11.1 dmidecode-debugsource-3.2-9.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 x86_64): dmidecode-3.2-9.11.1 dmidecode-debuginfo-3.2-9.11.1 dmidecode-debugsource-3.2-9.11.1 References: https://bugzilla.suse.com/1174257 From sle-updates at lists.suse.com Mon Jan 4 07:19:05 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 4 Jan 2021 15:19:05 +0100 (CET) Subject: SUSE-SU-2021:0014-1: moderate: Security update for gimp Message-ID: <20210104141905.B283EFEDA@maintenance.suse.de> SUSE Security Update: Security update for gimp ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0014-1 Rating: moderate References: #1073624 #1073625 #1073626 Cross-References: CVE-2017-17784 CVE-2017-17785 CVE-2017-17786 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for gimp fixes the following issues: - CVE-2017-17784: Fixed an insufficient string validation for input names (bsc#1073624). - CVE-2017-17785: Fixed an heap-based buffer overflow in FLI import (bsc#1073625). - CVE-2017-17786: Fixed an out-of-bounds read in TGA (bsc#1073626). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2021-14=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): gimp-2.8.22-5.11.2 gimp-debuginfo-2.8.22-5.11.2 gimp-debugsource-2.8.22-5.11.2 gimp-devel-2.8.22-5.11.2 gimp-devel-debuginfo-2.8.22-5.11.2 gimp-plugins-python-2.8.22-5.11.2 gimp-plugins-python-debuginfo-2.8.22-5.11.2 libgimp-2_0-0-2.8.22-5.11.2 libgimp-2_0-0-debuginfo-2.8.22-5.11.2 libgimpui-2_0-0-2.8.22-5.11.2 libgimpui-2_0-0-debuginfo-2.8.22-5.11.2 - SUSE Linux Enterprise Workstation Extension 15-SP1 (noarch): gimp-lang-2.8.22-5.11.2 References: https://www.suse.com/security/cve/CVE-2017-17784.html https://www.suse.com/security/cve/CVE-2017-17785.html https://www.suse.com/security/cve/CVE-2017-17786.html https://bugzilla.suse.com/1073624 https://bugzilla.suse.com/1073625 https://bugzilla.suse.com/1073626 From sle-updates at lists.suse.com Mon Jan 4 07:20:13 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 4 Jan 2021 15:20:13 +0100 (CET) Subject: SUSE-RU-2021:0007-1: moderate: Recommended update for enchant Message-ID: <20210104142013.A2CBFFEDA@maintenance.suse.de> SUSE Recommended Update: Recommended update for enchant ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0007-1 Rating: moderate References: #1178489 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for enchant fixes the following issue: - _Voikko_ and _Zemberek's_ APIs assume a NUL-terminated string. Provide one in Enchant. (bsc#1178489) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-7=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): enchant-2-backend-hunspell-2.2.5-4.3.1 enchant-2-backend-hunspell-debuginfo-2.2.5-4.3.1 enchant-data-2.2.5-4.3.1 enchant-debugsource-2.2.5-4.3.1 enchant-devel-2.2.5-4.3.1 libenchant-2-2-2.2.5-4.3.1 libenchant-2-2-debuginfo-2.2.5-4.3.1 References: https://bugzilla.suse.com/1178489 From sle-updates at lists.suse.com Mon Jan 4 07:21:08 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 4 Jan 2021 15:21:08 +0100 (CET) Subject: SUSE-RU-2021:0009-1: Recommended update for release-notes-sle_hpc Message-ID: <20210104142108.48729FEDA@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sle_hpc ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0009-1 Rating: low References: #1123633 #1132668 #1150672 #1173308 #1180187 Affected Products: SUSE Linux Enterprise Module for HPC 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for release-notes-sle_hpc fixes the following issues: Release Notes 15.1.20201217 (bsc#1180187) - Mention Python 2 module in upgrade notes (bsc#1173308, bsc#1123633) - Removed reference to php5, do not suggest always adding Web and Scripting module (bsc#1132668) - Updated URL for source code download (bsc#1150672) - Improve Ganglia note Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 15-SP1: zypper in -t patch SUSE-SLE-Module-HPC-15-SP1-2021-9=1 - SUSE Linux Enterprise High Performance Computing 15-SP1: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-2021-9=1 Package List: - SUSE Linux Enterprise Module for HPC 15-SP1 (noarch): release-notes-sle_hpc-15.100000000.20201217-3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP1 (noarch): release-notes-sle_hpc-15.100000000.20201217-3.3.1 References: https://bugzilla.suse.com/1123633 https://bugzilla.suse.com/1132668 https://bugzilla.suse.com/1150672 https://bugzilla.suse.com/1173308 https://bugzilla.suse.com/1180187 From sle-updates at lists.suse.com Mon Jan 4 07:22:32 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 4 Jan 2021 15:22:32 +0100 (CET) Subject: SUSE-RU-2021:0012-1: moderate: Recommended update for pacemaker Message-ID: <20210104142232.79831FEDA@maintenance.suse.de> SUSE Recommended Update: Recommended update for pacemaker ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0012-1 Rating: moderate References: #1174696 #1178865 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise High Availability 12-SP5 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for pacemaker fixes the following issues: Update to version 1.1.24+20201209.8f22be2ae - Improve the documentation of `stonith-watchdog-timeout` and `have-watchdog` cluster options (bsc#1174696) - Downgrade the message about the meaning of `have-watchdog=true` to info (bsc#1174696) - crmadmin: printing DC quietly if needed (bsc#1178865) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-12=1 - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2021-12=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libpacemaker-devel-1.1.24+20201209.8f22be2ae-3.12.1 pacemaker-cts-1.1.24+20201209.8f22be2ae-3.12.1 pacemaker-cts-debuginfo-1.1.24+20201209.8f22be2ae-3.12.1 pacemaker-debuginfo-1.1.24+20201209.8f22be2ae-3.12.1 pacemaker-debugsource-1.1.24+20201209.8f22be2ae-3.12.1 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): libpacemaker3-1.1.24+20201209.8f22be2ae-3.12.1 libpacemaker3-debuginfo-1.1.24+20201209.8f22be2ae-3.12.1 pacemaker-1.1.24+20201209.8f22be2ae-3.12.1 pacemaker-cli-1.1.24+20201209.8f22be2ae-3.12.1 pacemaker-cli-debuginfo-1.1.24+20201209.8f22be2ae-3.12.1 pacemaker-cts-1.1.24+20201209.8f22be2ae-3.12.1 pacemaker-cts-debuginfo-1.1.24+20201209.8f22be2ae-3.12.1 pacemaker-debuginfo-1.1.24+20201209.8f22be2ae-3.12.1 pacemaker-debugsource-1.1.24+20201209.8f22be2ae-3.12.1 pacemaker-remote-1.1.24+20201209.8f22be2ae-3.12.1 pacemaker-remote-debuginfo-1.1.24+20201209.8f22be2ae-3.12.1 References: https://bugzilla.suse.com/1174696 https://bugzilla.suse.com/1178865 From sle-updates at lists.suse.com Mon Jan 4 07:23:36 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 4 Jan 2021 15:23:36 +0100 (CET) Subject: SUSE-RU-2021:0011-1: moderate: Recommended update for SupportConfig Analysis suite Message-ID: <20210104142336.DC8A5FEDA@maintenance.suse.de> SUSE Recommended Update: Recommended update for SupportConfig Analysis suite ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0011-1 Rating: moderate References: #1017160 #1096254 #1115654 #1124793 #1155181 #1177249 #1178086 #1178088 #1178092 #1178093 #1178094 #1178099 #1178151 #1178152 #1178229 #1178523 #1178524 #1178528 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has 18 recommended fixes can now be installed. Description: This update for SupportConfig Analysis suite fixes the following issues: Changes in sca-patterns-base: - Additions to version 1.3.1 + `SUSE.getHostInfo` doesn't use `/etc/os-release`. (bsc#1178523) + `SUSE.py` missing initial kernel version constants. (bsc#1178524) Changes in sca-patterns-hae: - Updates to version 1.3.1 + Fixed false positive for stonith-00002.pl (bsc#1124793) Changes in sca-patterns-sle11: - New Security Announcement Patterns for Version 1.3.1 + SUSE-SU-2020:14546-1 SUSE-SU-2020:14549-1 SUSE-SU-2020:14548-1 SUSE-SU-2020:14551-1 SUSE-SU-2020:14550-1 SUSE-SU-2020:14399-1 SUSE-SU-2020:14266-1 SUSE-SU-2020:14400-1 SUSE-SU-2020:14341-1 SUSE-SU-2020:14409-1 SUSE-SU-2020:14440-1 SUSE-SU-2020:14461-1 SUSE-SU-2020:14313-1 SUSE-SU-2020:14263-1 SUSE-SU-2020:14287-1 SUSE-SU-2020:14484-1 SUSE-SU-2020:14354-1 SUSE-SU-2020:14393-1 SUSE-SU-2020:14442-1 SUSE-SU-2020:14337-1 SUSE-SU-2020:14342-1 SUSE-SU-2020:14398-1 SUSE-SU-2020:14396-1 SUSE-SU-2020:14294-1 SUSE-SU-2020:14355-1 SUSE-SU-2020:14424-1 SUSE-SU-2020:14267-1 SUSE-SU-2020:14356-1 SUSE-SU-2020:14423-1 SUSE-SU-2020:14418-1 SUSE-SU-2020:14268-1 SUSE-SU-2020:14290-1 SUSE-SU-2020:14312-1 SUSE-SU-2020:14339-1 SUSE-SU-2020:14359-1 SUSE-SU-2020:14389-1 SUSE-SU-2020:14421-1 SUSE-SU-2020:14456-1 SUSE-SU-2020:14489-1 SUSE-SU-2020:14502-1 SUSE-SU-2020:14522-1 SUSE-SU-2020:14542-1 SUSE-SU-2020:14414-1 SUSE-SU-2020:14415-1 SUSE-SU-2020:14358-1 SUSE-SU-2020:14419-1 SUSE-SU-2020:14541-1 SUSE-SU-2020:14295-1 SUSE-SU-2020:14491-1 SUSE-SU-2020:14493-1 SUSE-SU-2020:14510-1 SUSE-SU-2020:14304-1 SUSE-SU-2020:14289-1 SUSE-SU-2020:14516-1 SUSE-SU-2020:14292-1 SUSE-SU-2020:14306-1 SUSE-SU-2020:14437-1 SUSE-SU-2020:14525-1 SUSE-SU-2020:14490-1 SUSE-SU-2020:14460-1 SUSE-SU-2020:14369-1 SUSE-SU-2020:14334-1 SUSE-SU-2020:14375-1 SUSE-SU-2020:14385-1 SUSE-SU-2020:14444-1 SUSE-SU-2020:14521-1 SUSE-SU-2020:14445-1 SUSE-SU-2020:14447-1 SUSE-SU-2020:14463-1 SUSE-SU-2020:14475-1 SUSE-SU-2018:1172-1 SUSE-SU-2018:1162-1 SUSE-SU-2018:1203-1 SUSE-SU-2018:1171-1 SUSE-SU-2018:1162-1 SUSE-SU-2018:1181-1 SUSE-SU-2018:0863-1 SUSE-SU-2018:0565-1 SUSE-SU-2018:0645-1 SUSE-SU-2018:0660-1 SUSE-SU-2018:0705-1 SUSE-SU-2018:0806-1 SUSE-SU-2018:0678-1 SUSE-SU-2018:0863-1 SUSE-SU-2018:0866-1 SUSE-SU-2018:0565-1 SUSE-SU-2018:0630-1 SUSE-SU-2018:0555-1 SUSE-SU-2018:1080-1 SUSE-SU-2018:1077-1 SUSE-SU-2018:0838-1 SUSE-SU-2018:0705-1 SUSE-SU-2018:0975-1 SUSE-SU-2018:0806-1 SUSE-SU-2018:0638-1 - Detects missing shim that fails upgrade (sle11all/shim-upgrade-7022915.py) Changes in sca-patterns-sle12: - New Security Announcement Patterns for Version 1.0.1 + SUSE-SU-2020:3516-1 SUSE-SU-2020:3354-1 SUSE-SU-2020:3501-1 SUSE-SU-2020:3433-1 SUSE-SU-2020:3379-1 SUSE-SU-2020:3550-1 SUSE-SU-2020:3548-1 SUSE-SU-2020:3464-1 SUSE-SU-2020:3477-1 SUSE-SU-2020:3514-1 SUSE-SU-2020:3367-1 SUSE-SU-2020:3516-1 SUSE-SU-2020:3354-1 SUSE-SU-2020:3503-1 SUSE-SU-2020:3433-1 SUSE-SU-2020:3379-1 SUSE-SU-2020:3550-1 SUSE-SU-2020:3548-1 SUSE-SU-2020:3464-1 SUSE-SU-2020:3477-1 SUSE-SU-2020:3474-1 SUSE-SU-2020:3514-1 SUSE-SU-2020:3516-1 SUSE-SU-2020:3353-1 SUSE-SU-2020:3544-1 SUSE-SU-2020:3379-1 SUSE-SU-2020:3550-1 SUSE-SU-2020:3497-1 SUSE-SU-2020:3548-1 SUSE-SU-2020:3464-1 SUSE-SU-2020:3514-1 SUSE-SU-2020:3415-1 SUSE-SU-2020:3516-1 SUSE-SU-2020:3353-1 SUSE-SU-2020:3379-1 SUSE-SU-2020:3550-1 SUSE-SU-2020:3497-1 SUSE-SU-2020:3548-1 SUSE-SU-2020:3464-1 SUSE-SU-2020:3563-1 SUSE-SU-2020:3360-1 SUSE-SU-2020:3457-1 SUSE-SU-2020:3424-1 SUSE-SU-2020:3414-1 SUSE-SU-2020:0576-1 SUSE-SU-2020:2634-1 SUSE-SU-2020:3263-1 SUSE-SU-2020:0394-1 SUSE-SU-2020:1210-1 SUSE-SU-2020:1855-1 SUSE-SU-2020:3315-1 SUSE-SU-2020:1285-1 SUSE-SU-2020:0555-1 SUSE-SU-2020:1792-1 SUSE-SU-2020:0497-1 SUSE-SU-2020:0854-1 SUSE-SU-2020:2699-1 SUSE-SU-2020:3262-1 SUSE-SU-2020:1221-1 SUSE-SU-2020:1111-1 SUSE-SU-2020:1045-1 SUSE-SU-2020:0394-1 SUSE-SU-2020:1212-1 SUSE-SU-2020:0992-1 SUSE-SU-2020:1295-1 SUSE-SU-2020:1180-1 SUSE-SU-2020:0024-1 SUSE-SU-2020:0051-1 SUSE-SU-2020:0261-1 SUSE-SU-2020:0456-1 SUSE-SU-2020:0528-1 SUSE-SU-2020:0628-1 SUSE-SU-2020:0204-1 SUSE-SU-2020:0868-1 SUSE-SU-2020:1475-1 SUSE-SU-2020:0457-1 SUSE-SU-2020:1534-1 SUSE-SU-2019:3060-2 SUSE-SU-2020:0319-1 SUSE-SU-2020:1165-1 SUSE-SU-2020:0054-1 SUSE-SU-2020:1301-1 SUSE-SU-2020:0050-1 SUSE-SU-2020:0088-1 SUSE-SU-2020:0068-1 SUSE-SU-2020:0384-1 SUSE-SU-2020:0717-1 SUSE-SU-2020:0928-1 SUSE-SU-2020:0978-1 SUSE-SU-2020:1218-1 SUSE-SU-2020:1210-1 SUSE-SU-2020:0516-1 radius:SUSE-SU-2020 SUSE-SU-2020:0715-1 SUSE-SU-2020:0586-1 SUSE-SU-2020:0490-1 SUSE-SU-2020:0555-1 SUSE-SU-2020:0790-1 SUSE-SU-2020:0497-1 SUSE-SU-2020:0854-1 SUSE-SU-2020:1524-1 SUSE-SU-2020:1514-1 SUSE-SU-2020:0424-1 SUSE-SU-2020:0115-1 SUSE-SU-2020:0810-1 SUSE-SU-2020:0390-1 SUSE-SU-2020:0266-1 SUSE-SU-2020:0806-1 SUSE-SU-2020:1497-1 SUSE-SU-2020:0358-1 SUSE-SU-2020:0388-1 SUSE-SU-2020:1612-1 SUSE-SU-2020:1272-1 SUSE-SU-2020:2450-1 SUSE-SU-2020:3149-1 SUSE-SU-2020:1914-1 SUSE-SU-2020:1045-1 SUSE-SU-2020:1732-1 SUSE-SU-2020:2274-1 SUSE-SU-2020:2391-1 SUSE-SU-2020:2998-1 SUSE-SU-2020:3263-1 SUSE-SU-2020:0394-1 SUSE-SU-2020:1212-1 SUSE-SU-2020:2097-1 SUSE-SU-2020:0992-1 SUSE-SU-2020:1295-1 SUSE-SU-2020:3024-1 SUSE-SU-2020:2076-1 SUSE-SU-2020:2308-1 SUSE-SU-2020:1180-1 SUSE-SU-2020:0024-1 SUSE-SU-2020:0051-1 SUSE-SU-2020:0261-1 SUSE-SU-2020:0456-1 SUSE-SU-2020:0528-1 SUSE-SU-2020:0628-1 SUSE-SU-2020:1571-1 SUSE-SU-2020:1683-1 SUSE-SU-2020:1685-1 SUSE-SU-2020:1686-1 SUSE-SU-2020:2461-1 SUSE-SU-2020:2482-1 SUSE-SU-2020:2861-1 SUSE-SU-2020:3310-1 SUSE-SU-2020:1255-1 SUSE-SU-2020:1597-1 SUSE-SU-2020:2134-1 SUSE-SU-2020:2576-1 SUSE-SU-2020:0159-1 SUSE-SU-2020:0204-1 SUSE-SU-2020:0868-1 SUSE-SU-2020:1475-1 SUSE-SU-2020:1486-1 SUSE-SU-2020:1764-1 SUSE-SU-2020:1767-1 SUSE-SU-2020:2491-1 SUSE-SU-2020:2492-1 SUSE-SU-2020:2499-1 SUSE-SU-2020:2502-1 SUSE-SU-2020:2544-1 SUSE-SU-2020:3191-1 SUSE-SU-2020:3219-1 SUSE-SU-2020:3225-1 SUSE-SU-2020:1533-1 SUSE-SU-2020:0457-1 SUSE-SU-2020:1534-1 SUSE-SU-2019:3060-2 SUSE-SU-2020:2900-1 SUSE-SU-2020:0318-1 SUSE-SU-2020:2760-1 SUSE-SU-2020:3143-1 SUSE-SU-2020:1165-1 SUSE-SU-2020:2167-1 SUSE-SU-2020:2117-1 SUSE-SU-2020:2196-1 SUSE-SU-2020:0920-2 SUSE-SU-2020:0054-1 SUSE-SU-2020:1301-1 SUSE-SU-2020:2048-1 SUSE-SU-2020:0050-1 SUSE-SU-2020:0088-1 SUSE-SU-2020:1839-1 SUSE-SU-2020:0068-1 SUSE-SU-2020:0384-1 SUSE-SU-2020:0717-1 SUSE-SU-2020:0928-1 SUSE-SU-2020:0978-1 SUSE-SU-2020:1218-1 SUSE-SU-2020:1563-1 SUSE-SU-2020:1899-1 SUSE-SU-2020:2100-1 SUSE-SU-2020:2759-1 SUSE-SU-2020:3053-1 SUSE-SU-2020:3331-1 SUSE-SU-2020:1794-1 SUSE-SU-2020:1805-1 SUSE-SU-2020:1193-1 SUSE-SU-2020:1859-1 SUSE-SU-2020:3314-1 SUSE-SU-2020:0474-1 SUSE-SU-2020:0495-1 SUSE-SU-2020:3126-1 radius:SUSE-SU-2020 SUSE-SU-2020:2661-1 SUSE-SU-2020:2856-1 SUSE-SU-2020:1662-1 SUSE-SU-2020:0545-1 SUSE-SU-2020:0715-1 SUSE-SU-2020:3343-1 SUSE-SU-2020:0586-1 SUSE-SU-2020:0490-1 SUSE-SU-2020:0792-1 SUSE-SU-2020:2157-1 SUSE-SU-2020:0555-1 SUSE-SU-2020:1792-1 SUSE-SU-2020:0497-1 SUSE-SU-2020:0854-1 SUSE-SU-2020:2699-1 SUSE-SU-2020:1524-1 SUSE-SU-2020:1526-1 SUSE-SU-2020:3351-1 SUSE-SU-2020:0512-1 SUSE-SU-2020:1570-1 SUSE-SU-2020:2312-1 SUSE-SU-2020:2724-1 SUSE-SU-2020:3083-1 SUSE-SU-2020:3125-1 SUSE-SU-2020:0115-1 SUSE-SU-2020:2628-1 SUSE-SU-2020:0810-1 SUSE-SU-2020:0661-1 SUSE-SU-2020:1227-1 SUSE-SU-2020:1803-1 SUSE-SU-2020:1946-1 SUSE-SU-2020:2471-1 SUSE-SU-2020:0407-1 SUSE-SU-2020:0331-1 SUSE-SU-2020:2898-1 SUSE-SU-2020:0725-1 SUSE-SU-2020:1498-1 SUSE-SU-2020:1791-1 SUSE-SU-2020:2611-1 SUSE-SU-2020:1595-1 SUSE-SU-2020:3279-1 SUSE-SU-2020:1550-1 SUSE-SU-2020:0016-1 SUSE-SU-2020:1135-1 SUSE-SU-2020:1211-1 SUSE-SU-2020:2069-1 SUSE-SU-2020:2232-1 SUSE-SU-2020:0410-1 SUSE-SU-2020:0334-1 SUSE-SU-2020:2234-1 SUSE-SU-2020:2822-1 SUSE-SU-2020:2225-1 SUSE-SU-2020:2331-1 SUSE-SU-2020:2401-1 SUSE-SU-2020:1943-1 SUSE-SU-2020:1612-1 SUSE-SU-2020:1272-1 SUSE-SU-2020:2450-1 SUSE-SU-2020:3149-1 SUSE-SU-2020:1914-1 SUSE-SU-2020:1158-1 SUSE-SU-2020:1748-1 SUSE-SU-2020:1045-1 SUSE-SU-2020:1732-1 SUSE-SU-2020:2274-1 SUSE-SU-2020:2194-1 SUSE-SU-2020:1018-1 SUSE-SU-2020:2998-1 SUSE-SU-2020:3263-1 SUSE-SU-2020:0394-1 SUSE-SU-2020:1212-1 SUSE-SU-2020:2097-1 SUSE-SU-2020:0992-1 SUSE-SU-2020:1295-1 SUSE-SU-2020:3024-1 SUSE-SU-2020:2079-1 SUSE-SU-2020:2304-1 SUSE-SU-2020:1180-1 SUSE-SU-2020:0630-1 SUSE-SU-2020:0024-1 SUSE-SU-2020:0051-1 SUSE-SU-2020:0261-1 SUSE-SU-2020:0456-1 SUSE-SU-2020:0528-1 SUSE-SU-2020:0628-1 SUSE-SU-2020:1571-1 SUSE-SU-2020:1683-1 SUSE-SU-2020:1685-1 SUSE-SU-2020:1686-1 SUSE-SU-2020:2461-1 SUSE-SU-2020:2482-1 SUSE-SU-2020:2861-1 SUSE-SU-2020:3310-1 SUSE-SU-2020:1275-1 SUSE-SU-2020:1596-1 SUSE-SU-2020:1713-1 SUSE-SU-2020:2152-1 SUSE-SU-2020:2582-1 SUSE-SU-2020:0159-1 SUSE-SU-2020:0204-1 SUSE-SU-2020:0868-1 SUSE-SU-2020:1475-1 SUSE-SU-2020:1779-1 SUSE-SU-2020:1781-1 SUSE-SU-2020:1784-1 SUSE-SU-2020:2491-1 SUSE-SU-2020:2497-1 SUSE-SU-2020:2498-1 SUSE-SU-2020:2499-1 SUSE-SU-2020:2502-1 SUSE-SU-2020:2544-1 SUSE-SU-2020:3191-1 SUSE-SU-2020:3219-1 SUSE-SU-2020:3225-1 SUSE-SU-2020:1533-1 SUSE-SU-2020:0457-1 SUSE-SU-2020:1534-1 SUSE-SU-2019:3060-2 SUSE-SU-2020:2900-1 SUSE-SU-2020:0317-1 SUSE-SU-2020:2751-1 SUSE-SU-2020:2660-1 SUSE-SU-2020:3095-1 SUSE-SU-2020:1165-1 SUSE-SU-2020:2167-1 SUSE-SU-2020:2117-1 SUSE-SU-2020:2196-1 SUSE-SU-2020:0920-2 SUSE-SU-2020:0079-2 SUSE-SU-2020:0054-1 SUSE-SU-2020:1301-1 SUSE-SU-2020:2048-1 SUSE-SU-2020:0050-1 SUSE-SU-2020:0088-1 SUSE-SU-2020:1839-1 SUSE-SU-2020:0068-1 SUSE-SU-2020:0384-1 SUSE-SU-2020:0717-1 SUSE-SU-2020:0928-1 SUSE-SU-2020:0978-1 SUSE-SU-2020:1218-1 SUSE-SU-2020:1563-1 SUSE-SU-2020:1899-1 SUSE-SU-2020:2100-1 SUSE-SU-2020:2759-1 SUSE-SU-2020:3053-1 SUSE-SU-2020:3331-1 SUSE-SU-2020:1794-1 SUSE-SU-2020:1805-1 SUSE-SU-2020:1193-1 SUSE-SU-2020:1859-1 SUSE-SU-2020:3314-1 SUSE-SU-2020:0474-1 radius:SUSE-SU-2020 SUSE-SU-2020:2661-1 SUSE-SU-2020:2856-1 SUSE-SU-2020:1662-1 SUSE-SU-2020:0545-1 SUSE-SU-2020:0715-1 SUSE-SU-2020:3343-1 SUSE-SU-2020:0586-1 SUSE-SU-2020:0490-1 SUSE-SU-2020:0792-1 SUSE-SU-2020:2157-1 SUSE-SU-2020:1285-1 SUSE-SU-2020:0555-1 SUSE-SU-2020:1792-1 SUSE-SU-2020:0497-1 SUSE-SU-2020:0854-1 SUSE-SU-2020:2699-1 SUSE-SU-2020:1524-1 SUSE-SU-2020:1538-1 SUSE-SU-2020:3351-1 SUSE-SU-2020:1570-1 SUSE-SU-2020:0233-1 SUSE-SU-2020:2066-1 SUSE-SU-2020:2721-1 SUSE-SU-2020:3093-1 SUSE-SU-2020:3125-1 SUSE-SU-2020:0115-1 SUSE-SU-2020:2627-1 SUSE-SU-2020:0810-1 SUSE-SU-2020:3085-1 SUSE-SU-2020:3084-1 SUSE-SU-2020:0661-1 SUSE-SU-2020:1227-1 SUSE-SU-2020:1803-1 SUSE-SU-2020:1946-1 SUSE-SU-2020:2471-1 SUSE-SU-2020:0406-1 SUSE-SU-2020:0331-1 SUSE-SU-2020:2898-1 SUSE-SU-2020:0725-1 SUSE-SU-2020:1498-1 SUSE-SU-2020:1791-1 SUSE-SU-2020:2611-1 SUSE-SU-2020:1970-1 SUSE-SU-2020:1595-1 SUSE-SU-2020:3279-1 SUSE-SU-2020:1550-1 SUSE-SU-2020:0016-1 SUSE-SU-2020:1135-1 SUSE-SU-2020:1211-1 SUSE-SU-2020:2069-1 SUSE-SU-2020:2232-1 SUSE-SU-2020:0410-1 SUSE-SU-2020:1630-1 SUSE-SU-2020:1886-1 SUSE-SU-2020:2171-1 SUSE-SU-2020:2787-1 SUSE-SU-2020:2225-1 SUSE-SU-2020:2331-1 SUSE-SU-2020:2401-1 SUSE-SU-2020:1991-1 SUSE-SU-2018_1221-1 SUSE-SU-2018_1222-1 SUSE-SU-2018_1224-1 SUSE-SU-2018_1226-1 SUSE-SU-2018_1233-1 SUSE-SU-2018_1234-1 SUSE-SU-2018_1235-1 SUSE-SU-2018_1243-1 SUSE-SU-2018_1244-1 SUSE-SU-2018_1247-1 SUSE-SU-2018_1257-1 SUSE-SU-2018_1261-1 SUSE-SU-2018_1267-1 SUSE-SU-2018_1273-1 SUSE-SU-2018_1177-1 SUSE-SU-2018_1220-1 SUSE-SU-2018_1220-1 SUSE-SU-2018_1227-1 SUSE-SU-2018_1227-1 SUSE-SU-2018_1229-1 SUSE-SU-2018_1229-1 SUSE-SU-2018_1231-1 SUSE-SU-2018_1231-1 SUSE-SU-2018_1232-1 SUSE-SU-2018_1232-1 SUSE-SU-2018_1237-1 SUSE-SU-2018_1237-1 SUSE-SU-2018_1251-1 SUSE-SU-2018_1251-1 SUSE-SU-2018_1254-1 SUSE-SU-2018_1254-1 SUSE-SU-2018_1255-1 SUSE-SU-2018_1255-1 SUSE-SU-2018_1259-1 SUSE-SU-2018_1259-1 SUSE-SU-2018_1264-1 SUSE-SU-2018_1264-1 SUSE-SU-2018_1266-1 SUSE-SU-2018_1266-1 SUSE-SU-2018_1269-1 SUSE-SU-2018_1269-1 SUSE-SU-2018_1202-1 SUSE-SU-2018_1202-1 SUSE-SU-2018_1173-1 SUSE-SU-2018_1173-1 SUSE-SU-2018_1223-1 SUSE-SU-2018_1223-1 SUSE-SU-2018_1230-1 SUSE-SU-2018_1230-1 SUSE-SU-2018_1236-1 SUSE-SU-2018_1236-1 SUSE-SU-2018_1239-1 SUSE-SU-2018_1239-1 SUSE-SU-2018_1241-1 SUSE-SU-2018_1241-1 SUSE-SU-2018_1242-1 SUSE-SU-2018_1242-1 SUSE-SU-2018_1245-1 SUSE-SU-2018_1245-1 SUSE-SU-2018_1250-1 SUSE-SU-2018_1250-1 SUSE-SU-2018_1253-1 SUSE-SU-2018_1253-1 SUSE-SU-2018_1256-1 SUSE-SU-2018_1256-1 SUSE-SU-2018_1258-1 SUSE-SU-2018_1258-1 SUSE-SU-2018_1262-1 SUSE-SU-2018_1262-1 SUSE-SU-2018_1268-1 SUSE-SU-2018_1268-1 SUSE-SU-2018_1272-1 SUSE-SU-2018_1272-1 SUSE-SU-2018_1216-1 SUSE-SU-2018_1216-1 SUSE-SU-2018_1128-1 SUSE-SU-2018_1184-1 SUSE-SU-2018_0901-1 SUSE-SU-2018_0604-1 SUSE-SU-2018_0743-1 SUSE-SU-2018_0834-1 SUSE-SU-2018_0562-1 SUSE-SU-2018_0664-1 SUSE-SU-2018_0994-1 SUSE-SU-2018_0995-1 SUSE-SU-2018_0996-1 SUSE-SU-2018_0999-1 SUSE-SU-2018_1000-1 SUSE-SU-2018_1001-1 SUSE-SU-2018_1006-1 SUSE-SU-2018_1009-1 SUSE-SU-2018_1010-1 SUSE-SU-2018_1016-1 SUSE-SU-2018_1029-1 SUSE-SU-2018_1030-1 SUSE-SU-2018_1035-1 SUSE-SU-2018_0828-1 SUSE-SU-2018_0698-1 SUSE-SU-2018_0906-1 SUSE-SU-2018_0708-1 SUSE-SU-2018_0601-1 SUSE-SU-2018_0879-1 SUSE-SU-2018_0879-1 SUSE-SU-2018_0604-1 SUSE-SU-2018_0604-1 SUSE-SU-2018_0663-1 SUSE-SU-2018_0663-1 SUSE-SU-2018_0665-1 SUSE-SU-2018_0665-1 SUSE-SU-2018_0743-1 SUSE-SU-2018_0743-1 SUSE-SU-2018_0525-1 SUSE-SU-2018_0525-1 SUSE-SU-2018_0848-1 SUSE-SU-2018_0848-1 SUSE-SU-2018_0988-1 SUSE-SU-2018_0988-1 SUSE-SU-2018_0991-1 SUSE-SU-2018_0991-1 SUSE-SU-2018_0992-1 SUSE-SU-2018_0992-1 SUSE-SU-2018_1005-1 SUSE-SU-2018_1005-1 SUSE-SU-2018_1008-1 SUSE-SU-2018_1008-1 SUSE-SU-2018_1014-1 SUSE-SU-2018_1014-1 SUSE-SU-2018_1015-1 SUSE-SU-2018_1015-1 SUSE-SU-2018_1018-1 SUSE-SU-2018_1018-1 SUSE-SU-2018_1025-1 SUSE-SU-2018_1025-1 SUSE-SU-2018_1026-1 SUSE-SU-2018_1026-1 SUSE-SU-2018_1032-1 SUSE-SU-2018_1032-1 SUSE-SU-2018_1034-1 SUSE-SU-2018_1034-1 SUSE-SU-2018_0828-1 SUSE-SU-2018_0828-1 SUSE-SU-2018_0697-1 SUSE-SU-2018_0697-1 SUSE-SU-2018_0902-1 SUSE-SU-2018_0902-1 SUSE-SU-2018_0708-1 SUSE-SU-2018_0708-1 SUSE-SU-2018_0609-1 SUSE-SU-2018_0609-1 SUSE-SU-2018_0809-1 SUSE-SU-2018_0604-1 SUSE-SU-2018_0661-1 SUSE-SU-2018_0663-1 SUSE-SU-2018_0665-1 SUSE-SU-2018_0694-1 SUSE-SU-2018_0743-1 SUSE-SU-2018_0785-1 SUSE-SU-2018_0989-1 SUSE-SU-2018_0989-1 SUSE-SU-2018_0990-1 SUSE-SU-2018_0990-1 SUSE-SU-2018_0993-1 SUSE-SU-2018_0993-1 SUSE-SU-2018_1003-1 SUSE-SU-2018_1003-1 SUSE-SU-2018_1004-1 SUSE-SU-2018_1004-1 SUSE-SU-2018_1007-1 SUSE-SU-2018_1007-1 SUSE-SU-2018_1011-1 SUSE-SU-2018_1011-1 SUSE-SU-2018_1012-1 SUSE-SU-2018_1012-1 SUSE-SU-2018_1019-1 SUSE-SU-2018_1019-1 SUSE-SU-2018_1021-1 SUSE-SU-2018_1021-1 SUSE-SU-2018_1023-1 SUSE-SU-2018_1023-1 SUSE-SU-2018_1031-1 SUSE-SU-2018_1031-1 SUSE-SU-2018_1033-1 SUSE-SU-2018_1033-1 SUSE-SU-2018_0828-1 SUSE-SU-2018_0861-1 SUSE-SU-2018_0830-1 SUSE-SU-2018_0697-1 SUSE-SU-2018_0839-1 SUSE-SU-2018_0831-1 SUSE-SU-2018_0708-1 SUSE-SU-2018_0909-1 SUSE-SU-2018_0809-1 SUSE-SU-2018_0604-1 SUSE-SU-2018_0661-1 SUSE-SU-2018_0663-1 SUSE-SU-2018_0665-1 SUSE-SU-2018_0694-1 SUSE-SU-2018_0743-1 SUSE-SU-2018_0786-1 SUSE-SU-2018_1048-1 SUSE-SU-2018_0822-1 SUSE-SU-2018_0920-1 SUSE-SU-2018_0830-1 SUSE-SU-2018_0697-1 SUSE-SU-2018_0839-1 SUSE-SU-2018_1047-1 SUSE-SU-2018_0762-1 SUSE-SU-2018_0708-1 SUSE-SU-2018_1072-1 - Removed unnecessary README from SP4-5 - Added SLE12SP5 directory to spec file - System panic in `update_group_capacity()` due to a divide error (bsc#1096254) - Expected cron daemon behavior change from SLES11 to SLES12 (bsc#1017160) Changes in sca-patterns-sle15: - New Security Announcement Patterns for version 1.0.1 + SUSE-SU-2020:3565-1 SUSE-SU-2020:3568-1 SUSE-SU-2020:3380-1 SUSE-SU-2020:3565-1 SUSE-SU-2020:3568-1 SUSE-SU-2020:3500-1 SUSE-SU-2020:3551-1 SUSE-SU-2020:3460-1 SUSE-SU-2020:3478-1 SUSE-SU-2020:3380-1 SUSE-SU-2020:3565-1 SUSE-SU-2020:3568-1 SUSE-SU-2020:3500-1 SUSE-SU-2020:3551-1 SUSE-SU-2020:3460-1 SUSE-SU-2020:3478-1 SUSE-SU-2020:3380-1 SUSE-SU-2020:3565-1 SUSE-SU-2020:3455-1 SUSE-SU-2020:3568-1 SUSE-SU-2020:3500-1 SUSE-SU-2020:2474-2 SUSE-SU-2020:3551-1 SUSE-SU-2020:3375-1 SUSE-SU-2020:3532-1 SUSE-SU-2020:3532-1 SUSE-SU-2020:3460-1 SUSE-SU-2020:3478-1 SUSE-SU-2020:3552-1 SUSE-SU-2020:1126-1 SUSE-SU-2020:2344-1 SUSE-SU-2020:3067-1 SUSE-SU-2020:3151-1 SUSE-SU-2020:2583-1 SUSE-SU-2020:2914-1 SUSE-SU-2020:1083-1 SUSE-SU-2020:1773-1 SUSE-SU-2020:1379-1 SUSE-SU-2020:2266-1 SUSE-SU-2020:1334-1 SUSE-SU-2020:2767-1 SUSE-SU-2020:1023-1 SUSE-SU-2020:2995-1 SUSE-SU-2020:1220-1 SUSE-SU-2020:2095-1 SUSE-SU-2020:0991-1 SUSE-SU-2020:0820-1 SUSE-SU-2020:1584-1 SUSE-SU-2020:2988-1 SUSE-SU-2020:2073-1 SUSE-SU-2020:2303-1 SUSE-SU-2020:1300-1 SUSE-SU-2020:0819-1 SUSE-SU-2020:0617-1 SUSE-SU-2020:0231-1 SUSE-SU-2020:0231-1 SUSE-SU-2020:0466-1 SUSE-SU-2020:0466-1 SUSE-SU-2020:1511-1 SUSE-SU-2020:1569-1 SUSE-SU-2020:1684-1 SUSE-SU-2020:2143-1 SUSE-SU-2020:2453-1 SUSE-SU-2020:3349-1 SUSE-SU-2020:1663-1 SUSE-SU-2020:1663-1 SUSE-SU-2020:2106-1 SUSE-SU-2020:2106-1 SUSE-SU-2020:2610-1 SUSE-SU-2020:2610-1 SUSE-SU-2020:0204-1 SUSE-SU-2020:0213-1 SUSE-SU-2020:0213-1 SUSE-SU-2020:0868-1 SUSE-SU-2020:1475-1 SUSE-SU-2020:1663-1 SUSE-SU-2020:1769-1 SUSE-SU-2020:1771-1 SUSE-SU-2020:1789-1 SUSE-SU-2020:3244-1 SUSE-SU-2020:0948-1 SUSE-SU-2020:2901-1 SUSE-SU-2020:0349-1 SUSE-SU-2020:0349-1 SUSE-SU-2020:2748-1 org:SUSE-SU-2019 SUSE-SU-2020:0130-1 SUSE-SU-2020:0130-1 SUSE-SU-2020:1250-1 SUSE-SU-2020:2969-1 SUSE-SU-2020:0143-1 SUSE-SU-2020:0143-1 SUSE-SU-2020:2116-1 SUSE-SU-2020:2197-1 SUSE-SU-2020:1423-1 SUSE-SU-2020:1677-1 SUSE-SU-2020:1850-1 SUSE-SU-2020:1171-1 SUSE-SU-2020:0455-1 SUSE-SU-2020:0455-1 SUSE-SU-2020:1568-1 SUSE-SU-2020:2829-1 SUSE-SU-2020:0454-1 SUSE-SU-2020:0454-1 SUSE-SU-2020:1576-1 SUSE-SU-2020:1823-1 SUSE-SU-2020:2947-1 SUSE-SU-2020:1219-1 SUSE-SU-2020:1856-1 SUSE-SU-2020:2712-2 SUSE-SU-2020:3313-1 SUSE-SU-2020:2713-1 SUSE-SU-2020:0357-1 SUSE-SU-2020:0357-1 SUSE-SU-2020:2645-1 SUSE-SU-2020:2827-1 SUSE-SU-2020:1682-1 SUSE-SU-2020:1163-1 SUSE-SU-2020:1858-1 SUSE-SU-2020:2814-1 SUSE-SU-2020:0622-1 SUSE-SU-2020:2997-1 SUSE-SU-2020:0589-1 SUSE-SU-2020:0589-1 SUSE-SU-2020:2264-1 SUSE-SU-2020:2149-1 SUSE-SU-2020:1920-1 SUSE-SU-2020:2784-1 SUSE-SU-2020:3269-1 SUSE-SU-2020:1822-1 SUSE-SU-2020:1523-1 SUSE-SU-2020:0260-1 SUSE-SU-2020:0260-1 SUSE-SU-2020:1179-1 SUSE-SU-2020:3147-1 SUSE-SU-2020:1177-1 SUSE-SU-2020:0737-1 SUSE-SU-2020:1151-1 SUSE-SU-2020:1973-1 SUSE-SU-2020:0224-1 SUSE-SU-2020:0224-1 SUSE-SU-2020:1132-1 SUSE-SU-2020:2065-1 SUSE-SU-2020:2719-1 SUSE-SU-2020:3087-1 SUSE-SU-2020:0813-1 SUSE-SU-2020:1156-1 SUSE-SU-2020:2442-1 SUSE-SU-2020:0408-1 SUSE-SU-2020:0408-1 SUSE-SU-2020:0335-1 SUSE-SU-2020:0335-1 SUSE-SU-2020:2882-1 SUSE-SU-2020:0598-1 SUSE-SU-2020:1364-1 SUSE-SU-2020:1841-1 SUSE-SU-2020:2045-1 SUSE-SU-2020:3283-1 SUSE-SU-2020:1819-1 SUSE-SU-2020:1551-1 SUSE-SU-2020:0468-1 SUSE-SU-2020:0468-1 SUSE-SU-2020:1109-1 SUSE-SU-2020:1198-1 SUSE-SU-2020:1990-1 SUSE-SU-2020:2198-1 SUSE-SU-2020:0263-1 SUSE-SU-2020:0263-1 SUSE-SU-2020:0370-1 SUSE-SU-2020:0370-1 SUSE-SU-2020:0693-1 SUSE-SU-2020:2326-1 SUSE-SU-2020:2398-1 SUSE-SU-2020:1933-1 SUSE-SU-2020:3264-1 SUSE-SU-2020:1396-2 SUSE-SU-2020:1126-1 SUSE-SU-2020:2344-1 SUSE-SU-2020:3067-1 SUSE-SU-2020:3151-1 SUSE-SU-2020:2914-1 SUSE-SU-2020:1083-1 SUSE-SU-2020:1773-1 SUSE-SU-2020:1023-1 SUSE-SU-2020:2995-1 SUSE-SU-2020:1220-1 SUSE-SU-2020:2095-1 SUSE-SU-2020:0991-1 SUSE-SU-2020:0820-1 SUSE-SU-2020:1584-1 SUSE-SU-2020:2988-1 SUSE-SU-2020:1300-1 SUSE-SU-2020:0819-1 SUSE-SU-2020:0231-1 SUSE-SU-2020:0466-1 SUSE-SU-2020:1511-1 SUSE-SU-2020:1569-1 SUSE-SU-2020:1684-1 SUSE-SU-2020:2143-1 SUSE-SU-2020:2453-1 SUSE-SU-2020:0204-1 SUSE-SU-2020:0213-1 SUSE-SU-2020:0868-1 SUSE-SU-2020:1475-1 SUSE-SU-2020:1769-1 SUSE-SU-2020:1771-1 SUSE-SU-2020:0948-1 SUSE-SU-2020:2901-1 SUSE-SU-2020:0143-1 SUSE-SU-2020:2116-1 SUSE-SU-2020:2197-1 SUSE-SU-2020:1423-1 SUSE-SU-2020:1677-1 SUSE-SU-2020:1850-1 SUSE-SU-2020:0455-1 SUSE-SU-2020:1568-1 SUSE-SU-2020:2829-1 SUSE-SU-2020:0454-1 SUSE-SU-2020:1576-1 SUSE-SU-2020:1823-1 SUSE-SU-2020:2947-1 SUSE-SU-2020:1219-1 SUSE-SU-2020:1856-1 SUSE-SU-2020:3313-1 SUSE-SU-2020:2713-1 SUSE-SU-2020:0357-1 SUSE-SU-2020:2645-1 SUSE-SU-2020:2827-1 SUSE-SU-2020:1682-1 SUSE-SU-2020:0622-1 SUSE-SU-2020:2997-1 SUSE-SU-2020:2149-1 SUSE-SU-2020:1920-1 SUSE-SU-2020:2784-1 SUSE-SU-2020:3269-1 SUSE-SU-2020:1822-1 SUSE-SU-2020:1177-1 SUSE-SU-2020:0737-1 SUSE-SU-2020:1156-1 SUSE-SU-2020:2442-1 SUSE-SU-2020:0408-1 SUSE-SU-2020:0335-1 SUSE-SU-2020:1551-1 SUSE-SU-2020:0468-1 SUSE-SU-2020:1109-1 SUSE-SU-2020:1198-1 SUSE-SU-2020:1990-1 SUSE-SU-2020:2198-1 SUSE-SU-2020:0693-1 SUSE-SU-2020:1933-1 SUSE-SU-2020:3264-1 SUSE-SU-2020:2914-1 SUSE-SU-2020:1083-1 SUSE-SU-2020:2995-1 SUSE-SU-2020:2095-1 SUSE-SU-2020:1584-1 SUSE-SU-2020:1300-1 SUSE-SU-2020:1511-1 SUSE-SU-2020:1684-1 SUSE-SU-2020:2143-1 SUSE-SU-2020:2453-1 SUSE-SU-2020:1769-1 SUSE-SU-2020:1771-1 SUSE-SU-2020:0948-1 SUSE-SU-2020:2901-1 SUSE-SU-2020:2116-1 SUSE-SU-2020:2197-1 SUSE-SU-2020:1423-1 SUSE-SU-2020:1677-1 SUSE-SU-2020:1850-1 SUSE-SU-2020:1568-1 SUSE-SU-2020:2829-1 SUSE-SU-2020:1576-1 SUSE-SU-2020:1823-1 SUSE-SU-2020:2947-1 SUSE-SU-2020:1856-1 SUSE-SU-2020:3313-1 SUSE-SU-2020:1682-1 SUSE-SU-2020:1920-1 SUSE-SU-2020:2784-1 SUSE-SU-2020:3269-1 SUSE-SU-2020:1822-1 SUSE-SU-2020:1177-1 SUSE-SU-2020:1156-1 SUSE-SU-2020:2442-1 SUSE-SU-2020:1551-1 SUSE-SU-2020:3264-1 SUSE-SU-2020:1396-2 - Removed obsolete README place holders in SP0-2 - Added openssh-7023532.py to detect (bsc#1115654) Changes in sca-server-report: - Additional to version 1.0.1 + Updated the man pages with `-r` + `-k` is retained for compatibility, but keeping the archive is default + Fixed service pack version when GA + Print actual hostname instead of localhost with `-s` + `scatool` trys to run README file (bsc#1178528) + Updated man pages for `scatool(8)` and `scatool.conf(5)` + Removed `CONSOLE_MODE` from `scatool.conf` + should support archive or server argument and not require `-a` (bsc#1178229) + `scatool` copies remote `scc_*` supportconfigs (bsc#1178151) + Exits gracefully when attempting to process damaged files (bsc#1178152) + scatool correctly cleans up and saves archives (bsc#1178094) + Arg with `/` treated as files, not remote servers (bsc#1178099) + Optimized tar ball extraction (bsc#1178093) + Added `/etc/os-release` support (bsc#1178092) + scatool correctly process `-s` for local server (bsc#1178088) + Fixed progress bar timing (bsc#1178086) + Fixed scatool fails with no module named readline (bsc#1177249) + If run against path `'.'` use cwd name (issue#1) + Added support for _xz_ compression (bsc#1155181) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-11=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-11=1 - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-11=1 - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2021-11=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-11=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-11=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (noarch): sca-patterns-base-1.3.1-3.3.1 sca-patterns-hae-1.3.1-3.3.1 sca-patterns-sle11-1.3.1-7.3.1 sca-patterns-sle12-1.0.1-7.3.1 sca-patterns-sle15-1.0.1-3.3.1 sca-server-report-1.0.1-4.3.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): sca-patterns-base-1.3.1-3.3.1 sca-patterns-hae-1.3.1-3.3.1 sca-patterns-sle11-1.3.1-7.3.1 sca-patterns-sle12-1.0.1-7.3.1 sca-patterns-sle15-1.0.1-3.3.1 sca-server-report-1.0.1-4.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): sca-patterns-base-1.3.1-3.3.1 sca-patterns-hae-1.3.1-3.3.1 sca-patterns-sle11-1.3.1-7.3.1 sca-patterns-sle12-1.0.1-7.3.1 sca-patterns-sle15-1.0.1-3.3.1 sca-server-report-1.0.1-4.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (noarch): sca-patterns-base-1.3.1-3.3.1 sca-patterns-hae-1.3.1-3.3.1 sca-patterns-sle11-1.3.1-7.3.1 sca-patterns-sle12-1.0.1-7.3.1 sca-patterns-sle15-1.0.1-3.3.1 sca-server-report-1.0.1-4.3.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): sca-patterns-base-1.3.1-3.3.1 sca-patterns-hae-1.3.1-3.3.1 sca-patterns-sle11-1.3.1-7.3.1 sca-patterns-sle12-1.0.1-7.3.1 sca-patterns-sle15-1.0.1-3.3.1 sca-server-report-1.0.1-4.3.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): sca-patterns-base-1.3.1-3.3.1 sca-patterns-hae-1.3.1-3.3.1 sca-patterns-sle11-1.3.1-7.3.1 sca-patterns-sle12-1.0.1-7.3.1 sca-patterns-sle15-1.0.1-3.3.1 sca-server-report-1.0.1-4.3.1 References: https://bugzilla.suse.com/1017160 https://bugzilla.suse.com/1096254 https://bugzilla.suse.com/1115654 https://bugzilla.suse.com/1124793 https://bugzilla.suse.com/1155181 https://bugzilla.suse.com/1177249 https://bugzilla.suse.com/1178086 https://bugzilla.suse.com/1178088 https://bugzilla.suse.com/1178092 https://bugzilla.suse.com/1178093 https://bugzilla.suse.com/1178094 https://bugzilla.suse.com/1178099 https://bugzilla.suse.com/1178151 https://bugzilla.suse.com/1178152 https://bugzilla.suse.com/1178229 https://bugzilla.suse.com/1178523 https://bugzilla.suse.com/1178524 https://bugzilla.suse.com/1178528 From sle-updates at lists.suse.com Mon Jan 4 10:17:13 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 4 Jan 2021 18:17:13 +0100 (CET) Subject: SUSE-SU-2021:0017-1: moderate: Security update for flac Message-ID: <20210104171713.439D4FEDA@maintenance.suse.de> SUSE Security Update: Security update for flac ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0017-1 Rating: moderate References: #1180099 Cross-References: CVE-2020-0499 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for flac fixes the following issues: - CVE-2020-0499: Fixed an out-of-bounds access (bsc#1180099). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-17=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-17=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-17=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-17=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2021-17=1 - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2021-17=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-17=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-17=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-17=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2021-17=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-17=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-17=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-17=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-17=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2021-17=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-17=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2021-17=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-17=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): flac-debuginfo-1.3.0-12.3.1 flac-debugsource-1.3.0-12.3.1 libFLAC++6-1.3.0-12.3.1 libFLAC++6-debuginfo-1.3.0-12.3.1 libFLAC8-1.3.0-12.3.1 libFLAC8-32bit-1.3.0-12.3.1 libFLAC8-debuginfo-1.3.0-12.3.1 libFLAC8-debuginfo-32bit-1.3.0-12.3.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): flac-debuginfo-1.3.0-12.3.1 flac-debugsource-1.3.0-12.3.1 libFLAC++6-1.3.0-12.3.1 libFLAC++6-debuginfo-1.3.0-12.3.1 libFLAC8-1.3.0-12.3.1 libFLAC8-32bit-1.3.0-12.3.1 libFLAC8-debuginfo-1.3.0-12.3.1 libFLAC8-debuginfo-32bit-1.3.0-12.3.1 - SUSE OpenStack Cloud 9 (x86_64): flac-debuginfo-1.3.0-12.3.1 flac-debugsource-1.3.0-12.3.1 libFLAC++6-1.3.0-12.3.1 libFLAC++6-debuginfo-1.3.0-12.3.1 libFLAC8-1.3.0-12.3.1 libFLAC8-32bit-1.3.0-12.3.1 libFLAC8-debuginfo-1.3.0-12.3.1 libFLAC8-debuginfo-32bit-1.3.0-12.3.1 - SUSE OpenStack Cloud 8 (x86_64): flac-debuginfo-1.3.0-12.3.1 flac-debugsource-1.3.0-12.3.1 libFLAC++6-1.3.0-12.3.1 libFLAC++6-debuginfo-1.3.0-12.3.1 libFLAC8-1.3.0-12.3.1 libFLAC8-32bit-1.3.0-12.3.1 libFLAC8-debuginfo-1.3.0-12.3.1 libFLAC8-debuginfo-32bit-1.3.0-12.3.1 - SUSE OpenStack Cloud 7 (s390x x86_64): flac-debuginfo-1.3.0-12.3.1 flac-debugsource-1.3.0-12.3.1 libFLAC++6-1.3.0-12.3.1 libFLAC++6-debuginfo-1.3.0-12.3.1 libFLAC8-1.3.0-12.3.1 libFLAC8-32bit-1.3.0-12.3.1 libFLAC8-debuginfo-1.3.0-12.3.1 libFLAC8-debuginfo-32bit-1.3.0-12.3.1 - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): flac-debugsource-1.3.0-12.3.1 libFLAC++6-32bit-1.3.0-12.3.1 libFLAC++6-debuginfo-32bit-1.3.0-12.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): flac-debuginfo-1.3.0-12.3.1 flac-debugsource-1.3.0-12.3.1 flac-devel-1.3.0-12.3.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): flac-debuginfo-1.3.0-12.3.1 flac-debugsource-1.3.0-12.3.1 libFLAC++6-1.3.0-12.3.1 libFLAC++6-debuginfo-1.3.0-12.3.1 libFLAC8-1.3.0-12.3.1 libFLAC8-debuginfo-1.3.0-12.3.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libFLAC8-32bit-1.3.0-12.3.1 libFLAC8-debuginfo-32bit-1.3.0-12.3.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): flac-debuginfo-1.3.0-12.3.1 flac-debugsource-1.3.0-12.3.1 libFLAC++6-1.3.0-12.3.1 libFLAC++6-debuginfo-1.3.0-12.3.1 libFLAC8-1.3.0-12.3.1 libFLAC8-debuginfo-1.3.0-12.3.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libFLAC8-32bit-1.3.0-12.3.1 libFLAC8-debuginfo-32bit-1.3.0-12.3.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): flac-debuginfo-1.3.0-12.3.1 flac-debugsource-1.3.0-12.3.1 libFLAC++6-1.3.0-12.3.1 libFLAC++6-debuginfo-1.3.0-12.3.1 libFLAC8-1.3.0-12.3.1 libFLAC8-debuginfo-1.3.0-12.3.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libFLAC8-32bit-1.3.0-12.3.1 libFLAC8-debuginfo-32bit-1.3.0-12.3.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): flac-debuginfo-1.3.0-12.3.1 flac-debugsource-1.3.0-12.3.1 libFLAC++6-1.3.0-12.3.1 libFLAC++6-debuginfo-1.3.0-12.3.1 libFLAC8-1.3.0-12.3.1 libFLAC8-debuginfo-1.3.0-12.3.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libFLAC8-32bit-1.3.0-12.3.1 libFLAC8-debuginfo-32bit-1.3.0-12.3.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): flac-debuginfo-1.3.0-12.3.1 flac-debugsource-1.3.0-12.3.1 libFLAC++6-1.3.0-12.3.1 libFLAC++6-debuginfo-1.3.0-12.3.1 libFLAC8-1.3.0-12.3.1 libFLAC8-debuginfo-1.3.0-12.3.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libFLAC8-32bit-1.3.0-12.3.1 libFLAC8-debuginfo-32bit-1.3.0-12.3.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): flac-debuginfo-1.3.0-12.3.1 flac-debugsource-1.3.0-12.3.1 libFLAC++6-1.3.0-12.3.1 libFLAC++6-debuginfo-1.3.0-12.3.1 libFLAC8-1.3.0-12.3.1 libFLAC8-debuginfo-1.3.0-12.3.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libFLAC8-32bit-1.3.0-12.3.1 libFLAC8-debuginfo-32bit-1.3.0-12.3.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): flac-debuginfo-1.3.0-12.3.1 flac-debugsource-1.3.0-12.3.1 libFLAC++6-1.3.0-12.3.1 libFLAC++6-debuginfo-1.3.0-12.3.1 libFLAC8-1.3.0-12.3.1 libFLAC8-32bit-1.3.0-12.3.1 libFLAC8-debuginfo-1.3.0-12.3.1 libFLAC8-debuginfo-32bit-1.3.0-12.3.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): flac-debuginfo-1.3.0-12.3.1 flac-debugsource-1.3.0-12.3.1 libFLAC++6-1.3.0-12.3.1 libFLAC++6-debuginfo-1.3.0-12.3.1 libFLAC8-1.3.0-12.3.1 libFLAC8-debuginfo-1.3.0-12.3.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libFLAC8-32bit-1.3.0-12.3.1 libFLAC8-debuginfo-32bit-1.3.0-12.3.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): flac-debuginfo-1.3.0-12.3.1 flac-debugsource-1.3.0-12.3.1 libFLAC++6-1.3.0-12.3.1 libFLAC++6-debuginfo-1.3.0-12.3.1 libFLAC8-1.3.0-12.3.1 libFLAC8-32bit-1.3.0-12.3.1 libFLAC8-debuginfo-1.3.0-12.3.1 libFLAC8-debuginfo-32bit-1.3.0-12.3.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): flac-debuginfo-1.3.0-12.3.1 flac-debugsource-1.3.0-12.3.1 libFLAC++6-1.3.0-12.3.1 libFLAC++6-debuginfo-1.3.0-12.3.1 libFLAC8-1.3.0-12.3.1 libFLAC8-debuginfo-1.3.0-12.3.1 - SUSE Enterprise Storage 5 (x86_64): libFLAC8-32bit-1.3.0-12.3.1 libFLAC8-debuginfo-32bit-1.3.0-12.3.1 - HPE Helion Openstack 8 (x86_64): flac-debuginfo-1.3.0-12.3.1 flac-debugsource-1.3.0-12.3.1 libFLAC++6-1.3.0-12.3.1 libFLAC++6-debuginfo-1.3.0-12.3.1 libFLAC8-1.3.0-12.3.1 libFLAC8-32bit-1.3.0-12.3.1 libFLAC8-debuginfo-1.3.0-12.3.1 libFLAC8-debuginfo-32bit-1.3.0-12.3.1 References: https://www.suse.com/security/cve/CVE-2020-0499.html https://bugzilla.suse.com/1180099 From sle-updates at lists.suse.com Mon Jan 4 13:15:46 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 4 Jan 2021 21:15:46 +0100 (CET) Subject: SUSE-SU-2021:0019-1: moderate: Security update for java-1_7_1-ibm Message-ID: <20210104201546.451CDFEDA@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_1-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0019-1 Rating: moderate References: #1177943 #1180063 Cross-References: CVE-2020-14779 CVE-2020-14781 CVE-2020-14782 CVE-2020-14792 CVE-2020-14796 CVE-2020-14797 CVE-2020-14798 CVE-2020-14803 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for java-1_7_1-ibm fixes the following issues: - Update to Java 7.1 Service Refresh 4 Fix Pack 75 [bsc#1180063, bsc#1177943] CVE-2020-14792 CVE-2020-14797 CVE-2020-14782 CVE-2020-14781 CVE-2020-14779 CVE-2020-14798 CVE-2020-14796 CVE-2020-14803 * Class Libraries: - Z/OS specific C function send_file is changing the file pointer position * Security: - Add the new oracle signer certificate - Certificate parsing error - JVM memory growth can be caused by the IBMPKCS11IMPL crypto provider - Remove check for websphere signed jars - sessionid.hashcode generates too many collisions - The Java 8 IBM certpath provider does not honor the user specified system property for CLR connect timeout Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-19=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-19=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-19=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-19=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2021-19=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-19=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-19=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-19=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2021-19=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-19=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-19=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-19=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-19=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2021-19=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-19=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2021-19=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-19=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): java-1_7_1-ibm-1.7.1_sr4.75-38.59.1 java-1_7_1-ibm-alsa-1.7.1_sr4.75-38.59.1 java-1_7_1-ibm-devel-1.7.1_sr4.75-38.59.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.75-38.59.1 java-1_7_1-ibm-plugin-1.7.1_sr4.75-38.59.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): java-1_7_1-ibm-1.7.1_sr4.75-38.59.1 java-1_7_1-ibm-alsa-1.7.1_sr4.75-38.59.1 java-1_7_1-ibm-devel-1.7.1_sr4.75-38.59.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.75-38.59.1 java-1_7_1-ibm-plugin-1.7.1_sr4.75-38.59.1 - SUSE OpenStack Cloud 9 (x86_64): java-1_7_1-ibm-1.7.1_sr4.75-38.59.1 java-1_7_1-ibm-alsa-1.7.1_sr4.75-38.59.1 java-1_7_1-ibm-devel-1.7.1_sr4.75-38.59.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.75-38.59.1 java-1_7_1-ibm-plugin-1.7.1_sr4.75-38.59.1 - SUSE OpenStack Cloud 8 (x86_64): java-1_7_1-ibm-1.7.1_sr4.75-38.59.1 java-1_7_1-ibm-alsa-1.7.1_sr4.75-38.59.1 java-1_7_1-ibm-devel-1.7.1_sr4.75-38.59.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.75-38.59.1 java-1_7_1-ibm-plugin-1.7.1_sr4.75-38.59.1 - SUSE OpenStack Cloud 7 (s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.75-38.59.1 java-1_7_1-ibm-devel-1.7.1_sr4.75-38.59.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.75-38.59.1 - SUSE OpenStack Cloud 7 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.75-38.59.1 java-1_7_1-ibm-plugin-1.7.1_sr4.75-38.59.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (ppc64le s390x x86_64): java-1_7_1-ibm-devel-1.7.1_sr4.75-38.59.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): java-1_7_1-ibm-1.7.1_sr4.75-38.59.1 java-1_7_1-ibm-devel-1.7.1_sr4.75-38.59.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.75-38.59.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.75-38.59.1 java-1_7_1-ibm-plugin-1.7.1_sr4.75-38.59.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): java-1_7_1-ibm-1.7.1_sr4.75-38.59.1 java-1_7_1-ibm-devel-1.7.1_sr4.75-38.59.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.75-38.59.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.75-38.59.1 java-1_7_1-ibm-plugin-1.7.1_sr4.75-38.59.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): java-1_7_1-ibm-1.7.1_sr4.75-38.59.1 java-1_7_1-ibm-devel-1.7.1_sr4.75-38.59.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.75-38.59.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.75-38.59.1 java-1_7_1-ibm-plugin-1.7.1_sr4.75-38.59.1 - SUSE Linux Enterprise Server 12-SP5 (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.75-38.59.1 java-1_7_1-ibm-devel-1.7.1_sr4.75-38.59.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.75-38.59.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.75-38.59.1 java-1_7_1-ibm-plugin-1.7.1_sr4.75-38.59.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.75-38.59.1 java-1_7_1-ibm-devel-1.7.1_sr4.75-38.59.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.75-38.59.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.75-38.59.1 java-1_7_1-ibm-plugin-1.7.1_sr4.75-38.59.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.75-38.59.1 java-1_7_1-ibm-devel-1.7.1_sr4.75-38.59.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.75-38.59.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.75-38.59.1 java-1_7_1-ibm-plugin-1.7.1_sr4.75-38.59.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): java-1_7_1-ibm-1.7.1_sr4.75-38.59.1 java-1_7_1-ibm-alsa-1.7.1_sr4.75-38.59.1 java-1_7_1-ibm-devel-1.7.1_sr4.75-38.59.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.75-38.59.1 java-1_7_1-ibm-plugin-1.7.1_sr4.75-38.59.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.75-38.59.1 java-1_7_1-ibm-devel-1.7.1_sr4.75-38.59.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.75-38.59.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.75-38.59.1 java-1_7_1-ibm-plugin-1.7.1_sr4.75-38.59.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): java-1_7_1-ibm-1.7.1_sr4.75-38.59.1 java-1_7_1-ibm-alsa-1.7.1_sr4.75-38.59.1 java-1_7_1-ibm-devel-1.7.1_sr4.75-38.59.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.75-38.59.1 java-1_7_1-ibm-plugin-1.7.1_sr4.75-38.59.1 - SUSE Enterprise Storage 5 (x86_64): java-1_7_1-ibm-1.7.1_sr4.75-38.59.1 java-1_7_1-ibm-alsa-1.7.1_sr4.75-38.59.1 java-1_7_1-ibm-devel-1.7.1_sr4.75-38.59.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.75-38.59.1 java-1_7_1-ibm-plugin-1.7.1_sr4.75-38.59.1 - HPE Helion Openstack 8 (x86_64): java-1_7_1-ibm-1.7.1_sr4.75-38.59.1 java-1_7_1-ibm-alsa-1.7.1_sr4.75-38.59.1 java-1_7_1-ibm-devel-1.7.1_sr4.75-38.59.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.75-38.59.1 java-1_7_1-ibm-plugin-1.7.1_sr4.75-38.59.1 References: https://www.suse.com/security/cve/CVE-2020-14779.html https://www.suse.com/security/cve/CVE-2020-14781.html https://www.suse.com/security/cve/CVE-2020-14782.html https://www.suse.com/security/cve/CVE-2020-14792.html https://www.suse.com/security/cve/CVE-2020-14796.html https://www.suse.com/security/cve/CVE-2020-14797.html https://www.suse.com/security/cve/CVE-2020-14798.html https://www.suse.com/security/cve/CVE-2020-14803.html https://bugzilla.suse.com/1177943 https://bugzilla.suse.com/1180063 From sle-updates at lists.suse.com Mon Jan 4 13:16:59 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 4 Jan 2021 21:16:59 +0100 (CET) Subject: SUSE-SU-2021:0018-1: important: Security update for dovecot22 Message-ID: <20210104201659.61C90FEDA@maintenance.suse.de> SUSE Security Update: Security update for dovecot22 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0018-1 Rating: important References: #1180405 Cross-References: CVE-2020-24386 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for dovecot22 fixes the following issues: - CVE-2020-24386: Fixed an issue with IMAP hibernation that allowed users to access other users' emails (bsc#1180405). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-18=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-18=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-18=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-18=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2021-18=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-18=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-18=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-18=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2021-18=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-18=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-18=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-18=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-18=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2021-18=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-18=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2021-18=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-18=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): dovecot22-2.2.31-19.25.1 dovecot22-backend-mysql-2.2.31-19.25.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.25.1 dovecot22-backend-pgsql-2.2.31-19.25.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.25.1 dovecot22-backend-sqlite-2.2.31-19.25.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.25.1 dovecot22-debuginfo-2.2.31-19.25.1 dovecot22-debugsource-2.2.31-19.25.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): dovecot22-2.2.31-19.25.1 dovecot22-backend-mysql-2.2.31-19.25.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.25.1 dovecot22-backend-pgsql-2.2.31-19.25.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.25.1 dovecot22-backend-sqlite-2.2.31-19.25.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.25.1 dovecot22-debuginfo-2.2.31-19.25.1 dovecot22-debugsource-2.2.31-19.25.1 - SUSE OpenStack Cloud 9 (x86_64): dovecot22-2.2.31-19.25.1 dovecot22-backend-mysql-2.2.31-19.25.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.25.1 dovecot22-backend-pgsql-2.2.31-19.25.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.25.1 dovecot22-backend-sqlite-2.2.31-19.25.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.25.1 dovecot22-debuginfo-2.2.31-19.25.1 dovecot22-debugsource-2.2.31-19.25.1 - SUSE OpenStack Cloud 8 (x86_64): dovecot22-2.2.31-19.25.1 dovecot22-backend-mysql-2.2.31-19.25.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.25.1 dovecot22-backend-pgsql-2.2.31-19.25.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.25.1 dovecot22-backend-sqlite-2.2.31-19.25.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.25.1 dovecot22-debuginfo-2.2.31-19.25.1 dovecot22-debugsource-2.2.31-19.25.1 - SUSE OpenStack Cloud 7 (s390x x86_64): dovecot22-2.2.31-19.25.1 dovecot22-backend-mysql-2.2.31-19.25.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.25.1 dovecot22-backend-pgsql-2.2.31-19.25.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.25.1 dovecot22-backend-sqlite-2.2.31-19.25.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.25.1 dovecot22-debuginfo-2.2.31-19.25.1 dovecot22-debugsource-2.2.31-19.25.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): dovecot22-debuginfo-2.2.31-19.25.1 dovecot22-debugsource-2.2.31-19.25.1 dovecot22-devel-2.2.31-19.25.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): dovecot22-2.2.31-19.25.1 dovecot22-backend-mysql-2.2.31-19.25.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.25.1 dovecot22-backend-pgsql-2.2.31-19.25.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.25.1 dovecot22-backend-sqlite-2.2.31-19.25.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.25.1 dovecot22-debuginfo-2.2.31-19.25.1 dovecot22-debugsource-2.2.31-19.25.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): dovecot22-2.2.31-19.25.1 dovecot22-backend-mysql-2.2.31-19.25.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.25.1 dovecot22-backend-pgsql-2.2.31-19.25.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.25.1 dovecot22-backend-sqlite-2.2.31-19.25.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.25.1 dovecot22-debuginfo-2.2.31-19.25.1 dovecot22-debugsource-2.2.31-19.25.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): dovecot22-2.2.31-19.25.1 dovecot22-backend-mysql-2.2.31-19.25.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.25.1 dovecot22-backend-pgsql-2.2.31-19.25.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.25.1 dovecot22-backend-sqlite-2.2.31-19.25.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.25.1 dovecot22-debuginfo-2.2.31-19.25.1 dovecot22-debugsource-2.2.31-19.25.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): dovecot22-2.2.31-19.25.1 dovecot22-backend-mysql-2.2.31-19.25.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.25.1 dovecot22-backend-pgsql-2.2.31-19.25.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.25.1 dovecot22-backend-sqlite-2.2.31-19.25.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.25.1 dovecot22-debuginfo-2.2.31-19.25.1 dovecot22-debugsource-2.2.31-19.25.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): dovecot22-2.2.31-19.25.1 dovecot22-backend-mysql-2.2.31-19.25.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.25.1 dovecot22-backend-pgsql-2.2.31-19.25.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.25.1 dovecot22-backend-sqlite-2.2.31-19.25.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.25.1 dovecot22-debuginfo-2.2.31-19.25.1 dovecot22-debugsource-2.2.31-19.25.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): dovecot22-2.2.31-19.25.1 dovecot22-backend-mysql-2.2.31-19.25.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.25.1 dovecot22-backend-pgsql-2.2.31-19.25.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.25.1 dovecot22-backend-sqlite-2.2.31-19.25.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.25.1 dovecot22-debuginfo-2.2.31-19.25.1 dovecot22-debugsource-2.2.31-19.25.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): dovecot22-2.2.31-19.25.1 dovecot22-backend-mysql-2.2.31-19.25.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.25.1 dovecot22-backend-pgsql-2.2.31-19.25.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.25.1 dovecot22-backend-sqlite-2.2.31-19.25.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.25.1 dovecot22-debuginfo-2.2.31-19.25.1 dovecot22-debugsource-2.2.31-19.25.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): dovecot22-2.2.31-19.25.1 dovecot22-backend-mysql-2.2.31-19.25.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.25.1 dovecot22-backend-pgsql-2.2.31-19.25.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.25.1 dovecot22-backend-sqlite-2.2.31-19.25.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.25.1 dovecot22-debuginfo-2.2.31-19.25.1 dovecot22-debugsource-2.2.31-19.25.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): dovecot22-2.2.31-19.25.1 dovecot22-backend-mysql-2.2.31-19.25.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.25.1 dovecot22-backend-pgsql-2.2.31-19.25.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.25.1 dovecot22-backend-sqlite-2.2.31-19.25.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.25.1 dovecot22-debuginfo-2.2.31-19.25.1 dovecot22-debugsource-2.2.31-19.25.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): dovecot22-2.2.31-19.25.1 dovecot22-backend-mysql-2.2.31-19.25.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.25.1 dovecot22-backend-pgsql-2.2.31-19.25.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.25.1 dovecot22-backend-sqlite-2.2.31-19.25.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.25.1 dovecot22-debuginfo-2.2.31-19.25.1 dovecot22-debugsource-2.2.31-19.25.1 - HPE Helion Openstack 8 (x86_64): dovecot22-2.2.31-19.25.1 dovecot22-backend-mysql-2.2.31-19.25.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.25.1 dovecot22-backend-pgsql-2.2.31-19.25.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.25.1 dovecot22-backend-sqlite-2.2.31-19.25.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.25.1 dovecot22-debuginfo-2.2.31-19.25.1 dovecot22-debugsource-2.2.31-19.25.1 References: https://www.suse.com/security/cve/CVE-2020-24386.html https://bugzilla.suse.com/1180405 From sle-updates at lists.suse.com Mon Jan 4 23:49:30 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jan 2021 07:49:30 +0100 (CET) Subject: SUSE-CU-2021:1-1: Security update of harbor/harbor-core Message-ID: <20210105064930.5EADFFF0B@maintenance.suse.de> SUSE Container Update Advisory: harbor/harbor-core ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:1-1 Container Tags : harbor/harbor-core:2.1.2 , harbor/harbor-core:2.1.2-rev1 , harbor/harbor-core:2.1.2-rev1-build3.84 Container Release : 3.84 Severity : important Type : security References : 1084671 1169006 1174232 1174593 1174942 1175514 1175623 1177458 1177490 1177510 1177858 1177864 1177998 1178346 1178376 1178387 1178512 1178554 1178727 1178823 1178825 1179398 1179399 1179431 1179491 1179515 1179593 1180138 CVE-2020-1971 CVE-2020-25692 CVE-2020-28196 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 ----------------------------------------------------------------- The container harbor/harbor-core was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3157-1 Released: Wed Nov 4 15:37:05 2020 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1177864 This update for ca-certificates-mozilla fixes the following issues: The SSL Root CA store was updated to the 2.44 state of the Mozilla NSS Certificate store (bsc#1177864) - Removed CAs: - EE Certification Centre Root CA - Taiwan GRCA - Added CAs: - Trustwave Global Certification Authority - Trustwave Global ECC P256 Certification Authority - Trustwave Global ECC P384 Certification Authority ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3290-1 Released: Wed Nov 11 12:25:32 2020 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1174232 This update for findutils fixes the following issues: - Do not unconditionally use leaf optimization for NFS. (bsc#1174232) NFS st_nlink are not accurate on all implementations, leading to aborts() if that assumption is made. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3294-1 Released: Wed Nov 11 12:28:46 2020 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1177998 This update for SLES-release fixes the following issue: - Obsolete Leap 15.2.1 (jump) to allow migration from Jump/Leap 15.2.1 to SLE 15 SP2. (bsc#1177998) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3313-1 Released: Thu Nov 12 16:07:37 2020 Summary: Security update for openldap2 Type: security Severity: important References: 1178387,CVE-2020-25692 This update for openldap2 fixes the following issues: - CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules (bsc#1178387). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3377-1 Released: Thu Nov 19 09:29:32 2020 Summary: Security update for krb5 Type: security Severity: moderate References: 1178512,CVE-2020-28196 This update for krb5 fixes the following security issue: - CVE-2020-28196: Fixed an unbounded recursion via an ASN.1-encoded Kerberos message (bsc#1178512). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3381-1 Released: Thu Nov 19 10:53:38 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1177458,1177490,1177510 This update for systemd fixes the following issues: - build-sys: optionally disable support of journal over the network (bsc#1177458) - ask-password: prevent buffer overflow when reading from keyring (bsc#1177510) - mount: don't propagate errors from mount_setup_unit() further up - Rely on the new build option --disable-remote for journal_remote This allows to drop the workaround that consisted in cleaning journal-upload files and {sysusers.d,tmpfiles.d}/systemd-remote.conf manually when 'journal_remote' support was disabled. - Move journal-{remote,upload}.conf.5.gz man pages into systemd-journal_remote sub package - Make sure {sysusers.d,tmpfiles.d}/systemd-remote.conf are not shipped with --without=journal_remote (bsc#1177458) These files were incorrectly packaged in the main package when systemd-journal_remote was disabled. - Make use of %{_unitdir} and %{_sysusersdir} - Remove mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3462-1 Released: Fri Nov 20 13:14:35 2020 Summary: Recommended update for pam and sudo Type: recommended Severity: moderate References: 1174593,1177858,1178727 This update for pam and sudo fixes the following issue: pam: - pam_xauth: do not *free* a string which has been successfully passed to *putenv*. (bsc#1177858) - Initialize the local variable *daysleft* to avoid a misleading warning for password expire days. (bsc#1178727) - Run /usr/bin/xauth using the old user's and group's identifiers. (bsc#1174593) sudo: - Fix a problem with pam_xauth which checks effective and real uids to get the real identity of the user. (bsc#1174593) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3581-1 Released: Tue Dec 1 14:40:22 2020 Summary: Recommended update for libusb-1_0 Type: recommended Severity: moderate References: 1178376 This update for libusb-1_0 fixes the following issues: - Fixes a build failure for libusb for the inclusion of 'sys/time.h' on PowerPC. (bsc#1178376) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3620-1 Released: Thu Dec 3 17:03:55 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issues: - Check if the password is part of the username. (jsc#SLE-16719, jsc#SLE-16720) - Check whether the password contains a substring of of the user's name of at least `` characters length in some form. This is enabled by the new parameter `usersubstr=` ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3626-1 Released: Fri Dec 4 13:51:46 2020 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1179515 This update for audit fixes the following issues: - Enable Aarch64 processor support. (bsc#1179515) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3703-1 Released: Mon Dec 7 20:17:32 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1179431 This update for aaa_base fixes the following issue: - Avoid semicolon within (t)csh login script on S/390. (bsc#1179431) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3721-1 Released: Wed Dec 9 13:36:46 2020 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1179491,CVE-2020-1971 This update for openssl-1_1 fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3735-1 Released: Wed Dec 9 18:19:24 2020 Summary: Security update for curl Type: security Severity: moderate References: 1179398,1179399,1179593,CVE-2020-8284,CVE-2020-8285,CVE-2020-8286 This update for curl fixes the following issues: - CVE-2020-8286: Fixed improper OSCP verification in the client side (bsc#1179593). - CVE-2020-8285: Fixed a stack overflow due to FTP wildcard (bsc#1179399). - CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP (bsc#1179398). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. From sle-updates at lists.suse.com Mon Jan 4 23:50:36 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jan 2021 07:50:36 +0100 (CET) Subject: SUSE-CU-2021:2-1: Security update of harbor/harbor-db Message-ID: <20210105065036.C2D73FF0B@maintenance.suse.de> SUSE Container Update Advisory: harbor/harbor-db ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:2-1 Container Tags : harbor/harbor-db:2.1.2 , harbor/harbor-db:2.1.2-rev1 , harbor/harbor-db:2.1.2-rev1-build2.141 Container Release : 2.141 Severity : important Type : security References : 1084671 1098449 1144793 1168771 1169006 1174232 1174593 1174942 1175514 1175623 1177458 1177490 1177510 1177533 1177658 1177858 1177864 1177998 1178346 1178376 1178387 1178512 1178554 1178666 1178667 1178668 1178727 1178823 1178825 1179398 1179399 1179431 1179491 1179515 1179593 1180138 CVE-2020-1971 CVE-2020-25692 CVE-2020-25694 CVE-2020-25695 CVE-2020-25696 CVE-2020-28196 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 ----------------------------------------------------------------- The container harbor/harbor-db was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3157-1 Released: Wed Nov 4 15:37:05 2020 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1177864 This update for ca-certificates-mozilla fixes the following issues: The SSL Root CA store was updated to the 2.44 state of the Mozilla NSS Certificate store (bsc#1177864) - Removed CAs: - EE Certification Centre Root CA - Taiwan GRCA - Added CAs: - Trustwave Global Certification Authority - Trustwave Global ECC P256 Certification Authority - Trustwave Global ECC P384 Certification Authority ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3290-1 Released: Wed Nov 11 12:25:32 2020 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1174232 This update for findutils fixes the following issues: - Do not unconditionally use leaf optimization for NFS. (bsc#1174232) NFS st_nlink are not accurate on all implementations, leading to aborts() if that assumption is made. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3294-1 Released: Wed Nov 11 12:28:46 2020 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1177998 This update for SLES-release fixes the following issue: - Obsolete Leap 15.2.1 (jump) to allow migration from Jump/Leap 15.2.1 to SLE 15 SP2. (bsc#1177998) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3313-1 Released: Thu Nov 12 16:07:37 2020 Summary: Security update for openldap2 Type: security Severity: important References: 1178387,CVE-2020-25692 This update for openldap2 fixes the following issues: - CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules (bsc#1178387). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3377-1 Released: Thu Nov 19 09:29:32 2020 Summary: Security update for krb5 Type: security Severity: moderate References: 1178512,CVE-2020-28196 This update for krb5 fixes the following security issue: - CVE-2020-28196: Fixed an unbounded recursion via an ASN.1-encoded Kerberos message (bsc#1178512). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3381-1 Released: Thu Nov 19 10:53:38 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1177458,1177490,1177510 This update for systemd fixes the following issues: - build-sys: optionally disable support of journal over the network (bsc#1177458) - ask-password: prevent buffer overflow when reading from keyring (bsc#1177510) - mount: don't propagate errors from mount_setup_unit() further up - Rely on the new build option --disable-remote for journal_remote This allows to drop the workaround that consisted in cleaning journal-upload files and {sysusers.d,tmpfiles.d}/systemd-remote.conf manually when 'journal_remote' support was disabled. - Move journal-{remote,upload}.conf.5.gz man pages into systemd-journal_remote sub package - Make sure {sysusers.d,tmpfiles.d}/systemd-remote.conf are not shipped with --without=journal_remote (bsc#1177458) These files were incorrectly packaged in the main package when systemd-journal_remote was disabled. - Make use of %{_unitdir} and %{_sysusersdir} - Remove mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3462-1 Released: Fri Nov 20 13:14:35 2020 Summary: Recommended update for pam and sudo Type: recommended Severity: moderate References: 1174593,1177858,1178727 This update for pam and sudo fixes the following issue: pam: - pam_xauth: do not *free* a string which has been successfully passed to *putenv*. (bsc#1177858) - Initialize the local variable *daysleft* to avoid a misleading warning for password expire days. (bsc#1178727) - Run /usr/bin/xauth using the old user's and group's identifiers. (bsc#1174593) sudo: - Fix a problem with pam_xauth which checks effective and real uids to get the real identity of the user. (bsc#1174593) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3463-1 Released: Fri Nov 20 13:49:58 2020 Summary: Security update for postgresql12 Type: security Severity: important References: 1178666,1178667,1178668,CVE-2020-25694,CVE-2020-25695,CVE-2020-25696 This update for postgresql12 fixes the following issues: - Upgrade to version 12.5: * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. * CVE-2020-25694, bsc#1178667: a) Fix usage of complex connection-string parameters in pg_dump, pg_restore, clusterdb, reindexdb, and vacuumdb. b) When psql's \connect command re-uses connection parameters, ensure that all non-overridden parameters from a previous connection string are re-used. * CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from modifying specially-treated variables. * Fix recently-added timetz test case so it works when the USA is not observing daylight savings time. * https://www.postgresql.org/about/news/2111/ * https://www.postgresql.org/docs/12/release-12-5.html - Stop building the mini and lib packages as they are now coming from postgresql13. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3581-1 Released: Tue Dec 1 14:40:22 2020 Summary: Recommended update for libusb-1_0 Type: recommended Severity: moderate References: 1178376 This update for libusb-1_0 fixes the following issues: - Fixes a build failure for libusb for the inclusion of 'sys/time.h' on PowerPC. (bsc#1178376) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3620-1 Released: Thu Dec 3 17:03:55 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issues: - Check if the password is part of the username. (jsc#SLE-16719, jsc#SLE-16720) - Check whether the password contains a substring of of the user's name of at least `` characters length in some form. This is enabled by the new parameter `usersubstr=` ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3626-1 Released: Fri Dec 4 13:51:46 2020 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1179515 This update for audit fixes the following issues: - Enable Aarch64 processor support. (bsc#1179515) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3703-1 Released: Mon Dec 7 20:17:32 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1179431 This update for aaa_base fixes the following issue: - Avoid semicolon within (t)csh login script on S/390. (bsc#1179431) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3721-1 Released: Wed Dec 9 13:36:46 2020 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1179491,CVE-2020-1971 This update for openssl-1_1 fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3735-1 Released: Wed Dec 9 18:19:24 2020 Summary: Security update for curl Type: security Severity: moderate References: 1179398,1179399,1179593,CVE-2020-8284,CVE-2020-8285,CVE-2020-8286 This update for curl fixes the following issues: - CVE-2020-8286: Fixed improper OSCP verification in the client side (bsc#1179593). - CVE-2020-8285: Fixed a stack overflow due to FTP wildcard (bsc#1179399). - CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP (bsc#1179398). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:6-1 Released: Mon Jan 4 07:05:06 2021 Summary: Recommended update for libdlm Type: recommended Severity: moderate References: 1098449,1144793,1168771,1177533,1177658 This update for libdlm fixes the following issues: - Rework libdlm3 require with a shared library version tag instead so it propagates to all consuming packages.(bsc#1177658, bsc#1098449) - Add support for type 'uint64_t' to corosync ringid. (bsc#1168771) - Include some fixes/enhancements for dlm_controld. (bsc#1144793) - Fixed an issue where /boot logical volume was accidentally unmounted. (bsc#1177533) From sle-updates at lists.suse.com Mon Jan 4 23:52:01 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jan 2021 07:52:01 +0100 (CET) Subject: SUSE-CU-2021:4-1: Security update of harbor/harbor-jobservice Message-ID: <20210105065201.82AADFF0B@maintenance.suse.de> SUSE Container Update Advisory: harbor/harbor-jobservice ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:4-1 Container Tags : harbor/harbor-jobservice:2.1.2 , harbor/harbor-jobservice:2.1.2-rev1 , harbor/harbor-jobservice:2.1.2-rev1-build3.84 Container Release : 3.84 Severity : important Type : security References : 1084671 1169006 1174232 1174593 1174942 1175514 1175623 1177458 1177490 1177510 1177858 1177864 1177998 1178346 1178376 1178387 1178512 1178554 1178727 1178823 1178825 1179398 1179399 1179431 1179491 1179515 1179593 1180138 CVE-2020-1971 CVE-2020-25692 CVE-2020-28196 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 ----------------------------------------------------------------- The container harbor/harbor-jobservice was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3157-1 Released: Wed Nov 4 15:37:05 2020 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1177864 This update for ca-certificates-mozilla fixes the following issues: The SSL Root CA store was updated to the 2.44 state of the Mozilla NSS Certificate store (bsc#1177864) - Removed CAs: - EE Certification Centre Root CA - Taiwan GRCA - Added CAs: - Trustwave Global Certification Authority - Trustwave Global ECC P256 Certification Authority - Trustwave Global ECC P384 Certification Authority ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3290-1 Released: Wed Nov 11 12:25:32 2020 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1174232 This update for findutils fixes the following issues: - Do not unconditionally use leaf optimization for NFS. (bsc#1174232) NFS st_nlink are not accurate on all implementations, leading to aborts() if that assumption is made. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3294-1 Released: Wed Nov 11 12:28:46 2020 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1177998 This update for SLES-release fixes the following issue: - Obsolete Leap 15.2.1 (jump) to allow migration from Jump/Leap 15.2.1 to SLE 15 SP2. (bsc#1177998) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3313-1 Released: Thu Nov 12 16:07:37 2020 Summary: Security update for openldap2 Type: security Severity: important References: 1178387,CVE-2020-25692 This update for openldap2 fixes the following issues: - CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules (bsc#1178387). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3377-1 Released: Thu Nov 19 09:29:32 2020 Summary: Security update for krb5 Type: security Severity: moderate References: 1178512,CVE-2020-28196 This update for krb5 fixes the following security issue: - CVE-2020-28196: Fixed an unbounded recursion via an ASN.1-encoded Kerberos message (bsc#1178512). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3381-1 Released: Thu Nov 19 10:53:38 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1177458,1177490,1177510 This update for systemd fixes the following issues: - build-sys: optionally disable support of journal over the network (bsc#1177458) - ask-password: prevent buffer overflow when reading from keyring (bsc#1177510) - mount: don't propagate errors from mount_setup_unit() further up - Rely on the new build option --disable-remote for journal_remote This allows to drop the workaround that consisted in cleaning journal-upload files and {sysusers.d,tmpfiles.d}/systemd-remote.conf manually when 'journal_remote' support was disabled. - Move journal-{remote,upload}.conf.5.gz man pages into systemd-journal_remote sub package - Make sure {sysusers.d,tmpfiles.d}/systemd-remote.conf are not shipped with --without=journal_remote (bsc#1177458) These files were incorrectly packaged in the main package when systemd-journal_remote was disabled. - Make use of %{_unitdir} and %{_sysusersdir} - Remove mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3462-1 Released: Fri Nov 20 13:14:35 2020 Summary: Recommended update for pam and sudo Type: recommended Severity: moderate References: 1174593,1177858,1178727 This update for pam and sudo fixes the following issue: pam: - pam_xauth: do not *free* a string which has been successfully passed to *putenv*. (bsc#1177858) - Initialize the local variable *daysleft* to avoid a misleading warning for password expire days. (bsc#1178727) - Run /usr/bin/xauth using the old user's and group's identifiers. (bsc#1174593) sudo: - Fix a problem with pam_xauth which checks effective and real uids to get the real identity of the user. (bsc#1174593) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3581-1 Released: Tue Dec 1 14:40:22 2020 Summary: Recommended update for libusb-1_0 Type: recommended Severity: moderate References: 1178376 This update for libusb-1_0 fixes the following issues: - Fixes a build failure for libusb for the inclusion of 'sys/time.h' on PowerPC. (bsc#1178376) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3620-1 Released: Thu Dec 3 17:03:55 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issues: - Check if the password is part of the username. (jsc#SLE-16719, jsc#SLE-16720) - Check whether the password contains a substring of of the user's name of at least `` characters length in some form. This is enabled by the new parameter `usersubstr=` ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3626-1 Released: Fri Dec 4 13:51:46 2020 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1179515 This update for audit fixes the following issues: - Enable Aarch64 processor support. (bsc#1179515) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3703-1 Released: Mon Dec 7 20:17:32 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1179431 This update for aaa_base fixes the following issue: - Avoid semicolon within (t)csh login script on S/390. (bsc#1179431) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3721-1 Released: Wed Dec 9 13:36:46 2020 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1179491,CVE-2020-1971 This update for openssl-1_1 fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3735-1 Released: Wed Dec 9 18:19:24 2020 Summary: Security update for curl Type: security Severity: moderate References: 1179398,1179399,1179593,CVE-2020-8284,CVE-2020-8285,CVE-2020-8286 This update for curl fixes the following issues: - CVE-2020-8286: Fixed improper OSCP verification in the client side (bsc#1179593). - CVE-2020-8285: Fixed a stack overflow due to FTP wildcard (bsc#1179399). - CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP (bsc#1179398). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. From sle-updates at lists.suse.com Mon Jan 4 23:53:01 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jan 2021 07:53:01 +0100 (CET) Subject: SUSE-CU-2021:5-1: Security update of harbor/harbor-nginx Message-ID: <20210105065301.77927FF0B@maintenance.suse.de> SUSE Container Update Advisory: harbor/harbor-nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:5-1 Container Tags : harbor/harbor-nginx:2.1.2 , harbor/harbor-nginx:2.1.2-rev1 , harbor/harbor-nginx:2.1.2-rev1-build2.141 Container Release : 2.141 Severity : important Type : security References : 1084671 1169006 1174232 1174593 1174942 1175514 1175623 1177458 1177490 1177510 1177858 1177864 1177998 1178346 1178376 1178387 1178512 1178554 1178727 1178823 1178825 1179398 1179399 1179431 1179491 1179515 1179593 1180138 CVE-2020-1971 CVE-2020-25692 CVE-2020-28196 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 ----------------------------------------------------------------- The container harbor/harbor-nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3157-1 Released: Wed Nov 4 15:37:05 2020 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1177864 This update for ca-certificates-mozilla fixes the following issues: The SSL Root CA store was updated to the 2.44 state of the Mozilla NSS Certificate store (bsc#1177864) - Removed CAs: - EE Certification Centre Root CA - Taiwan GRCA - Added CAs: - Trustwave Global Certification Authority - Trustwave Global ECC P256 Certification Authority - Trustwave Global ECC P384 Certification Authority ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3290-1 Released: Wed Nov 11 12:25:32 2020 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1174232 This update for findutils fixes the following issues: - Do not unconditionally use leaf optimization for NFS. (bsc#1174232) NFS st_nlink are not accurate on all implementations, leading to aborts() if that assumption is made. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3294-1 Released: Wed Nov 11 12:28:46 2020 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1177998 This update for SLES-release fixes the following issue: - Obsolete Leap 15.2.1 (jump) to allow migration from Jump/Leap 15.2.1 to SLE 15 SP2. (bsc#1177998) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3313-1 Released: Thu Nov 12 16:07:37 2020 Summary: Security update for openldap2 Type: security Severity: important References: 1178387,CVE-2020-25692 This update for openldap2 fixes the following issues: - CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules (bsc#1178387). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3377-1 Released: Thu Nov 19 09:29:32 2020 Summary: Security update for krb5 Type: security Severity: moderate References: 1178512,CVE-2020-28196 This update for krb5 fixes the following security issue: - CVE-2020-28196: Fixed an unbounded recursion via an ASN.1-encoded Kerberos message (bsc#1178512). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3381-1 Released: Thu Nov 19 10:53:38 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1177458,1177490,1177510 This update for systemd fixes the following issues: - build-sys: optionally disable support of journal over the network (bsc#1177458) - ask-password: prevent buffer overflow when reading from keyring (bsc#1177510) - mount: don't propagate errors from mount_setup_unit() further up - Rely on the new build option --disable-remote for journal_remote This allows to drop the workaround that consisted in cleaning journal-upload files and {sysusers.d,tmpfiles.d}/systemd-remote.conf manually when 'journal_remote' support was disabled. - Move journal-{remote,upload}.conf.5.gz man pages into systemd-journal_remote sub package - Make sure {sysusers.d,tmpfiles.d}/systemd-remote.conf are not shipped with --without=journal_remote (bsc#1177458) These files were incorrectly packaged in the main package when systemd-journal_remote was disabled. - Make use of %{_unitdir} and %{_sysusersdir} - Remove mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3462-1 Released: Fri Nov 20 13:14:35 2020 Summary: Recommended update for pam and sudo Type: recommended Severity: moderate References: 1174593,1177858,1178727 This update for pam and sudo fixes the following issue: pam: - pam_xauth: do not *free* a string which has been successfully passed to *putenv*. (bsc#1177858) - Initialize the local variable *daysleft* to avoid a misleading warning for password expire days. (bsc#1178727) - Run /usr/bin/xauth using the old user's and group's identifiers. (bsc#1174593) sudo: - Fix a problem with pam_xauth which checks effective and real uids to get the real identity of the user. (bsc#1174593) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3581-1 Released: Tue Dec 1 14:40:22 2020 Summary: Recommended update for libusb-1_0 Type: recommended Severity: moderate References: 1178376 This update for libusb-1_0 fixes the following issues: - Fixes a build failure for libusb for the inclusion of 'sys/time.h' on PowerPC. (bsc#1178376) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3620-1 Released: Thu Dec 3 17:03:55 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issues: - Check if the password is part of the username. (jsc#SLE-16719, jsc#SLE-16720) - Check whether the password contains a substring of of the user's name of at least `` characters length in some form. This is enabled by the new parameter `usersubstr=` ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3626-1 Released: Fri Dec 4 13:51:46 2020 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1179515 This update for audit fixes the following issues: - Enable Aarch64 processor support. (bsc#1179515) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3703-1 Released: Mon Dec 7 20:17:32 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1179431 This update for aaa_base fixes the following issue: - Avoid semicolon within (t)csh login script on S/390. (bsc#1179431) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3721-1 Released: Wed Dec 9 13:36:46 2020 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1179491,CVE-2020-1971 This update for openssl-1_1 fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3735-1 Released: Wed Dec 9 18:19:24 2020 Summary: Security update for curl Type: security Severity: moderate References: 1179398,1179399,1179593,CVE-2020-8284,CVE-2020-8285,CVE-2020-8286 This update for curl fixes the following issues: - CVE-2020-8286: Fixed improper OSCP verification in the client side (bsc#1179593). - CVE-2020-8285: Fixed a stack overflow due to FTP wildcard (bsc#1179399). - CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP (bsc#1179398). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. From sle-updates at lists.suse.com Mon Jan 4 23:53:39 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jan 2021 07:53:39 +0100 (CET) Subject: SUSE-CU-2021:6-1: Security update of harbor/harbor-notary-server Message-ID: <20210105065339.63EA9FF0B@maintenance.suse.de> SUSE Container Update Advisory: harbor/harbor-notary-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:6-1 Container Tags : harbor/harbor-notary-server:2.1.2 , harbor/harbor-notary-server:2.1.2-rev1 , harbor/harbor-notary-server:2.1.2-rev1-build1.111 Container Release : 1.111 Severity : important Type : security References : 1084671 1169006 1174232 1174593 1174942 1175514 1175623 1177458 1177490 1177510 1177858 1177864 1177998 1178346 1178376 1178387 1178512 1178554 1178727 1178823 1178825 1179398 1179399 1179431 1179491 1179515 1179593 1180138 CVE-2020-1971 CVE-2020-25692 CVE-2020-28196 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 ----------------------------------------------------------------- The container harbor/harbor-notary-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3157-1 Released: Wed Nov 4 15:37:05 2020 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1177864 This update for ca-certificates-mozilla fixes the following issues: The SSL Root CA store was updated to the 2.44 state of the Mozilla NSS Certificate store (bsc#1177864) - Removed CAs: - EE Certification Centre Root CA - Taiwan GRCA - Added CAs: - Trustwave Global Certification Authority - Trustwave Global ECC P256 Certification Authority - Trustwave Global ECC P384 Certification Authority ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3290-1 Released: Wed Nov 11 12:25:32 2020 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1174232 This update for findutils fixes the following issues: - Do not unconditionally use leaf optimization for NFS. (bsc#1174232) NFS st_nlink are not accurate on all implementations, leading to aborts() if that assumption is made. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3294-1 Released: Wed Nov 11 12:28:46 2020 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1177998 This update for SLES-release fixes the following issue: - Obsolete Leap 15.2.1 (jump) to allow migration from Jump/Leap 15.2.1 to SLE 15 SP2. (bsc#1177998) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3313-1 Released: Thu Nov 12 16:07:37 2020 Summary: Security update for openldap2 Type: security Severity: important References: 1178387,CVE-2020-25692 This update for openldap2 fixes the following issues: - CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules (bsc#1178387). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3377-1 Released: Thu Nov 19 09:29:32 2020 Summary: Security update for krb5 Type: security Severity: moderate References: 1178512,CVE-2020-28196 This update for krb5 fixes the following security issue: - CVE-2020-28196: Fixed an unbounded recursion via an ASN.1-encoded Kerberos message (bsc#1178512). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3381-1 Released: Thu Nov 19 10:53:38 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1177458,1177490,1177510 This update for systemd fixes the following issues: - build-sys: optionally disable support of journal over the network (bsc#1177458) - ask-password: prevent buffer overflow when reading from keyring (bsc#1177510) - mount: don't propagate errors from mount_setup_unit() further up - Rely on the new build option --disable-remote for journal_remote This allows to drop the workaround that consisted in cleaning journal-upload files and {sysusers.d,tmpfiles.d}/systemd-remote.conf manually when 'journal_remote' support was disabled. - Move journal-{remote,upload}.conf.5.gz man pages into systemd-journal_remote sub package - Make sure {sysusers.d,tmpfiles.d}/systemd-remote.conf are not shipped with --without=journal_remote (bsc#1177458) These files were incorrectly packaged in the main package when systemd-journal_remote was disabled. - Make use of %{_unitdir} and %{_sysusersdir} - Remove mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3462-1 Released: Fri Nov 20 13:14:35 2020 Summary: Recommended update for pam and sudo Type: recommended Severity: moderate References: 1174593,1177858,1178727 This update for pam and sudo fixes the following issue: pam: - pam_xauth: do not *free* a string which has been successfully passed to *putenv*. (bsc#1177858) - Initialize the local variable *daysleft* to avoid a misleading warning for password expire days. (bsc#1178727) - Run /usr/bin/xauth using the old user's and group's identifiers. (bsc#1174593) sudo: - Fix a problem with pam_xauth which checks effective and real uids to get the real identity of the user. (bsc#1174593) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3581-1 Released: Tue Dec 1 14:40:22 2020 Summary: Recommended update for libusb-1_0 Type: recommended Severity: moderate References: 1178376 This update for libusb-1_0 fixes the following issues: - Fixes a build failure for libusb for the inclusion of 'sys/time.h' on PowerPC. (bsc#1178376) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3620-1 Released: Thu Dec 3 17:03:55 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issues: - Check if the password is part of the username. (jsc#SLE-16719, jsc#SLE-16720) - Check whether the password contains a substring of of the user's name of at least `` characters length in some form. This is enabled by the new parameter `usersubstr=` ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3626-1 Released: Fri Dec 4 13:51:46 2020 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1179515 This update for audit fixes the following issues: - Enable Aarch64 processor support. (bsc#1179515) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3703-1 Released: Mon Dec 7 20:17:32 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1179431 This update for aaa_base fixes the following issue: - Avoid semicolon within (t)csh login script on S/390. (bsc#1179431) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3721-1 Released: Wed Dec 9 13:36:46 2020 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1179491,CVE-2020-1971 This update for openssl-1_1 fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3735-1 Released: Wed Dec 9 18:19:24 2020 Summary: Security update for curl Type: security Severity: moderate References: 1179398,1179399,1179593,CVE-2020-8284,CVE-2020-8285,CVE-2020-8286 This update for curl fixes the following issues: - CVE-2020-8286: Fixed improper OSCP verification in the client side (bsc#1179593). - CVE-2020-8285: Fixed a stack overflow due to FTP wildcard (bsc#1179399). - CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP (bsc#1179398). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. From sle-updates at lists.suse.com Mon Jan 4 23:54:17 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jan 2021 07:54:17 +0100 (CET) Subject: SUSE-CU-2021:7-1: Security update of harbor/harbor-notary-signer Message-ID: <20210105065417.B323AFF0B@maintenance.suse.de> SUSE Container Update Advisory: harbor/harbor-notary-signer ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:7-1 Container Tags : harbor/harbor-notary-signer:2.1.2 , harbor/harbor-notary-signer:2.1.2-rev1 , harbor/harbor-notary-signer:2.1.2-rev1-build1.110 Container Release : 1.110 Severity : important Type : security References : 1084671 1169006 1174232 1174593 1174942 1175514 1175623 1177458 1177490 1177510 1177858 1177864 1177998 1178346 1178376 1178387 1178512 1178554 1178727 1178823 1178825 1179398 1179399 1179431 1179491 1179515 1179593 1180138 CVE-2020-1971 CVE-2020-25692 CVE-2020-28196 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 ----------------------------------------------------------------- The container harbor/harbor-notary-signer was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3157-1 Released: Wed Nov 4 15:37:05 2020 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1177864 This update for ca-certificates-mozilla fixes the following issues: The SSL Root CA store was updated to the 2.44 state of the Mozilla NSS Certificate store (bsc#1177864) - Removed CAs: - EE Certification Centre Root CA - Taiwan GRCA - Added CAs: - Trustwave Global Certification Authority - Trustwave Global ECC P256 Certification Authority - Trustwave Global ECC P384 Certification Authority ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3290-1 Released: Wed Nov 11 12:25:32 2020 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1174232 This update for findutils fixes the following issues: - Do not unconditionally use leaf optimization for NFS. (bsc#1174232) NFS st_nlink are not accurate on all implementations, leading to aborts() if that assumption is made. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3294-1 Released: Wed Nov 11 12:28:46 2020 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1177998 This update for SLES-release fixes the following issue: - Obsolete Leap 15.2.1 (jump) to allow migration from Jump/Leap 15.2.1 to SLE 15 SP2. (bsc#1177998) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3313-1 Released: Thu Nov 12 16:07:37 2020 Summary: Security update for openldap2 Type: security Severity: important References: 1178387,CVE-2020-25692 This update for openldap2 fixes the following issues: - CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules (bsc#1178387). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3377-1 Released: Thu Nov 19 09:29:32 2020 Summary: Security update for krb5 Type: security Severity: moderate References: 1178512,CVE-2020-28196 This update for krb5 fixes the following security issue: - CVE-2020-28196: Fixed an unbounded recursion via an ASN.1-encoded Kerberos message (bsc#1178512). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3381-1 Released: Thu Nov 19 10:53:38 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1177458,1177490,1177510 This update for systemd fixes the following issues: - build-sys: optionally disable support of journal over the network (bsc#1177458) - ask-password: prevent buffer overflow when reading from keyring (bsc#1177510) - mount: don't propagate errors from mount_setup_unit() further up - Rely on the new build option --disable-remote for journal_remote This allows to drop the workaround that consisted in cleaning journal-upload files and {sysusers.d,tmpfiles.d}/systemd-remote.conf manually when 'journal_remote' support was disabled. - Move journal-{remote,upload}.conf.5.gz man pages into systemd-journal_remote sub package - Make sure {sysusers.d,tmpfiles.d}/systemd-remote.conf are not shipped with --without=journal_remote (bsc#1177458) These files were incorrectly packaged in the main package when systemd-journal_remote was disabled. - Make use of %{_unitdir} and %{_sysusersdir} - Remove mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3462-1 Released: Fri Nov 20 13:14:35 2020 Summary: Recommended update for pam and sudo Type: recommended Severity: moderate References: 1174593,1177858,1178727 This update for pam and sudo fixes the following issue: pam: - pam_xauth: do not *free* a string which has been successfully passed to *putenv*. (bsc#1177858) - Initialize the local variable *daysleft* to avoid a misleading warning for password expire days. (bsc#1178727) - Run /usr/bin/xauth using the old user's and group's identifiers. (bsc#1174593) sudo: - Fix a problem with pam_xauth which checks effective and real uids to get the real identity of the user. (bsc#1174593) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3581-1 Released: Tue Dec 1 14:40:22 2020 Summary: Recommended update for libusb-1_0 Type: recommended Severity: moderate References: 1178376 This update for libusb-1_0 fixes the following issues: - Fixes a build failure for libusb for the inclusion of 'sys/time.h' on PowerPC. (bsc#1178376) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3620-1 Released: Thu Dec 3 17:03:55 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issues: - Check if the password is part of the username. (jsc#SLE-16719, jsc#SLE-16720) - Check whether the password contains a substring of of the user's name of at least `` characters length in some form. This is enabled by the new parameter `usersubstr=` ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3626-1 Released: Fri Dec 4 13:51:46 2020 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1179515 This update for audit fixes the following issues: - Enable Aarch64 processor support. (bsc#1179515) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3703-1 Released: Mon Dec 7 20:17:32 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1179431 This update for aaa_base fixes the following issue: - Avoid semicolon within (t)csh login script on S/390. (bsc#1179431) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3721-1 Released: Wed Dec 9 13:36:46 2020 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1179491,CVE-2020-1971 This update for openssl-1_1 fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3735-1 Released: Wed Dec 9 18:19:24 2020 Summary: Security update for curl Type: security Severity: moderate References: 1179398,1179399,1179593,CVE-2020-8284,CVE-2020-8285,CVE-2020-8286 This update for curl fixes the following issues: - CVE-2020-8286: Fixed improper OSCP verification in the client side (bsc#1179593). - CVE-2020-8285: Fixed a stack overflow due to FTP wildcard (bsc#1179399). - CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP (bsc#1179398). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. From sle-updates at lists.suse.com Mon Jan 4 23:55:25 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jan 2021 07:55:25 +0100 (CET) Subject: SUSE-CU-2021:8-1: Security update of harbor/harbor-portal Message-ID: <20210105065525.A4005FF0B@maintenance.suse.de> SUSE Container Update Advisory: harbor/harbor-portal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:8-1 Container Tags : harbor/harbor-portal:2.1.2 , harbor/harbor-portal:2.1.2-rev1 , harbor/harbor-portal:2.1.2-rev1-build4.12 Container Release : 4.12 Severity : important Type : security References : 1084671 1169006 1174232 1174593 1174942 1175514 1175623 1177458 1177490 1177510 1177858 1177864 1177998 1178346 1178376 1178387 1178512 1178554 1178727 1178823 1178825 1179398 1179399 1179431 1179491 1179515 1179593 1180138 CVE-2020-1971 CVE-2020-25692 CVE-2020-28196 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 ----------------------------------------------------------------- The container harbor/harbor-portal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3157-1 Released: Wed Nov 4 15:37:05 2020 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1177864 This update for ca-certificates-mozilla fixes the following issues: The SSL Root CA store was updated to the 2.44 state of the Mozilla NSS Certificate store (bsc#1177864) - Removed CAs: - EE Certification Centre Root CA - Taiwan GRCA - Added CAs: - Trustwave Global Certification Authority - Trustwave Global ECC P256 Certification Authority - Trustwave Global ECC P384 Certification Authority ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3290-1 Released: Wed Nov 11 12:25:32 2020 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1174232 This update for findutils fixes the following issues: - Do not unconditionally use leaf optimization for NFS. (bsc#1174232) NFS st_nlink are not accurate on all implementations, leading to aborts() if that assumption is made. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3294-1 Released: Wed Nov 11 12:28:46 2020 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1177998 This update for SLES-release fixes the following issue: - Obsolete Leap 15.2.1 (jump) to allow migration from Jump/Leap 15.2.1 to SLE 15 SP2. (bsc#1177998) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3313-1 Released: Thu Nov 12 16:07:37 2020 Summary: Security update for openldap2 Type: security Severity: important References: 1178387,CVE-2020-25692 This update for openldap2 fixes the following issues: - CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules (bsc#1178387). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3377-1 Released: Thu Nov 19 09:29:32 2020 Summary: Security update for krb5 Type: security Severity: moderate References: 1178512,CVE-2020-28196 This update for krb5 fixes the following security issue: - CVE-2020-28196: Fixed an unbounded recursion via an ASN.1-encoded Kerberos message (bsc#1178512). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3381-1 Released: Thu Nov 19 10:53:38 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1177458,1177490,1177510 This update for systemd fixes the following issues: - build-sys: optionally disable support of journal over the network (bsc#1177458) - ask-password: prevent buffer overflow when reading from keyring (bsc#1177510) - mount: don't propagate errors from mount_setup_unit() further up - Rely on the new build option --disable-remote for journal_remote This allows to drop the workaround that consisted in cleaning journal-upload files and {sysusers.d,tmpfiles.d}/systemd-remote.conf manually when 'journal_remote' support was disabled. - Move journal-{remote,upload}.conf.5.gz man pages into systemd-journal_remote sub package - Make sure {sysusers.d,tmpfiles.d}/systemd-remote.conf are not shipped with --without=journal_remote (bsc#1177458) These files were incorrectly packaged in the main package when systemd-journal_remote was disabled. - Make use of %{_unitdir} and %{_sysusersdir} - Remove mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3462-1 Released: Fri Nov 20 13:14:35 2020 Summary: Recommended update for pam and sudo Type: recommended Severity: moderate References: 1174593,1177858,1178727 This update for pam and sudo fixes the following issue: pam: - pam_xauth: do not *free* a string which has been successfully passed to *putenv*. (bsc#1177858) - Initialize the local variable *daysleft* to avoid a misleading warning for password expire days. (bsc#1178727) - Run /usr/bin/xauth using the old user's and group's identifiers. (bsc#1174593) sudo: - Fix a problem with pam_xauth which checks effective and real uids to get the real identity of the user. (bsc#1174593) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3581-1 Released: Tue Dec 1 14:40:22 2020 Summary: Recommended update for libusb-1_0 Type: recommended Severity: moderate References: 1178376 This update for libusb-1_0 fixes the following issues: - Fixes a build failure for libusb for the inclusion of 'sys/time.h' on PowerPC. (bsc#1178376) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3620-1 Released: Thu Dec 3 17:03:55 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issues: - Check if the password is part of the username. (jsc#SLE-16719, jsc#SLE-16720) - Check whether the password contains a substring of of the user's name of at least `` characters length in some form. This is enabled by the new parameter `usersubstr=` ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3626-1 Released: Fri Dec 4 13:51:46 2020 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1179515 This update for audit fixes the following issues: - Enable Aarch64 processor support. (bsc#1179515) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3703-1 Released: Mon Dec 7 20:17:32 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1179431 This update for aaa_base fixes the following issue: - Avoid semicolon within (t)csh login script on S/390. (bsc#1179431) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3721-1 Released: Wed Dec 9 13:36:46 2020 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1179491,CVE-2020-1971 This update for openssl-1_1 fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3735-1 Released: Wed Dec 9 18:19:24 2020 Summary: Security update for curl Type: security Severity: moderate References: 1179398,1179399,1179593,CVE-2020-8284,CVE-2020-8285,CVE-2020-8286 This update for curl fixes the following issues: - CVE-2020-8286: Fixed improper OSCP verification in the client side (bsc#1179593). - CVE-2020-8285: Fixed a stack overflow due to FTP wildcard (bsc#1179399). - CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP (bsc#1179398). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. From sle-updates at lists.suse.com Mon Jan 4 23:56:17 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jan 2021 07:56:17 +0100 (CET) Subject: SUSE-CU-2021:9-1: Security update of harbor/harbor-redis Message-ID: <20210105065617.C238DFF0B@maintenance.suse.de> SUSE Container Update Advisory: harbor/harbor-redis ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:9-1 Container Tags : harbor/harbor-redis:2.1.2 , harbor/harbor-redis:2.1.2-rev1 , harbor/harbor-redis:2.1.2-rev1-build5.76 Container Release : 5.76 Severity : important Type : security References : 1002351 1047218 1061967 1064980 1084671 1097430 1131555 1169006 1174232 1174593 1174942 1175514 1175623 1177458 1177490 1177510 1177858 1177864 1177998 1178346 1178376 1178387 1178512 1178554 1178727 1178823 1178825 1179398 1179399 1179431 1179491 1179515 1179593 1180138 798455 835815 991250 CVE-2013-7458 CVE-2015-8080 CVE-2016-10517 CVE-2016-8339 CVE-2017-15047 CVE-2018-11218 CVE-2018-11219 CVE-2020-1971 CVE-2020-25692 CVE-2020-28196 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 ----------------------------------------------------------------- The container harbor/harbor-redis was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3157-1 Released: Wed Nov 4 15:37:05 2020 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1177864 This update for ca-certificates-mozilla fixes the following issues: The SSL Root CA store was updated to the 2.44 state of the Mozilla NSS Certificate store (bsc#1177864) - Removed CAs: - EE Certification Centre Root CA - Taiwan GRCA - Added CAs: - Trustwave Global Certification Authority - Trustwave Global ECC P256 Certification Authority - Trustwave Global ECC P384 Certification Authority ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3290-1 Released: Wed Nov 11 12:25:32 2020 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1174232 This update for findutils fixes the following issues: - Do not unconditionally use leaf optimization for NFS. (bsc#1174232) NFS st_nlink are not accurate on all implementations, leading to aborts() if that assumption is made. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2020:3291-1 Released: Wed Nov 11 12:26:29 2020 Summary: Optional update for python-redis and redis Type: optional Severity: moderate References: 1002351,1047218,1061967,1064980,1097430,1131555,798455,835815,991250,CVE-2013-7458,CVE-2015-8080,CVE-2016-10517,CVE-2016-8339,CVE-2017-15047,CVE-2018-11218,CVE-2018-11219 This optional update for python-redis and redis provides the following fixes python-redis: - Update to version to 3.4.1 (jsc#ECO-2417) * Move the username argument in the Redis and Connection classes to the end of the argument list. This helps those poor souls that specify all their connection options as non-keyword arguments. * Prior to ACL support, redis-py ignored the username component of Connection URLs. With ACL support, usernames are no longer ignored and are used to authenticate against an ACL rule. Some cloud vendors with managed Redis instances (like Heroku) provide connection URLs with a username component pre-ACL that is not intended to be used. Sending that username to Redis servers < 6.0.0 results in an error. Attempt to detect this condition and retry the AUTH command with only the password such that authentication continues to work for these users. * Removed the __eq__ hooks to Redis and ConnectionPool that were added in 3.4.0. This ended up being a bad idea as two separate connection pools be considered equal yet manage a completely separate set of connections. * Allow empty pipelines to be executed if there are WATCHed keys. This is a convenient way to test if any of the watched keys changed without actually running any other commands. * Removed support for end of life Python 3.4. * Added support for all ACL commands in Redis 6. * Pipeline instances now always evaluate to True. Prior to this change, pipeline instances relied on __len__ for boolean evaluation which meant that pipelines with no commands on the stack would be considered False. * Client instances and Connection pools now support a 'client_name' argument. If supplied, all connections created will call CLIENT SETNAME as soon as the connection is opened. * Added the 'ssl_check_hostname' argument to specify whether SSL connections should require the server hostname to match the hostname specified in the SSL cert. By default 'ssl_check_hostname' is False for backwards compatibility. * Added support for the TYPE argument to SCAN. * Better thread and fork safety in ConnectionPool and BlockingConnectionPool. Added better locking to synchronize critical sections rather than relying on CPython-specific implementation details relating to atomic operations. Adjusted how the pools identify and deal with a fork. Added a ChildDeadlockedError exception that is raised by child processes in the very unlikely chance that a deadlock is encountered. * Further fix for the SSLError -> TimeoutError mapping to work on obscure releases of Python 2.7. * Fixed a potential error handling bug for the SSLError -> TimeoutError mapping introduced in 3.3.9. * Mapped Python 2.7 SSLError to TimeoutError where appropriate. Timeouts should now consistently raise TimeoutErrors on Python 2.7 for both unsecured and secured connections. * Fixed MONITOR parsing to properly parse IPv6 client addresses * Fixed a regression introduced in 3.3.0 * Resolve a race condition with the PubSubWorkerThread. * Response callbacks are now case insensitive. * Added support for hiredis-py 1.0.0 encoding error support. * Add READONLY and READWRITE commands. * Added extensive health checks that keep the connections lively. * Many more changes, see upstream changelog. * Add missing build dependency setuptools * Fix SentinelConnectionPool to work in multiprocess/forked environments - Update to 3.2.0 (bsc#1131555) * Added support for `select.poll` to test whether data can be read on a socket. This should allow for significantly more connections to be used with pubsub. * Attempt to guarentee that the ConnectionPool hands out healthy connections. Healthy connections are those that have an established socket connection to the Redis server, are ready to accept a command and have no data available to read. * Use the socket.IPPROTO_TCP constant instead of socket.SOL_TCP. IPPROTO_TCP is available on more interpreters (Jython for instance). * Fixed a regression introduced in 3.0 that mishandles exceptions not derived from the base Exception class. KeyboardInterrupt and gevent.timeout notable. * Significant improvements to handing connections with forked processes. Parent and child processes no longer trample on each others' connections. * PythonParser no longer closes the associated connection's socket. The connection itself will close the socket. * Connection URLs must have one of the following schemes: redis://, rediss://, unix://. * Fixed an issue with retry_on_timeout logic that caused some TimeoutErrors to be retried. * Added support for SNI for SSL. * Fixed ConnectionPool repr for pools with no connections. * Fixed GEOHASH to return a None value when specifying a place that doesn't exist on the server. * Fixed XREADGROUP to return an empty dictionary for messages that have been deleted but still exist in the unacknowledged queue. * Added an owned method to Lock objects. owned returns a boolean indicating whether the current lock instance still owns the lock. * Allow lock.acquire() to accept an optional token argument. If provided, the token argument is used as the unique value used to claim the lock. * Added a reacquire method to Lock objects. reaquire attempts to renew the lock such that the timeout is extended to the same value that the lock was initially acquired with. * Stream names found within XREAD and XREADGROUP responses now properly respect the decode_responses flag. * XPENDING_RANGE now requires the user the specify the min, max and count arguments. Newer versions of Redis prevent count from being infinite so it's left to the user to specify these values explicitly. * ZADD now returns None when xx=True and incr=True and an element is specified that doesn't exist in the sorted set. This matches what the server returns in this case. * Added client_kill_filter that accepts various filters to identify and kill clients. * Fixed a race condition that occurred when unsubscribing and resubscribing to the same channel or pattern in rapid succession. * Added a LockNotOwnedError that is raised when trying to extend or release a lock that is no longer owned. This is a subclass of LockError so previous code should continue to work as expected. * Fixed a bug in GEORADIUS that forced decoding of places without respecting the decode_responses option. * add recommendation for python-hiredis * Fixed regression with UnixDomainSocketConnection caused by 3.0.0. * Fixed an issue with the new asynchronous flag on flushdb and flushall. * Updated Lock.locked() method to indicate whether *any* process has acquired the lock, not just the current one. This is in line with the behavior of threading.Lock. - Update to version 3.0.0: BACKWARDS INCOMPATIBLE CHANGES * When using a Lock as a context manager and the lock fails to be acquired a LockError is now raised. This prevents the code block inside the context manager from being executed if the lock could not be acquired. * Renamed LuaLock to Lock. * Removed the pipeline based Lock implementation in favor of the LuaLock implementation. * Only bytes, strings and numbers (ints, longs and floats) are acceptable for keys and values. Previously redis-py attempted to cast other types to str() and store the result. This caused must confusion and frustration when passing boolean values (cast to 'True' and 'False') or None values (cast to 'None'). It is now the user's responsibility to cast all key names and values to bytes, strings or numbers before passing the value to redis-py. * The StrictRedis class has been renamed to Redis. StrictRedis will continue to exist as an alias of Redis for the forseeable future. * The legacy Redis client class has been removed. It caused much confusion to users. * ZINCRBY arguments 'value' and 'amount' have swapped order to match the the Redis server. The new argument order is: keyname, amount, value. * MGET no longer raises an error if zero keys are passed in. Instead an empty list is returned. * MSET and MSETNX now require all keys/values to be specified in a single dictionary argument named mapping. This was changed to allow for future options to these commands in the future. * ZADD now requires all element names/scores be specified in a single dictionary argument named mapping. This was required to allow the NX, XX, CH and INCR options to be specified. OTHER CHANGES * Added missing DECRBY command. * CLUSTER INFO and CLUSTER NODES respones are now properly decoded to strings. * Added a 'locked()' method to Lock objects. This method returns True if the lock has been acquired and owned by the current process, otherwise False. * EXISTS now supports multiple keys. It's return value is now the number of keys in the list that exist. * Ensure all commands can accept key names as bytes. This fixes issues with BLPOP, BRPOP and SORT. * All errors resulting from bad user input are raised as DataError exceptions. DataError is a subclass of RedisError so this should be transparent to anyone previously catching these. * Added support for NX, XX, CH and INCR options to ZADD * Added support for the MIGRATE command * Added support for the MEMORY USAGE and MEMORY PURGE commands. * Added support for the 'asynchronous' argument to FLUSHDB and FLUSHALL commands. * Added support for the BITFIELD command. * Improved performance on pipeline requests with large chunks of data. * Fixed test suite to not fail if another client is connected to the server the tests are running against. * Added support for SWAPDB. * Added support for all STREAM commands. * SHUTDOWN now accepts the 'save' and 'nosave' arguments. * Added support for ZPOPMAX, ZPOPMIN, BZPOPMAX, BZPOPMIN. * Added support for the 'type' argument in CLIENT LIST. * Added support for CLIENT PAUSE. * Added support for CLIENT ID and CLIENT UNBLOCK. * GEODIST now returns a None value when referencing a place that does not exist. * Added a ping() method to pubsub objects. * Fixed a bug with keys in the INFO dict that contained ':' symbols. * ssl_cert_reqs now has a default value of 'required' by default. This should make connecting to a remote Redis server over SSL more secure. * max_connections is now a valid querystring argument for creating connection pools from URLs. * Added the UNLINK command. * Added socket_type option to Connection for configurability. * Lock.do_acquire now atomically sets acquires the lock and sets the expire value via set(nx=True, px=timeout). * Added 'count' argument to SPOP. * Fixed an issue parsing client_list respones that contained an '='. * Fix rounding issues with geolocation, it is not stable enought to produce pinpoint equal results among 32bit platforms * Run tests by launching redis server * Require redis on runtime redis: - Update to version 6.0.8 (jsc#PM-1615, jsc#PM-1622, jsc#PM-1681, jsc#ECO-2867, jsc#PM-1547, jsc#CAPS-56, jsc#SLE-11578, jsc#SLE-12821) * bug fixes when using with Sentinel * bug fixes when using CONFIG REWRITE * Remove THP warning when set to madvise * Allow EXEC with read commands on readonly replica in cluster * Add masters/replicas options to redis-cli --cluster call command * CONFIG SET could hung the client when arrives during RDB/ROF loading * LPOS command when RANK is greater than matches responded with broken protocol * Add oom-score-adj configuration option to control Linux OOM killer * Show IO threads statistics and status in INFO output * Add optional tls verification mode (see tls-auth-clients) * Fix crash when enabling CLIENT TRACKING with prefix * EXEC always fails with EXECABORT and multi-state is cleared * RESTORE ABSTTL won't store expired keys into the db * redis-cli better handling of non-pritable key names * TLS: Ignore client cert when tls-auth-clients off * Tracking: fix invalidation message on flush * Notify systemd on Sentinel startup * Fix crash on a misuse of STRALGO * Fix a few rare leaks (STRALGO error misuse, Sentinel) * Fix a possible invalid access in defrag of scripts * Add LPOS command to search in a list * Use user+pass for MIGRATE in redis-cli and redis-benchmark in cluster mode * redis-cli support TLS for --pipe, --rdb and --replica options * TLS: Session caching configuration support * Fix handling of speical chars in ACL LOAD * Make Redis Cluster more robust about operation errors that may lead to two clusters to mix together * Revert the sendfile() implementation of RDB transfer * Fix TLS certificate loading for chained certificates * Fix AOF rewirting of KEEPTTL SET option * Fix MULTI/EXEC behavior during -BUSY script errors * fix a severe replication bug introduced in Redis 6 by the 'meaningful offset' feature * fix a crash introduced in 6.0.2 * fix to client side caching when keys are evicted from the tracking table but no notifications are sent * add BR pkgconfig(libsystemd) for the rewritten systemd support and force building with it * XCLAIM AOF/replicas propagation fixed. * Client side caching: new NOLOOP option to avoid getting notified about changes performed by ourselves. * ACL GENPASS now uses HMAC-SHA256 and have an optional 'bits' argument. It means you can use it as a general purpose 'secure random strings' primitive! * Cluster 'SLOTS' subcommand memory optimization. * The LCS command is now a subcommand of STRALGO. * Meaningful offset for replicas as well. More successful partial resynchronizations. * Optimize memory usage of deferred replies. * Faster CRC64 algorithm for faster RDB loading. * XINFO STREAM FULL, a new subcommand to get the whole stream state. * CLIENT KILL USER . * MIGRATE AUTH2 option, for ACL style authentication support. * use libatomic also on ppc * add hash file from redis-hashes and verify it during build ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3294-1 Released: Wed Nov 11 12:28:46 2020 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1177998 This update for SLES-release fixes the following issue: - Obsolete Leap 15.2.1 (jump) to allow migration from Jump/Leap 15.2.1 to SLE 15 SP2. (bsc#1177998) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3313-1 Released: Thu Nov 12 16:07:37 2020 Summary: Security update for openldap2 Type: security Severity: important References: 1178387,CVE-2020-25692 This update for openldap2 fixes the following issues: - CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules (bsc#1178387). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3377-1 Released: Thu Nov 19 09:29:32 2020 Summary: Security update for krb5 Type: security Severity: moderate References: 1178512,CVE-2020-28196 This update for krb5 fixes the following security issue: - CVE-2020-28196: Fixed an unbounded recursion via an ASN.1-encoded Kerberos message (bsc#1178512). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3381-1 Released: Thu Nov 19 10:53:38 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1177458,1177490,1177510 This update for systemd fixes the following issues: - build-sys: optionally disable support of journal over the network (bsc#1177458) - ask-password: prevent buffer overflow when reading from keyring (bsc#1177510) - mount: don't propagate errors from mount_setup_unit() further up - Rely on the new build option --disable-remote for journal_remote This allows to drop the workaround that consisted in cleaning journal-upload files and {sysusers.d,tmpfiles.d}/systemd-remote.conf manually when 'journal_remote' support was disabled. - Move journal-{remote,upload}.conf.5.gz man pages into systemd-journal_remote sub package - Make sure {sysusers.d,tmpfiles.d}/systemd-remote.conf are not shipped with --without=journal_remote (bsc#1177458) These files were incorrectly packaged in the main package when systemd-journal_remote was disabled. - Make use of %{_unitdir} and %{_sysusersdir} - Remove mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3462-1 Released: Fri Nov 20 13:14:35 2020 Summary: Recommended update for pam and sudo Type: recommended Severity: moderate References: 1174593,1177858,1178727 This update for pam and sudo fixes the following issue: pam: - pam_xauth: do not *free* a string which has been successfully passed to *putenv*. (bsc#1177858) - Initialize the local variable *daysleft* to avoid a misleading warning for password expire days. (bsc#1178727) - Run /usr/bin/xauth using the old user's and group's identifiers. (bsc#1174593) sudo: - Fix a problem with pam_xauth which checks effective and real uids to get the real identity of the user. (bsc#1174593) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3581-1 Released: Tue Dec 1 14:40:22 2020 Summary: Recommended update for libusb-1_0 Type: recommended Severity: moderate References: 1178376 This update for libusb-1_0 fixes the following issues: - Fixes a build failure for libusb for the inclusion of 'sys/time.h' on PowerPC. (bsc#1178376) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3620-1 Released: Thu Dec 3 17:03:55 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issues: - Check if the password is part of the username. (jsc#SLE-16719, jsc#SLE-16720) - Check whether the password contains a substring of of the user's name of at least `` characters length in some form. This is enabled by the new parameter `usersubstr=` ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3626-1 Released: Fri Dec 4 13:51:46 2020 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1179515 This update for audit fixes the following issues: - Enable Aarch64 processor support. (bsc#1179515) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3703-1 Released: Mon Dec 7 20:17:32 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1179431 This update for aaa_base fixes the following issue: - Avoid semicolon within (t)csh login script on S/390. (bsc#1179431) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3721-1 Released: Wed Dec 9 13:36:46 2020 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1179491,CVE-2020-1971 This update for openssl-1_1 fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3735-1 Released: Wed Dec 9 18:19:24 2020 Summary: Security update for curl Type: security Severity: moderate References: 1179398,1179399,1179593,CVE-2020-8284,CVE-2020-8285,CVE-2020-8286 This update for curl fixes the following issues: - CVE-2020-8286: Fixed improper OSCP verification in the client side (bsc#1179593). - CVE-2020-8285: Fixed a stack overflow due to FTP wildcard (bsc#1179399). - CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP (bsc#1179398). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. From sle-updates at lists.suse.com Mon Jan 4 23:56:40 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jan 2021 07:56:40 +0100 (CET) Subject: SUSE-CU-2021:10-1: Security update of harbor/harbor-redis-operator Message-ID: <20210105065640.9D039FF0B@maintenance.suse.de> SUSE Container Update Advisory: harbor/harbor-redis-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:10-1 Container Tags : harbor/harbor-redis-operator:1.0.0 , harbor/harbor-redis-operator:1.0.0-build1.78 Container Release : 1.78 Severity : important Type : security References : 1084671 1169006 1174232 1174593 1174942 1175514 1175623 1177458 1177490 1177510 1177858 1177864 1177998 1178346 1178376 1178387 1178512 1178554 1178727 1178823 1178825 1179398 1179399 1179431 1179491 1179515 1179593 1180138 CVE-2020-1971 CVE-2020-25692 CVE-2020-28196 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 ----------------------------------------------------------------- The container harbor/harbor-redis-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3157-1 Released: Wed Nov 4 15:37:05 2020 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1177864 This update for ca-certificates-mozilla fixes the following issues: The SSL Root CA store was updated to the 2.44 state of the Mozilla NSS Certificate store (bsc#1177864) - Removed CAs: - EE Certification Centre Root CA - Taiwan GRCA - Added CAs: - Trustwave Global Certification Authority - Trustwave Global ECC P256 Certification Authority - Trustwave Global ECC P384 Certification Authority ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3290-1 Released: Wed Nov 11 12:25:32 2020 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1174232 This update for findutils fixes the following issues: - Do not unconditionally use leaf optimization for NFS. (bsc#1174232) NFS st_nlink are not accurate on all implementations, leading to aborts() if that assumption is made. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3294-1 Released: Wed Nov 11 12:28:46 2020 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1177998 This update for SLES-release fixes the following issue: - Obsolete Leap 15.2.1 (jump) to allow migration from Jump/Leap 15.2.1 to SLE 15 SP2. (bsc#1177998) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3313-1 Released: Thu Nov 12 16:07:37 2020 Summary: Security update for openldap2 Type: security Severity: important References: 1178387,CVE-2020-25692 This update for openldap2 fixes the following issues: - CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules (bsc#1178387). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3377-1 Released: Thu Nov 19 09:29:32 2020 Summary: Security update for krb5 Type: security Severity: moderate References: 1178512,CVE-2020-28196 This update for krb5 fixes the following security issue: - CVE-2020-28196: Fixed an unbounded recursion via an ASN.1-encoded Kerberos message (bsc#1178512). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3381-1 Released: Thu Nov 19 10:53:38 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1177458,1177490,1177510 This update for systemd fixes the following issues: - build-sys: optionally disable support of journal over the network (bsc#1177458) - ask-password: prevent buffer overflow when reading from keyring (bsc#1177510) - mount: don't propagate errors from mount_setup_unit() further up - Rely on the new build option --disable-remote for journal_remote This allows to drop the workaround that consisted in cleaning journal-upload files and {sysusers.d,tmpfiles.d}/systemd-remote.conf manually when 'journal_remote' support was disabled. - Move journal-{remote,upload}.conf.5.gz man pages into systemd-journal_remote sub package - Make sure {sysusers.d,tmpfiles.d}/systemd-remote.conf are not shipped with --without=journal_remote (bsc#1177458) These files were incorrectly packaged in the main package when systemd-journal_remote was disabled. - Make use of %{_unitdir} and %{_sysusersdir} - Remove mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3462-1 Released: Fri Nov 20 13:14:35 2020 Summary: Recommended update for pam and sudo Type: recommended Severity: moderate References: 1174593,1177858,1178727 This update for pam and sudo fixes the following issue: pam: - pam_xauth: do not *free* a string which has been successfully passed to *putenv*. (bsc#1177858) - Initialize the local variable *daysleft* to avoid a misleading warning for password expire days. (bsc#1178727) - Run /usr/bin/xauth using the old user's and group's identifiers. (bsc#1174593) sudo: - Fix a problem with pam_xauth which checks effective and real uids to get the real identity of the user. (bsc#1174593) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3581-1 Released: Tue Dec 1 14:40:22 2020 Summary: Recommended update for libusb-1_0 Type: recommended Severity: moderate References: 1178376 This update for libusb-1_0 fixes the following issues: - Fixes a build failure for libusb for the inclusion of 'sys/time.h' on PowerPC. (bsc#1178376) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3620-1 Released: Thu Dec 3 17:03:55 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issues: - Check if the password is part of the username. (jsc#SLE-16719, jsc#SLE-16720) - Check whether the password contains a substring of of the user's name of at least `` characters length in some form. This is enabled by the new parameter `usersubstr=` ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3626-1 Released: Fri Dec 4 13:51:46 2020 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1179515 This update for audit fixes the following issues: - Enable Aarch64 processor support. (bsc#1179515) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3703-1 Released: Mon Dec 7 20:17:32 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1179431 This update for aaa_base fixes the following issue: - Avoid semicolon within (t)csh login script on S/390. (bsc#1179431) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3721-1 Released: Wed Dec 9 13:36:46 2020 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1179491,CVE-2020-1971 This update for openssl-1_1 fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3735-1 Released: Wed Dec 9 18:19:24 2020 Summary: Security update for curl Type: security Severity: moderate References: 1179398,1179399,1179593,CVE-2020-8284,CVE-2020-8285,CVE-2020-8286 This update for curl fixes the following issues: - CVE-2020-8286: Fixed improper OSCP verification in the client side (bsc#1179593). - CVE-2020-8285: Fixed a stack overflow due to FTP wildcard (bsc#1179399). - CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP (bsc#1179398). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. From sle-updates at lists.suse.com Mon Jan 4 23:57:33 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jan 2021 07:57:33 +0100 (CET) Subject: SUSE-CU-2021:11-1: Security update of harbor/harbor-registry Message-ID: <20210105065733.5D2F8FF0B@maintenance.suse.de> SUSE Container Update Advisory: harbor/harbor-registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:11-1 Container Tags : harbor/harbor-registry:2.1.2 , harbor/harbor-registry:2.1.2-rev1 , harbor/harbor-registry:2.1.2-rev1-build3.78 Container Release : 3.78 Severity : important Type : security References : 1084671 1169006 1174232 1174593 1174942 1175514 1175623 1177458 1177490 1177510 1177858 1177864 1177998 1178346 1178376 1178387 1178512 1178554 1178727 1178823 1178825 1179398 1179399 1179431 1179491 1179515 1179593 1180138 CVE-2020-1971 CVE-2020-25692 CVE-2020-28196 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 ----------------------------------------------------------------- The container harbor/harbor-registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3157-1 Released: Wed Nov 4 15:37:05 2020 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1177864 This update for ca-certificates-mozilla fixes the following issues: The SSL Root CA store was updated to the 2.44 state of the Mozilla NSS Certificate store (bsc#1177864) - Removed CAs: - EE Certification Centre Root CA - Taiwan GRCA - Added CAs: - Trustwave Global Certification Authority - Trustwave Global ECC P256 Certification Authority - Trustwave Global ECC P384 Certification Authority ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3290-1 Released: Wed Nov 11 12:25:32 2020 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1174232 This update for findutils fixes the following issues: - Do not unconditionally use leaf optimization for NFS. (bsc#1174232) NFS st_nlink are not accurate on all implementations, leading to aborts() if that assumption is made. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3294-1 Released: Wed Nov 11 12:28:46 2020 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1177998 This update for SLES-release fixes the following issue: - Obsolete Leap 15.2.1 (jump) to allow migration from Jump/Leap 15.2.1 to SLE 15 SP2. (bsc#1177998) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3313-1 Released: Thu Nov 12 16:07:37 2020 Summary: Security update for openldap2 Type: security Severity: important References: 1178387,CVE-2020-25692 This update for openldap2 fixes the following issues: - CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules (bsc#1178387). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3377-1 Released: Thu Nov 19 09:29:32 2020 Summary: Security update for krb5 Type: security Severity: moderate References: 1178512,CVE-2020-28196 This update for krb5 fixes the following security issue: - CVE-2020-28196: Fixed an unbounded recursion via an ASN.1-encoded Kerberos message (bsc#1178512). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3381-1 Released: Thu Nov 19 10:53:38 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1177458,1177490,1177510 This update for systemd fixes the following issues: - build-sys: optionally disable support of journal over the network (bsc#1177458) - ask-password: prevent buffer overflow when reading from keyring (bsc#1177510) - mount: don't propagate errors from mount_setup_unit() further up - Rely on the new build option --disable-remote for journal_remote This allows to drop the workaround that consisted in cleaning journal-upload files and {sysusers.d,tmpfiles.d}/systemd-remote.conf manually when 'journal_remote' support was disabled. - Move journal-{remote,upload}.conf.5.gz man pages into systemd-journal_remote sub package - Make sure {sysusers.d,tmpfiles.d}/systemd-remote.conf are not shipped with --without=journal_remote (bsc#1177458) These files were incorrectly packaged in the main package when systemd-journal_remote was disabled. - Make use of %{_unitdir} and %{_sysusersdir} - Remove mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3462-1 Released: Fri Nov 20 13:14:35 2020 Summary: Recommended update for pam and sudo Type: recommended Severity: moderate References: 1174593,1177858,1178727 This update for pam and sudo fixes the following issue: pam: - pam_xauth: do not *free* a string which has been successfully passed to *putenv*. (bsc#1177858) - Initialize the local variable *daysleft* to avoid a misleading warning for password expire days. (bsc#1178727) - Run /usr/bin/xauth using the old user's and group's identifiers. (bsc#1174593) sudo: - Fix a problem with pam_xauth which checks effective and real uids to get the real identity of the user. (bsc#1174593) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3581-1 Released: Tue Dec 1 14:40:22 2020 Summary: Recommended update for libusb-1_0 Type: recommended Severity: moderate References: 1178376 This update for libusb-1_0 fixes the following issues: - Fixes a build failure for libusb for the inclusion of 'sys/time.h' on PowerPC. (bsc#1178376) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3620-1 Released: Thu Dec 3 17:03:55 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issues: - Check if the password is part of the username. (jsc#SLE-16719, jsc#SLE-16720) - Check whether the password contains a substring of of the user's name of at least `` characters length in some form. This is enabled by the new parameter `usersubstr=` ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3626-1 Released: Fri Dec 4 13:51:46 2020 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1179515 This update for audit fixes the following issues: - Enable Aarch64 processor support. (bsc#1179515) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3703-1 Released: Mon Dec 7 20:17:32 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1179431 This update for aaa_base fixes the following issue: - Avoid semicolon within (t)csh login script on S/390. (bsc#1179431) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3721-1 Released: Wed Dec 9 13:36:46 2020 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1179491,CVE-2020-1971 This update for openssl-1_1 fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3735-1 Released: Wed Dec 9 18:19:24 2020 Summary: Security update for curl Type: security Severity: moderate References: 1179398,1179399,1179593,CVE-2020-8284,CVE-2020-8285,CVE-2020-8286 This update for curl fixes the following issues: - CVE-2020-8286: Fixed improper OSCP verification in the client side (bsc#1179593). - CVE-2020-8285: Fixed a stack overflow due to FTP wildcard (bsc#1179399). - CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP (bsc#1179398). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. From sle-updates at lists.suse.com Mon Jan 4 23:58:27 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jan 2021 07:58:27 +0100 (CET) Subject: SUSE-CU-2021:12-1: Security update of harbor/harbor-registryctl Message-ID: <20210105065827.09F41FF0B@maintenance.suse.de> SUSE Container Update Advisory: harbor/harbor-registryctl ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:12-1 Container Tags : harbor/harbor-registryctl:2.1.2 , harbor/harbor-registryctl:2.1.2-rev1 , harbor/harbor-registryctl:2.1.2-rev1-build3.78 Container Release : 3.78 Severity : important Type : security References : 1084671 1169006 1174232 1174593 1174942 1175514 1175623 1177458 1177490 1177510 1177858 1177864 1177998 1178346 1178376 1178387 1178512 1178554 1178727 1178823 1178825 1179398 1179399 1179431 1179491 1179515 1179593 1180138 CVE-2020-1971 CVE-2020-25692 CVE-2020-28196 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 ----------------------------------------------------------------- The container harbor/harbor-registryctl was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3157-1 Released: Wed Nov 4 15:37:05 2020 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1177864 This update for ca-certificates-mozilla fixes the following issues: The SSL Root CA store was updated to the 2.44 state of the Mozilla NSS Certificate store (bsc#1177864) - Removed CAs: - EE Certification Centre Root CA - Taiwan GRCA - Added CAs: - Trustwave Global Certification Authority - Trustwave Global ECC P256 Certification Authority - Trustwave Global ECC P384 Certification Authority ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3290-1 Released: Wed Nov 11 12:25:32 2020 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1174232 This update for findutils fixes the following issues: - Do not unconditionally use leaf optimization for NFS. (bsc#1174232) NFS st_nlink are not accurate on all implementations, leading to aborts() if that assumption is made. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3294-1 Released: Wed Nov 11 12:28:46 2020 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1177998 This update for SLES-release fixes the following issue: - Obsolete Leap 15.2.1 (jump) to allow migration from Jump/Leap 15.2.1 to SLE 15 SP2. (bsc#1177998) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3313-1 Released: Thu Nov 12 16:07:37 2020 Summary: Security update for openldap2 Type: security Severity: important References: 1178387,CVE-2020-25692 This update for openldap2 fixes the following issues: - CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules (bsc#1178387). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3377-1 Released: Thu Nov 19 09:29:32 2020 Summary: Security update for krb5 Type: security Severity: moderate References: 1178512,CVE-2020-28196 This update for krb5 fixes the following security issue: - CVE-2020-28196: Fixed an unbounded recursion via an ASN.1-encoded Kerberos message (bsc#1178512). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3381-1 Released: Thu Nov 19 10:53:38 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1177458,1177490,1177510 This update for systemd fixes the following issues: - build-sys: optionally disable support of journal over the network (bsc#1177458) - ask-password: prevent buffer overflow when reading from keyring (bsc#1177510) - mount: don't propagate errors from mount_setup_unit() further up - Rely on the new build option --disable-remote for journal_remote This allows to drop the workaround that consisted in cleaning journal-upload files and {sysusers.d,tmpfiles.d}/systemd-remote.conf manually when 'journal_remote' support was disabled. - Move journal-{remote,upload}.conf.5.gz man pages into systemd-journal_remote sub package - Make sure {sysusers.d,tmpfiles.d}/systemd-remote.conf are not shipped with --without=journal_remote (bsc#1177458) These files were incorrectly packaged in the main package when systemd-journal_remote was disabled. - Make use of %{_unitdir} and %{_sysusersdir} - Remove mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3462-1 Released: Fri Nov 20 13:14:35 2020 Summary: Recommended update for pam and sudo Type: recommended Severity: moderate References: 1174593,1177858,1178727 This update for pam and sudo fixes the following issue: pam: - pam_xauth: do not *free* a string which has been successfully passed to *putenv*. (bsc#1177858) - Initialize the local variable *daysleft* to avoid a misleading warning for password expire days. (bsc#1178727) - Run /usr/bin/xauth using the old user's and group's identifiers. (bsc#1174593) sudo: - Fix a problem with pam_xauth which checks effective and real uids to get the real identity of the user. (bsc#1174593) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3581-1 Released: Tue Dec 1 14:40:22 2020 Summary: Recommended update for libusb-1_0 Type: recommended Severity: moderate References: 1178376 This update for libusb-1_0 fixes the following issues: - Fixes a build failure for libusb for the inclusion of 'sys/time.h' on PowerPC. (bsc#1178376) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3620-1 Released: Thu Dec 3 17:03:55 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issues: - Check if the password is part of the username. (jsc#SLE-16719, jsc#SLE-16720) - Check whether the password contains a substring of of the user's name of at least `` characters length in some form. This is enabled by the new parameter `usersubstr=` ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3626-1 Released: Fri Dec 4 13:51:46 2020 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1179515 This update for audit fixes the following issues: - Enable Aarch64 processor support. (bsc#1179515) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3703-1 Released: Mon Dec 7 20:17:32 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1179431 This update for aaa_base fixes the following issue: - Avoid semicolon within (t)csh login script on S/390. (bsc#1179431) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3721-1 Released: Wed Dec 9 13:36:46 2020 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1179491,CVE-2020-1971 This update for openssl-1_1 fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3735-1 Released: Wed Dec 9 18:19:24 2020 Summary: Security update for curl Type: security Severity: moderate References: 1179398,1179399,1179593,CVE-2020-8284,CVE-2020-8285,CVE-2020-8286 This update for curl fixes the following issues: - CVE-2020-8286: Fixed improper OSCP verification in the client side (bsc#1179593). - CVE-2020-8285: Fixed a stack overflow due to FTP wildcard (bsc#1179399). - CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP (bsc#1179398). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. From sle-updates at lists.suse.com Mon Jan 4 23:59:34 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jan 2021 07:59:34 +0100 (CET) Subject: SUSE-CU-2021:13-1: Security update of harbor/harbor-test Message-ID: <20210105065934.36251FF0B@maintenance.suse.de> SUSE Container Update Advisory: harbor/harbor-test ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:13-1 Container Tags : harbor/harbor-test:2.1.2 , harbor/harbor-test:2.1.2-rev1 , harbor/harbor-test:2.1.2-rev1-build7.7 Container Release : 7.7 Severity : important Type : security References : 1084671 1098449 1144793 1155094 1168771 1169006 1174091 1174232 1174571 1174593 1174701 1174942 1175514 1175623 1176262 1176262 1177120 1177211 1177458 1177490 1177510 1177533 1177658 1177858 1177864 1177998 1178009 1178168 1178346 1178376 1178387 1178512 1178554 1178727 1178823 1178825 1178882 1178882 1179193 1179193 1179398 1179399 1179431 1179491 1179515 1179593 1179615 1179630 1180138 1180377 CVE-2019-16935 CVE-2019-18348 CVE-2019-20907 CVE-2019-20916 CVE-2019-20916 CVE-2019-5010 CVE-2020-14422 CVE-2020-1971 CVE-2020-25659 CVE-2020-25692 CVE-2020-26116 CVE-2020-26137 CVE-2020-27619 CVE-2020-28196 CVE-2020-8277 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2020-8492 ----------------------------------------------------------------- The container harbor/harbor-test was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3157-1 Released: Wed Nov 4 15:37:05 2020 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1177864 This update for ca-certificates-mozilla fixes the following issues: The SSL Root CA store was updated to the 2.44 state of the Mozilla NSS Certificate store (bsc#1177864) - Removed CAs: - EE Certification Centre Root CA - Taiwan GRCA - Added CAs: - Trustwave Global Certification Authority - Trustwave Global ECC P256 Certification Authority - Trustwave Global ECC P384 Certification Authority ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3290-1 Released: Wed Nov 11 12:25:32 2020 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1174232 This update for findutils fixes the following issues: - Do not unconditionally use leaf optimization for NFS. (bsc#1174232) NFS st_nlink are not accurate on all implementations, leading to aborts() if that assumption is made. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3294-1 Released: Wed Nov 11 12:28:46 2020 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1177998 This update for SLES-release fixes the following issue: - Obsolete Leap 15.2.1 (jump) to allow migration from Jump/Leap 15.2.1 to SLE 15 SP2. (bsc#1177998) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3313-1 Released: Thu Nov 12 16:07:37 2020 Summary: Security update for openldap2 Type: security Severity: important References: 1178387,CVE-2020-25692 This update for openldap2 fixes the following issues: - CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules (bsc#1178387). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3377-1 Released: Thu Nov 19 09:29:32 2020 Summary: Security update for krb5 Type: security Severity: moderate References: 1178512,CVE-2020-28196 This update for krb5 fixes the following security issue: - CVE-2020-28196: Fixed an unbounded recursion via an ASN.1-encoded Kerberos message (bsc#1178512). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3381-1 Released: Thu Nov 19 10:53:38 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1177458,1177490,1177510 This update for systemd fixes the following issues: - build-sys: optionally disable support of journal over the network (bsc#1177458) - ask-password: prevent buffer overflow when reading from keyring (bsc#1177510) - mount: don't propagate errors from mount_setup_unit() further up - Rely on the new build option --disable-remote for journal_remote This allows to drop the workaround that consisted in cleaning journal-upload files and {sysusers.d,tmpfiles.d}/systemd-remote.conf manually when 'journal_remote' support was disabled. - Move journal-{remote,upload}.conf.5.gz man pages into systemd-journal_remote sub package - Make sure {sysusers.d,tmpfiles.d}/systemd-remote.conf are not shipped with --without=journal_remote (bsc#1177458) These files were incorrectly packaged in the main package when systemd-journal_remote was disabled. - Make use of %{_unitdir} and %{_sysusersdir} - Remove mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3462-1 Released: Fri Nov 20 13:14:35 2020 Summary: Recommended update for pam and sudo Type: recommended Severity: moderate References: 1174593,1177858,1178727 This update for pam and sudo fixes the following issue: pam: - pam_xauth: do not *free* a string which has been successfully passed to *putenv*. (bsc#1177858) - Initialize the local variable *daysleft* to avoid a misleading warning for password expire days. (bsc#1178727) - Run /usr/bin/xauth using the old user's and group's identifiers. (bsc#1174593) sudo: - Fix a problem with pam_xauth which checks effective and real uids to get the real identity of the user. (bsc#1174593) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3478-1 Released: Mon Nov 23 09:33:17 2020 Summary: Security update for c-ares Type: security Severity: moderate References: 1178882,CVE-2020-8277 This update for c-ares fixes the following issues: - Version update to 1.17.0 * CVE-2020-8277: Fixed a Denial of Service through DNS request (bsc#1178882) * For further details see https://c-ares.haxx.se/changelog.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3566-1 Released: Mon Nov 30 16:56:52 2020 Summary: Security update for python-setuptools Type: security Severity: important References: 1176262,CVE-2019-20916 This update for python-setuptools fixes the following issues: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3581-1 Released: Tue Dec 1 14:40:22 2020 Summary: Recommended update for libusb-1_0 Type: recommended Severity: moderate References: 1178376 This update for libusb-1_0 fixes the following issues: - Fixes a build failure for libusb for the inclusion of 'sys/time.h' on PowerPC. (bsc#1178376) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3592-1 Released: Wed Dec 2 10:31:34 2020 Summary: Security update for python-cryptography Type: security Severity: moderate References: 1178168,CVE-2020-25659 This update for python-cryptography fixes the following issues: - CVE-2020-25659: Attempted to mitigate Bleichenbacher attacks on RSA decryption (bsc#1178168). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3593-1 Released: Wed Dec 2 10:33:49 2020 Summary: Security update for python3 Type: security Severity: important References: 1176262,1179193,CVE-2019-20916 This update for python3 fixes the following issues: Update to 3.6.12 (bsc#1179193), including: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3616-1 Released: Thu Dec 3 10:56:12 2020 Summary: Recommended update for c-ares Type: recommended Severity: moderate References: 1178882 - Fixed incomplete c-ares-devel dependencies introduced by the privous update (bsc#1178882). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3620-1 Released: Thu Dec 3 17:03:55 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issues: - Check if the password is part of the username. (jsc#SLE-16719, jsc#SLE-16720) - Check whether the password contains a substring of of the user's name of at least `` characters length in some form. This is enabled by the new parameter `usersubstr=` ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3626-1 Released: Fri Dec 4 13:51:46 2020 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1179515 This update for audit fixes the following issues: - Enable Aarch64 processor support. (bsc#1179515) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3703-1 Released: Mon Dec 7 20:17:32 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1179431 This update for aaa_base fixes the following issue: - Avoid semicolon within (t)csh login script on S/390. (bsc#1179431) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3721-1 Released: Wed Dec 9 13:36:46 2020 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1179491,CVE-2020-1971 This update for openssl-1_1 fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3723-1 Released: Wed Dec 9 13:37:55 2020 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1177120,CVE-2020-26137 This update for python-urllib3 fixes the following issues: - CVE-2020-26137: Fixed a CRLF injection via HTTP request method (bsc#1177120). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3735-1 Released: Wed Dec 9 18:19:24 2020 Summary: Security update for curl Type: security Severity: moderate References: 1179398,1179399,1179593,CVE-2020-8284,CVE-2020-8285,CVE-2020-8286 This update for curl fixes the following issues: - CVE-2020-8286: Fixed improper OSCP verification in the client side (bsc#1179593). - CVE-2020-8285: Fixed a stack overflow due to FTP wildcard (bsc#1179399). - CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP (bsc#1179398). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3791-1 Released: Mon Dec 14 17:39:19 2020 Summary: Recommended update for gzip Type: recommended Severity: moderate References: This update for gzip fixes the following issue: - Enable `DFLTCC` (Deflate Conversion Call) compression for s390x for levels 1-6 to `CFLAGS`. (jsc#SLE-13775) Enable by adding `-DDFLTCC_LEVEL_MASK=0x7e` to `CFLAGS`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3860-1 Released: Thu Dec 17 10:47:37 2020 Summary: Recommended update for tcl Type: recommended Severity: moderate References: 1179615 This update for tcl fixes the following issue: - `TCL_LIBS` in `tclConfig.sh` possibly breaks build on newer service packs. (bsc#1179615) It is not needed for linking to a dynamic `libtcl` anyway and now it is empty. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3930-1 Released: Wed Dec 23 18:19:39 2020 Summary: Security update for python3 Type: security Severity: important References: 1155094,1174091,1174571,1174701,1177211,1178009,1179193,1179630,CVE-2019-16935,CVE-2019-18348,CVE-2019-20907,CVE-2019-5010,CVE-2020-14422,CVE-2020-26116,CVE-2020-27619,CVE-2020-8492 This update for python3 fixes the following issues: - Fixed CVE-2020-27619 (bsc#1178009), where Lib/test/multibytecodec_support calls eval() on content retrieved via HTTP. - Change setuptools and pip version numbers according to new wheels - Handful of changes to make python36 compatible with SLE15 and SLE12 (jsc#ECO-2799, jsc#SLE-13738) - add triplets for mips-r6 and riscv - RISC-V needs CTYPES_PASS_BY_REF_HACK Update to 3.6.12 (bsc#1179193) * Ensure python3.dll is loaded from correct locations when Python is embedded * The __hash__() methods of ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 respectively. This resulted in always causing hash collisions. The fix uses hash() to generate hash values for the tuple of (address, mask length, network address). * Prevent http header injection by rejecting control characters in http.client.putrequest(???). * Unpickling invalid NEWOBJ_EX opcode with the C implementation raises now UnpicklingError instead of crashing. * Avoid infinite loop when reading specially crafted TAR files using the tarfile module - This release also fixes CVE-2020-26116 (bsc#1177211) and CVE-2019-20907 (bsc#1174091). Update to 3.6.11: - Disallow CR or LF in email.headerregistry. Address arguments to guard against header injection attacks. - Disallow control characters in hostnames in http.client, addressing CVE-2019-18348. Such potentially malicious header injection URLs now cause a InvalidURL to be raised. (bsc#1155094) - CVE-2020-8492: The AbstractBasicAuthHandler class of the urllib.request module uses an inefficient regular expression which can be exploited by an attacker to cause a denial of service. Fix the regex to prevent the catastrophic backtracking. Vulnerability reported by Ben Caller and Matt Schwager. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3946-1 Released: Tue Dec 29 17:39:54 2020 Summary: Recommended update for python3 Type: recommended Severity: important References: 1180377 This update for python3 fixes the following issues: - A previous update inadvertently removed the 'PyFPE_jbuf' symbol from Python3, which caused regressions in several applications. (bsc#1180377) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:6-1 Released: Mon Jan 4 07:05:06 2021 Summary: Recommended update for libdlm Type: recommended Severity: moderate References: 1098449,1144793,1168771,1177533,1177658 This update for libdlm fixes the following issues: - Rework libdlm3 require with a shared library version tag instead so it propagates to all consuming packages.(bsc#1177658, bsc#1098449) - Add support for type 'uint64_t' to corosync ringid. (bsc#1168771) - Include some fixes/enhancements for dlm_controld. (bsc#1144793) - Fixed an issue where /boot logical volume was accidentally unmounted. (bsc#1177533) From sle-updates at lists.suse.com Tue Jan 5 00:00:35 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jan 2021 08:00:35 +0100 (CET) Subject: SUSE-CU-2021:14-1: Security update of harbor/harbor-trivy-adapter Message-ID: <20210105070035.35950FF0B@maintenance.suse.de> SUSE Container Update Advisory: harbor/harbor-trivy-adapter ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:14-1 Container Tags : harbor/harbor-trivy-adapter:2.1.2 , harbor/harbor-trivy-adapter:2.1.2-rev1 , harbor/harbor-trivy-adapter:2.1.2-rev1-build3.79 Container Release : 3.79 Severity : important Type : security References : 1084671 1098449 1144793 1168771 1169006 1173513 1174232 1174593 1174942 1175514 1175623 1177458 1177490 1177510 1177533 1177658 1177858 1177864 1177939 1177998 1178346 1178376 1178387 1178512 1178554 1178727 1178823 1178825 1179398 1179399 1179431 1179491 1179515 1179593 1180138 CVE-2020-14145 CVE-2020-1971 CVE-2020-25692 CVE-2020-28196 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 ----------------------------------------------------------------- The container harbor/harbor-trivy-adapter was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3157-1 Released: Wed Nov 4 15:37:05 2020 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1177864 This update for ca-certificates-mozilla fixes the following issues: The SSL Root CA store was updated to the 2.44 state of the Mozilla NSS Certificate store (bsc#1177864) - Removed CAs: - EE Certification Centre Root CA - Taiwan GRCA - Added CAs: - Trustwave Global Certification Authority - Trustwave Global ECC P256 Certification Authority - Trustwave Global ECC P384 Certification Authority ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3290-1 Released: Wed Nov 11 12:25:32 2020 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1174232 This update for findutils fixes the following issues: - Do not unconditionally use leaf optimization for NFS. (bsc#1174232) NFS st_nlink are not accurate on all implementations, leading to aborts() if that assumption is made. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3294-1 Released: Wed Nov 11 12:28:46 2020 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1177998 This update for SLES-release fixes the following issue: - Obsolete Leap 15.2.1 (jump) to allow migration from Jump/Leap 15.2.1 to SLE 15 SP2. (bsc#1177998) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3301-1 Released: Thu Nov 12 13:51:02 2020 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1177939 This update for openssh fixes the following issues: - Ensure that only approved DH parameters are used in FIPS mode, to meet NIST 800-56arev3 restrictions. (bsc#1177939). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3313-1 Released: Thu Nov 12 16:07:37 2020 Summary: Security update for openldap2 Type: security Severity: important References: 1178387,CVE-2020-25692 This update for openldap2 fixes the following issues: - CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules (bsc#1178387). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3377-1 Released: Thu Nov 19 09:29:32 2020 Summary: Security update for krb5 Type: security Severity: moderate References: 1178512,CVE-2020-28196 This update for krb5 fixes the following security issue: - CVE-2020-28196: Fixed an unbounded recursion via an ASN.1-encoded Kerberos message (bsc#1178512). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3381-1 Released: Thu Nov 19 10:53:38 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1177458,1177490,1177510 This update for systemd fixes the following issues: - build-sys: optionally disable support of journal over the network (bsc#1177458) - ask-password: prevent buffer overflow when reading from keyring (bsc#1177510) - mount: don't propagate errors from mount_setup_unit() further up - Rely on the new build option --disable-remote for journal_remote This allows to drop the workaround that consisted in cleaning journal-upload files and {sysusers.d,tmpfiles.d}/systemd-remote.conf manually when 'journal_remote' support was disabled. - Move journal-{remote,upload}.conf.5.gz man pages into systemd-journal_remote sub package - Make sure {sysusers.d,tmpfiles.d}/systemd-remote.conf are not shipped with --without=journal_remote (bsc#1177458) These files were incorrectly packaged in the main package when systemd-journal_remote was disabled. - Make use of %{_unitdir} and %{_sysusersdir} - Remove mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3462-1 Released: Fri Nov 20 13:14:35 2020 Summary: Recommended update for pam and sudo Type: recommended Severity: moderate References: 1174593,1177858,1178727 This update for pam and sudo fixes the following issue: pam: - pam_xauth: do not *free* a string which has been successfully passed to *putenv*. (bsc#1177858) - Initialize the local variable *daysleft* to avoid a misleading warning for password expire days. (bsc#1178727) - Run /usr/bin/xauth using the old user's and group's identifiers. (bsc#1174593) sudo: - Fix a problem with pam_xauth which checks effective and real uids to get the real identity of the user. (bsc#1174593) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3581-1 Released: Tue Dec 1 14:40:22 2020 Summary: Recommended update for libusb-1_0 Type: recommended Severity: moderate References: 1178376 This update for libusb-1_0 fixes the following issues: - Fixes a build failure for libusb for the inclusion of 'sys/time.h' on PowerPC. (bsc#1178376) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3620-1 Released: Thu Dec 3 17:03:55 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issues: - Check if the password is part of the username. (jsc#SLE-16719, jsc#SLE-16720) - Check whether the password contains a substring of of the user's name of at least `` characters length in some form. This is enabled by the new parameter `usersubstr=` ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3626-1 Released: Fri Dec 4 13:51:46 2020 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1179515 This update for audit fixes the following issues: - Enable Aarch64 processor support. (bsc#1179515) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3703-1 Released: Mon Dec 7 20:17:32 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1179431 This update for aaa_base fixes the following issue: - Avoid semicolon within (t)csh login script on S/390. (bsc#1179431) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3721-1 Released: Wed Dec 9 13:36:46 2020 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1179491,CVE-2020-1971 This update for openssl-1_1 fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3735-1 Released: Wed Dec 9 18:19:24 2020 Summary: Security update for curl Type: security Severity: moderate References: 1179398,1179399,1179593,CVE-2020-8284,CVE-2020-8285,CVE-2020-8286 This update for curl fixes the following issues: - CVE-2020-8286: Fixed improper OSCP verification in the client side (bsc#1179593). - CVE-2020-8285: Fixed a stack overflow due to FTP wildcard (bsc#1179399). - CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP (bsc#1179398). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3736-1 Released: Wed Dec 9 18:19:58 2020 Summary: Security update for openssh Type: security Severity: moderate References: 1173513,CVE-2020-14145 This update for openssh fixes the following issues: - CVE-2020-14145: Fixed a potential information leak during host key exchange (bsc#1173513). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:6-1 Released: Mon Jan 4 07:05:06 2021 Summary: Recommended update for libdlm Type: recommended Severity: moderate References: 1098449,1144793,1168771,1177533,1177658 This update for libdlm fixes the following issues: - Rework libdlm3 require with a shared library version tag instead so it propagates to all consuming packages.(bsc#1177658, bsc#1098449) - Add support for type 'uint64_t' to corosync ringid. (bsc#1168771) - Include some fixes/enhancements for dlm_controld. (bsc#1144793) - Fixed an issue where /boot logical volume was accidentally unmounted. (bsc#1177533) From sle-updates at lists.suse.com Tue Jan 5 04:16:28 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jan 2021 12:16:28 +0100 (CET) Subject: SUSE-RU-2021:0020-1: moderate: Recommended update for kdump Message-ID: <20210105111628.DE4F4FEDA@maintenance.suse.de> SUSE Recommended Update: Recommended update for kdump ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0020-1 Rating: moderate References: #1108255 #1111207 #1123940 #1125218 #1153601 #1170336 #1173914 #1177196 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This update for kdump fixes the following issues: - Remove `console=hvc0` from command line. (bsc#1173914) - Set serial console from Xen command line. (bsc#1173914) - Remove `noefi` and `acpi_rsdp` for `EFI` firmware. (bsc#1123940, bsc#1170336) - Add `skip_balance` option to `BTRFS` mounts. (bsc#1108255) - Do not add `rd.neednet=1` to `dracut` command line. (bsc#1177196) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-20=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-20=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-20=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-20=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-20=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2021-20=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-20=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): kdump-0.8.16-7.25.1 kdump-debuginfo-0.8.16-7.25.1 kdump-debugsource-0.8.16-7.25.1 - SUSE OpenStack Cloud 8 (x86_64): kdump-0.8.16-7.25.1 kdump-debuginfo-0.8.16-7.25.1 kdump-debugsource-0.8.16-7.25.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): kdump-0.8.16-7.25.1 kdump-debuginfo-0.8.16-7.25.1 kdump-debugsource-0.8.16-7.25.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): kdump-0.8.16-7.25.1 kdump-debuginfo-0.8.16-7.25.1 kdump-debugsource-0.8.16-7.25.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): kdump-0.8.16-7.25.1 kdump-debuginfo-0.8.16-7.25.1 kdump-debugsource-0.8.16-7.25.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): kdump-0.8.16-7.25.1 kdump-debuginfo-0.8.16-7.25.1 kdump-debugsource-0.8.16-7.25.1 - HPE Helion Openstack 8 (x86_64): kdump-0.8.16-7.25.1 kdump-debuginfo-0.8.16-7.25.1 kdump-debugsource-0.8.16-7.25.1 References: https://bugzilla.suse.com/1108255 https://bugzilla.suse.com/1111207 https://bugzilla.suse.com/1123940 https://bugzilla.suse.com/1125218 https://bugzilla.suse.com/1153601 https://bugzilla.suse.com/1170336 https://bugzilla.suse.com/1173914 https://bugzilla.suse.com/1177196 From sle-updates at lists.suse.com Tue Jan 5 04:18:18 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jan 2021 12:18:18 +0100 (CET) Subject: SUSE-RU-2021:0021-1: Recommended update for jsoncpp Message-ID: <20210105111818.E4131FEDA@maintenance.suse.de> SUSE Recommended Update: Recommended update for jsoncpp ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0021-1 Rating: low References: #1178846 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for jsoncpp ships the missing "jsoncpp-devel" package. (bsc#1178846) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-21=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): jsoncpp-debugsource-1.6.5-3.4.1 jsoncpp-devel-1.6.5-3.4.1 libjsoncpp1-1.6.5-3.4.1 libjsoncpp1-debuginfo-1.6.5-3.4.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): jsoncpp-doc-1.6.5-3.4.1 References: https://bugzilla.suse.com/1178846 From sle-updates at lists.suse.com Tue Jan 5 07:15:55 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jan 2021 15:15:55 +0100 (CET) Subject: SUSE-SU-2021:0023-1: moderate: Security update for ceph Message-ID: <20210105141555.A3D9BFEDA@maintenance.suse.de> SUSE Security Update: Security update for ceph ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0023-1 Rating: moderate References: #1178837 #1179139 #1179452 #1179802 #1180118 #1180155 Cross-References: CVE-2020-27781 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Enterprise Storage 6 ______________________________________________________________________________ An update that solves one vulnerability and has 5 fixes is now available. Description: This update for ceph fixes the following issues: Security issues fixed: - CVE-2020-27781: Fixed a privilege escalation via the ceph_volume_client Python interface (bsc#1179802 bsc#1180155). Non-security issues fixed: - Fixes an issue when check in legacy collection reaches end. (bsc#1179139) - Fixes an issue when storage service stops. (bsc#1178837) - Fix for failing test run due to missing module 'six'. (bsc#1179452) - Provide a different name for the fallback allocator in bluestore. (bsc#1180118) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2021-23=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-23=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): ceph-common-14.2.16.402+g7d47dbaf4d-3.57.1 ceph-common-debuginfo-14.2.16.402+g7d47dbaf4d-3.57.1 ceph-debugsource-14.2.16.402+g7d47dbaf4d-3.57.1 libcephfs-devel-14.2.16.402+g7d47dbaf4d-3.57.1 libcephfs2-14.2.16.402+g7d47dbaf4d-3.57.1 libcephfs2-debuginfo-14.2.16.402+g7d47dbaf4d-3.57.1 librados-devel-14.2.16.402+g7d47dbaf4d-3.57.1 librados-devel-debuginfo-14.2.16.402+g7d47dbaf4d-3.57.1 librados2-14.2.16.402+g7d47dbaf4d-3.57.1 librados2-debuginfo-14.2.16.402+g7d47dbaf4d-3.57.1 libradospp-devel-14.2.16.402+g7d47dbaf4d-3.57.1 librbd-devel-14.2.16.402+g7d47dbaf4d-3.57.1 librbd1-14.2.16.402+g7d47dbaf4d-3.57.1 librbd1-debuginfo-14.2.16.402+g7d47dbaf4d-3.57.1 librgw-devel-14.2.16.402+g7d47dbaf4d-3.57.1 librgw2-14.2.16.402+g7d47dbaf4d-3.57.1 librgw2-debuginfo-14.2.16.402+g7d47dbaf4d-3.57.1 python3-ceph-argparse-14.2.16.402+g7d47dbaf4d-3.57.1 python3-cephfs-14.2.16.402+g7d47dbaf4d-3.57.1 python3-cephfs-debuginfo-14.2.16.402+g7d47dbaf4d-3.57.1 python3-rados-14.2.16.402+g7d47dbaf4d-3.57.1 python3-rados-debuginfo-14.2.16.402+g7d47dbaf4d-3.57.1 python3-rbd-14.2.16.402+g7d47dbaf4d-3.57.1 python3-rbd-debuginfo-14.2.16.402+g7d47dbaf4d-3.57.1 python3-rgw-14.2.16.402+g7d47dbaf4d-3.57.1 python3-rgw-debuginfo-14.2.16.402+g7d47dbaf4d-3.57.1 rados-objclass-devel-14.2.16.402+g7d47dbaf4d-3.57.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): ceph-14.2.16.402+g7d47dbaf4d-3.57.1 ceph-base-14.2.16.402+g7d47dbaf4d-3.57.1 ceph-base-debuginfo-14.2.16.402+g7d47dbaf4d-3.57.1 ceph-common-14.2.16.402+g7d47dbaf4d-3.57.1 ceph-common-debuginfo-14.2.16.402+g7d47dbaf4d-3.57.1 ceph-debugsource-14.2.16.402+g7d47dbaf4d-3.57.1 ceph-fuse-14.2.16.402+g7d47dbaf4d-3.57.1 ceph-fuse-debuginfo-14.2.16.402+g7d47dbaf4d-3.57.1 ceph-mds-14.2.16.402+g7d47dbaf4d-3.57.1 ceph-mds-debuginfo-14.2.16.402+g7d47dbaf4d-3.57.1 ceph-mgr-14.2.16.402+g7d47dbaf4d-3.57.1 ceph-mgr-debuginfo-14.2.16.402+g7d47dbaf4d-3.57.1 ceph-mon-14.2.16.402+g7d47dbaf4d-3.57.1 ceph-mon-debuginfo-14.2.16.402+g7d47dbaf4d-3.57.1 ceph-osd-14.2.16.402+g7d47dbaf4d-3.57.1 ceph-osd-debuginfo-14.2.16.402+g7d47dbaf4d-3.57.1 ceph-radosgw-14.2.16.402+g7d47dbaf4d-3.57.1 ceph-radosgw-debuginfo-14.2.16.402+g7d47dbaf4d-3.57.1 cephfs-shell-14.2.16.402+g7d47dbaf4d-3.57.1 libcephfs2-14.2.16.402+g7d47dbaf4d-3.57.1 libcephfs2-debuginfo-14.2.16.402+g7d47dbaf4d-3.57.1 librados2-14.2.16.402+g7d47dbaf4d-3.57.1 librados2-debuginfo-14.2.16.402+g7d47dbaf4d-3.57.1 librbd1-14.2.16.402+g7d47dbaf4d-3.57.1 librbd1-debuginfo-14.2.16.402+g7d47dbaf4d-3.57.1 librgw2-14.2.16.402+g7d47dbaf4d-3.57.1 librgw2-debuginfo-14.2.16.402+g7d47dbaf4d-3.57.1 python3-ceph-argparse-14.2.16.402+g7d47dbaf4d-3.57.1 python3-cephfs-14.2.16.402+g7d47dbaf4d-3.57.1 python3-cephfs-debuginfo-14.2.16.402+g7d47dbaf4d-3.57.1 python3-rados-14.2.16.402+g7d47dbaf4d-3.57.1 python3-rados-debuginfo-14.2.16.402+g7d47dbaf4d-3.57.1 python3-rbd-14.2.16.402+g7d47dbaf4d-3.57.1 python3-rbd-debuginfo-14.2.16.402+g7d47dbaf4d-3.57.1 python3-rgw-14.2.16.402+g7d47dbaf4d-3.57.1 python3-rgw-debuginfo-14.2.16.402+g7d47dbaf4d-3.57.1 rbd-fuse-14.2.16.402+g7d47dbaf4d-3.57.1 rbd-fuse-debuginfo-14.2.16.402+g7d47dbaf4d-3.57.1 rbd-mirror-14.2.16.402+g7d47dbaf4d-3.57.1 rbd-mirror-debuginfo-14.2.16.402+g7d47dbaf4d-3.57.1 rbd-nbd-14.2.16.402+g7d47dbaf4d-3.57.1 rbd-nbd-debuginfo-14.2.16.402+g7d47dbaf4d-3.57.1 - SUSE Enterprise Storage 6 (noarch): ceph-grafana-dashboards-14.2.16.402+g7d47dbaf4d-3.57.1 ceph-mgr-dashboard-14.2.16.402+g7d47dbaf4d-3.57.1 ceph-mgr-diskprediction-local-14.2.16.402+g7d47dbaf4d-3.57.1 ceph-mgr-rook-14.2.16.402+g7d47dbaf4d-3.57.1 ceph-prometheus-alerts-14.2.16.402+g7d47dbaf4d-3.57.1 References: https://www.suse.com/security/cve/CVE-2020-27781.html https://bugzilla.suse.com/1178837 https://bugzilla.suse.com/1179139 https://bugzilla.suse.com/1179452 https://bugzilla.suse.com/1179802 https://bugzilla.suse.com/1180118 https://bugzilla.suse.com/1180155 From sle-updates at lists.suse.com Tue Jan 5 07:17:17 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jan 2021 15:17:17 +0100 (CET) Subject: SUSE-SU-2021:0022-1: moderate: Security update for openssh Message-ID: <20210105141717.D8C2BFEDA@maintenance.suse.de> SUSE Security Update: Security update for openssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0022-1 Rating: moderate References: #1173513 Cross-References: CVE-2020-14145 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssh fixes the following issues: - CVE-2020-14145: Fixed a potential information leak during host key exchange (bsc#1173513). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-22=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-22=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2021-22=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-22=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2021-22=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-22=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-22=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2021-22=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-22=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2021-22=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-22=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): openssh-7.2p2-74.57.1 openssh-askpass-gnome-7.2p2-74.57.1 openssh-askpass-gnome-debuginfo-7.2p2-74.57.1 openssh-debuginfo-7.2p2-74.57.1 openssh-debugsource-7.2p2-74.57.1 openssh-fips-7.2p2-74.57.1 openssh-helpers-7.2p2-74.57.1 openssh-helpers-debuginfo-7.2p2-74.57.1 - SUSE OpenStack Cloud 8 (x86_64): openssh-7.2p2-74.57.1 openssh-askpass-gnome-7.2p2-74.57.1 openssh-askpass-gnome-debuginfo-7.2p2-74.57.1 openssh-debuginfo-7.2p2-74.57.1 openssh-debugsource-7.2p2-74.57.1 openssh-fips-7.2p2-74.57.1 openssh-helpers-7.2p2-74.57.1 openssh-helpers-debuginfo-7.2p2-74.57.1 - SUSE OpenStack Cloud 7 (s390x x86_64): openssh-7.2p2-74.57.1 openssh-askpass-gnome-7.2p2-74.57.1 openssh-askpass-gnome-debuginfo-7.2p2-74.57.1 openssh-debuginfo-7.2p2-74.57.1 openssh-debugsource-7.2p2-74.57.1 openssh-fips-7.2p2-74.57.1 openssh-helpers-7.2p2-74.57.1 openssh-helpers-debuginfo-7.2p2-74.57.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): openssh-7.2p2-74.57.1 openssh-askpass-gnome-7.2p2-74.57.1 openssh-askpass-gnome-debuginfo-7.2p2-74.57.1 openssh-debuginfo-7.2p2-74.57.1 openssh-debugsource-7.2p2-74.57.1 openssh-fips-7.2p2-74.57.1 openssh-helpers-7.2p2-74.57.1 openssh-helpers-debuginfo-7.2p2-74.57.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): openssh-7.2p2-74.57.1 openssh-askpass-gnome-7.2p2-74.57.1 openssh-askpass-gnome-debuginfo-7.2p2-74.57.1 openssh-debuginfo-7.2p2-74.57.1 openssh-debugsource-7.2p2-74.57.1 openssh-fips-7.2p2-74.57.1 openssh-helpers-7.2p2-74.57.1 openssh-helpers-debuginfo-7.2p2-74.57.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): openssh-7.2p2-74.57.1 openssh-askpass-gnome-7.2p2-74.57.1 openssh-askpass-gnome-debuginfo-7.2p2-74.57.1 openssh-debuginfo-7.2p2-74.57.1 openssh-debugsource-7.2p2-74.57.1 openssh-fips-7.2p2-74.57.1 openssh-helpers-7.2p2-74.57.1 openssh-helpers-debuginfo-7.2p2-74.57.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): openssh-7.2p2-74.57.1 openssh-askpass-gnome-7.2p2-74.57.1 openssh-askpass-gnome-debuginfo-7.2p2-74.57.1 openssh-debuginfo-7.2p2-74.57.1 openssh-debugsource-7.2p2-74.57.1 openssh-fips-7.2p2-74.57.1 openssh-helpers-7.2p2-74.57.1 openssh-helpers-debuginfo-7.2p2-74.57.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): openssh-7.2p2-74.57.1 openssh-askpass-gnome-7.2p2-74.57.1 openssh-askpass-gnome-debuginfo-7.2p2-74.57.1 openssh-debuginfo-7.2p2-74.57.1 openssh-debugsource-7.2p2-74.57.1 openssh-fips-7.2p2-74.57.1 openssh-helpers-7.2p2-74.57.1 openssh-helpers-debuginfo-7.2p2-74.57.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): openssh-7.2p2-74.57.1 openssh-askpass-gnome-7.2p2-74.57.1 openssh-askpass-gnome-debuginfo-7.2p2-74.57.1 openssh-debuginfo-7.2p2-74.57.1 openssh-debugsource-7.2p2-74.57.1 openssh-fips-7.2p2-74.57.1 openssh-helpers-7.2p2-74.57.1 openssh-helpers-debuginfo-7.2p2-74.57.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): openssh-7.2p2-74.57.1 openssh-askpass-gnome-7.2p2-74.57.1 openssh-askpass-gnome-debuginfo-7.2p2-74.57.1 openssh-debuginfo-7.2p2-74.57.1 openssh-debugsource-7.2p2-74.57.1 openssh-fips-7.2p2-74.57.1 openssh-helpers-7.2p2-74.57.1 openssh-helpers-debuginfo-7.2p2-74.57.1 - HPE Helion Openstack 8 (x86_64): openssh-7.2p2-74.57.1 openssh-askpass-gnome-7.2p2-74.57.1 openssh-askpass-gnome-debuginfo-7.2p2-74.57.1 openssh-debuginfo-7.2p2-74.57.1 openssh-debugsource-7.2p2-74.57.1 openssh-fips-7.2p2-74.57.1 openssh-helpers-7.2p2-74.57.1 openssh-helpers-debuginfo-7.2p2-74.57.1 References: https://www.suse.com/security/cve/CVE-2020-14145.html https://bugzilla.suse.com/1173513 From sle-updates at lists.suse.com Tue Jan 5 07:18:08 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jan 2021 15:18:08 +0100 (CET) Subject: SUSE-RU-2021:0025-1: moderate: Recommended update for release-notes-ses Message-ID: <20210105141808.9D56AFEDA@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-ses ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0025-1 Rating: moderate References: #1179021 Affected Products: SUSE Enterprise Storage 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for release-notes-ses fixes the following issues: - Added note about rename of tag to in cephadm. (bsc#1179021) - Fixed oversights in Technology Previews section. - Fixed formatting errors. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2021-25=1 Package List: - SUSE Enterprise Storage 7 (noarch): release-notes-ses-7.0.20201204-3.3.1 References: https://bugzilla.suse.com/1179021 From sle-updates at lists.suse.com Tue Jan 5 07:19:00 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jan 2021 15:19:00 +0100 (CET) Subject: SUSE-SU-2021:14198-1: moderate: Security update for python Message-ID: <20210105141900.26E10FEDA@maintenance.suse.de> SUSE Security Update: Security update for python ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14198-1 Rating: moderate References: #1149955 Cross-References: CVE-2019-16056 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python fixes the following issues: Security issue fixed: - CVE-2019-16056: Fixed a parser issue in the email module. (bsc#1149955) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-python-14198=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-python-14198=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-python-14198=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): libpython2_6-1_0-2.6.9-40.32.1 python-2.6.9-40.32.2 python-base-2.6.9-40.32.1 python-curses-2.6.9-40.32.2 python-demo-2.6.9-40.32.2 python-gdbm-2.6.9-40.32.2 python-idle-2.6.9-40.32.2 python-tk-2.6.9-40.32.2 python-xml-2.6.9-40.32.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): libpython2_6-1_0-32bit-2.6.9-40.32.1 python-32bit-2.6.9-40.32.2 python-base-32bit-2.6.9-40.32.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (noarch): python-doc-2.6-8.40.32.1 python-doc-pdf-2.6-8.40.32.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (noarch): python-doc-2.6-8.40.32.1 python-doc-pdf-2.6-8.40.32.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libpython2_6-1_0-2.6.9-40.32.1 python-2.6.9-40.32.2 python-base-2.6.9-40.32.1 python-curses-2.6.9-40.32.2 python-demo-2.6.9-40.32.2 python-gdbm-2.6.9-40.32.2 python-idle-2.6.9-40.32.2 python-tk-2.6.9-40.32.2 python-xml-2.6.9-40.32.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): python-base-debuginfo-2.6.9-40.32.1 python-base-debugsource-2.6.9-40.32.1 python-debuginfo-2.6.9-40.32.2 python-debugsource-2.6.9-40.32.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): python-base-debuginfo-32bit-2.6.9-40.32.1 python-debuginfo-32bit-2.6.9-40.32.2 References: https://www.suse.com/security/cve/CVE-2019-16056.html https://bugzilla.suse.com/1149955 From sle-updates at lists.suse.com Tue Jan 5 10:16:45 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jan 2021 18:16:45 +0100 (CET) Subject: SUSE-RU-2021:0026-1: moderate: Recommended update for libxml2 Message-ID: <20210105171645.C0235FEDA@maintenance.suse.de> SUSE Recommended Update: Recommended update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0026-1 Rating: moderate References: #1178823 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation. (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-26=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-26=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-26=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-26=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2021-26=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-26=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-26=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-26=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2021-26=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-26=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-26=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-26=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-26=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2021-26=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-26=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2021-26=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-26=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): libxml2-doc-2.9.4-46.37.1 - SUSE OpenStack Cloud Crowbar 9 (x86_64): libxml2-2-2.9.4-46.37.1 libxml2-2-32bit-2.9.4-46.37.1 libxml2-2-debuginfo-2.9.4-46.37.1 libxml2-2-debuginfo-32bit-2.9.4-46.37.1 libxml2-debugsource-2.9.4-46.37.1 libxml2-tools-2.9.4-46.37.1 libxml2-tools-debuginfo-2.9.4-46.37.1 python-libxml2-2.9.4-46.37.1 python-libxml2-debuginfo-2.9.4-46.37.1 python-libxml2-debugsource-2.9.4-46.37.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): libxml2-doc-2.9.4-46.37.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libxml2-2-2.9.4-46.37.1 libxml2-2-32bit-2.9.4-46.37.1 libxml2-2-debuginfo-2.9.4-46.37.1 libxml2-2-debuginfo-32bit-2.9.4-46.37.1 libxml2-debugsource-2.9.4-46.37.1 libxml2-tools-2.9.4-46.37.1 libxml2-tools-debuginfo-2.9.4-46.37.1 python-libxml2-2.9.4-46.37.1 python-libxml2-debuginfo-2.9.4-46.37.1 python-libxml2-debugsource-2.9.4-46.37.1 - SUSE OpenStack Cloud 9 (noarch): libxml2-doc-2.9.4-46.37.1 - SUSE OpenStack Cloud 9 (x86_64): libxml2-2-2.9.4-46.37.1 libxml2-2-32bit-2.9.4-46.37.1 libxml2-2-debuginfo-2.9.4-46.37.1 libxml2-2-debuginfo-32bit-2.9.4-46.37.1 libxml2-debugsource-2.9.4-46.37.1 libxml2-tools-2.9.4-46.37.1 libxml2-tools-debuginfo-2.9.4-46.37.1 python-libxml2-2.9.4-46.37.1 python-libxml2-debuginfo-2.9.4-46.37.1 python-libxml2-debugsource-2.9.4-46.37.1 - SUSE OpenStack Cloud 8 (noarch): libxml2-doc-2.9.4-46.37.1 - SUSE OpenStack Cloud 8 (x86_64): libxml2-2-2.9.4-46.37.1 libxml2-2-32bit-2.9.4-46.37.1 libxml2-2-debuginfo-2.9.4-46.37.1 libxml2-2-debuginfo-32bit-2.9.4-46.37.1 libxml2-debugsource-2.9.4-46.37.1 libxml2-tools-2.9.4-46.37.1 libxml2-tools-debuginfo-2.9.4-46.37.1 python-libxml2-2.9.4-46.37.1 python-libxml2-debuginfo-2.9.4-46.37.1 python-libxml2-debugsource-2.9.4-46.37.1 - SUSE OpenStack Cloud 7 (s390x x86_64): libxml2-2-2.9.4-46.37.1 libxml2-2-32bit-2.9.4-46.37.1 libxml2-2-debuginfo-2.9.4-46.37.1 libxml2-2-debuginfo-32bit-2.9.4-46.37.1 libxml2-debugsource-2.9.4-46.37.1 libxml2-tools-2.9.4-46.37.1 libxml2-tools-debuginfo-2.9.4-46.37.1 python-libxml2-2.9.4-46.37.1 python-libxml2-debuginfo-2.9.4-46.37.1 python-libxml2-debugsource-2.9.4-46.37.1 - SUSE OpenStack Cloud 7 (noarch): libxml2-doc-2.9.4-46.37.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libxml2-debugsource-2.9.4-46.37.1 libxml2-devel-2.9.4-46.37.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libxml2-2-2.9.4-46.37.1 libxml2-2-debuginfo-2.9.4-46.37.1 libxml2-debugsource-2.9.4-46.37.1 libxml2-tools-2.9.4-46.37.1 libxml2-tools-debuginfo-2.9.4-46.37.1 python-libxml2-2.9.4-46.37.1 python-libxml2-debuginfo-2.9.4-46.37.1 python-libxml2-debugsource-2.9.4-46.37.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): libxml2-doc-2.9.4-46.37.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libxml2-2-32bit-2.9.4-46.37.1 libxml2-2-debuginfo-32bit-2.9.4-46.37.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libxml2-2-2.9.4-46.37.1 libxml2-2-debuginfo-2.9.4-46.37.1 libxml2-debugsource-2.9.4-46.37.1 libxml2-tools-2.9.4-46.37.1 libxml2-tools-debuginfo-2.9.4-46.37.1 python-libxml2-2.9.4-46.37.1 python-libxml2-debuginfo-2.9.4-46.37.1 python-libxml2-debugsource-2.9.4-46.37.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libxml2-2-32bit-2.9.4-46.37.1 libxml2-2-debuginfo-32bit-2.9.4-46.37.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): libxml2-doc-2.9.4-46.37.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libxml2-2-2.9.4-46.37.1 libxml2-2-debuginfo-2.9.4-46.37.1 libxml2-debugsource-2.9.4-46.37.1 libxml2-tools-2.9.4-46.37.1 libxml2-tools-debuginfo-2.9.4-46.37.1 python-libxml2-2.9.4-46.37.1 python-libxml2-debuginfo-2.9.4-46.37.1 python-libxml2-debugsource-2.9.4-46.37.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): libxml2-doc-2.9.4-46.37.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libxml2-2-32bit-2.9.4-46.37.1 libxml2-2-debuginfo-32bit-2.9.4-46.37.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libxml2-2-2.9.4-46.37.1 libxml2-2-debuginfo-2.9.4-46.37.1 libxml2-debugsource-2.9.4-46.37.1 libxml2-tools-2.9.4-46.37.1 libxml2-tools-debuginfo-2.9.4-46.37.1 python-libxml2-2.9.4-46.37.1 python-libxml2-debuginfo-2.9.4-46.37.1 python-libxml2-debugsource-2.9.4-46.37.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libxml2-2-32bit-2.9.4-46.37.1 libxml2-2-debuginfo-32bit-2.9.4-46.37.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): libxml2-doc-2.9.4-46.37.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libxml2-2-2.9.4-46.37.1 libxml2-2-debuginfo-2.9.4-46.37.1 libxml2-debugsource-2.9.4-46.37.1 libxml2-tools-2.9.4-46.37.1 libxml2-tools-debuginfo-2.9.4-46.37.1 python-libxml2-2.9.4-46.37.1 python-libxml2-debuginfo-2.9.4-46.37.1 python-libxml2-debugsource-2.9.4-46.37.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libxml2-2-32bit-2.9.4-46.37.1 libxml2-2-debuginfo-32bit-2.9.4-46.37.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): libxml2-doc-2.9.4-46.37.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libxml2-2-2.9.4-46.37.1 libxml2-2-debuginfo-2.9.4-46.37.1 libxml2-debugsource-2.9.4-46.37.1 libxml2-tools-2.9.4-46.37.1 libxml2-tools-debuginfo-2.9.4-46.37.1 python-libxml2-2.9.4-46.37.1 python-libxml2-debuginfo-2.9.4-46.37.1 python-libxml2-debugsource-2.9.4-46.37.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libxml2-2-32bit-2.9.4-46.37.1 libxml2-2-debuginfo-32bit-2.9.4-46.37.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): libxml2-doc-2.9.4-46.37.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libxml2-2-2.9.4-46.37.1 libxml2-2-32bit-2.9.4-46.37.1 libxml2-2-debuginfo-2.9.4-46.37.1 libxml2-2-debuginfo-32bit-2.9.4-46.37.1 libxml2-debugsource-2.9.4-46.37.1 libxml2-tools-2.9.4-46.37.1 libxml2-tools-debuginfo-2.9.4-46.37.1 python-libxml2-2.9.4-46.37.1 python-libxml2-debuginfo-2.9.4-46.37.1 python-libxml2-debugsource-2.9.4-46.37.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): libxml2-doc-2.9.4-46.37.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libxml2-2-2.9.4-46.37.1 libxml2-2-debuginfo-2.9.4-46.37.1 libxml2-debugsource-2.9.4-46.37.1 libxml2-tools-2.9.4-46.37.1 libxml2-tools-debuginfo-2.9.4-46.37.1 python-libxml2-2.9.4-46.37.1 python-libxml2-debuginfo-2.9.4-46.37.1 python-libxml2-debugsource-2.9.4-46.37.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libxml2-2-32bit-2.9.4-46.37.1 libxml2-2-debuginfo-32bit-2.9.4-46.37.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): libxml2-doc-2.9.4-46.37.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): libxml2-doc-2.9.4-46.37.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libxml2-2-2.9.4-46.37.1 libxml2-2-32bit-2.9.4-46.37.1 libxml2-2-debuginfo-2.9.4-46.37.1 libxml2-2-debuginfo-32bit-2.9.4-46.37.1 libxml2-debugsource-2.9.4-46.37.1 libxml2-tools-2.9.4-46.37.1 libxml2-tools-debuginfo-2.9.4-46.37.1 python-libxml2-2.9.4-46.37.1 python-libxml2-debuginfo-2.9.4-46.37.1 python-libxml2-debugsource-2.9.4-46.37.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): libxml2-2-2.9.4-46.37.1 libxml2-2-debuginfo-2.9.4-46.37.1 libxml2-debugsource-2.9.4-46.37.1 libxml2-tools-2.9.4-46.37.1 libxml2-tools-debuginfo-2.9.4-46.37.1 python-libxml2-2.9.4-46.37.1 python-libxml2-debuginfo-2.9.4-46.37.1 python-libxml2-debugsource-2.9.4-46.37.1 - SUSE Enterprise Storage 5 (noarch): libxml2-doc-2.9.4-46.37.1 - SUSE Enterprise Storage 5 (x86_64): libxml2-2-32bit-2.9.4-46.37.1 libxml2-2-debuginfo-32bit-2.9.4-46.37.1 - HPE Helion Openstack 8 (x86_64): libxml2-2-2.9.4-46.37.1 libxml2-2-32bit-2.9.4-46.37.1 libxml2-2-debuginfo-2.9.4-46.37.1 libxml2-2-debuginfo-32bit-2.9.4-46.37.1 libxml2-debugsource-2.9.4-46.37.1 libxml2-tools-2.9.4-46.37.1 libxml2-tools-debuginfo-2.9.4-46.37.1 python-libxml2-2.9.4-46.37.1 python-libxml2-debuginfo-2.9.4-46.37.1 python-libxml2-debugsource-2.9.4-46.37.1 - HPE Helion Openstack 8 (noarch): libxml2-doc-2.9.4-46.37.1 References: https://bugzilla.suse.com/1178823 From sle-updates at lists.suse.com Tue Jan 5 13:15:34 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jan 2021 21:15:34 +0100 (CET) Subject: SUSE-SU-2021:0031-1: moderate: Security update for tomcat Message-ID: <20210105201534.51014FF0B@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0031-1 Rating: moderate References: #1179602 Cross-References: CVE-2020-17527 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for tomcat fixes the following issue: - CVE-2020-17527: Fixed a HTTP/2 request header mix-up (bsc#1179602). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-31=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-31=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-31=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-31=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-31=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): tomcat-9.0.36-3.58.1 tomcat-admin-webapps-9.0.36-3.58.1 tomcat-docs-webapp-9.0.36-3.58.1 tomcat-el-3_0-api-9.0.36-3.58.1 tomcat-javadoc-9.0.36-3.58.1 tomcat-jsp-2_3-api-9.0.36-3.58.1 tomcat-lib-9.0.36-3.58.1 tomcat-servlet-4_0-api-9.0.36-3.58.1 tomcat-webapps-9.0.36-3.58.1 - SUSE OpenStack Cloud 9 (noarch): tomcat-9.0.36-3.58.1 tomcat-admin-webapps-9.0.36-3.58.1 tomcat-docs-webapp-9.0.36-3.58.1 tomcat-el-3_0-api-9.0.36-3.58.1 tomcat-javadoc-9.0.36-3.58.1 tomcat-jsp-2_3-api-9.0.36-3.58.1 tomcat-lib-9.0.36-3.58.1 tomcat-servlet-4_0-api-9.0.36-3.58.1 tomcat-webapps-9.0.36-3.58.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): tomcat-9.0.36-3.58.1 tomcat-admin-webapps-9.0.36-3.58.1 tomcat-docs-webapp-9.0.36-3.58.1 tomcat-el-3_0-api-9.0.36-3.58.1 tomcat-javadoc-9.0.36-3.58.1 tomcat-jsp-2_3-api-9.0.36-3.58.1 tomcat-lib-9.0.36-3.58.1 tomcat-servlet-4_0-api-9.0.36-3.58.1 tomcat-webapps-9.0.36-3.58.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): tomcat-9.0.36-3.58.1 tomcat-admin-webapps-9.0.36-3.58.1 tomcat-docs-webapp-9.0.36-3.58.1 tomcat-el-3_0-api-9.0.36-3.58.1 tomcat-javadoc-9.0.36-3.58.1 tomcat-jsp-2_3-api-9.0.36-3.58.1 tomcat-lib-9.0.36-3.58.1 tomcat-servlet-4_0-api-9.0.36-3.58.1 tomcat-webapps-9.0.36-3.58.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): tomcat-9.0.36-3.58.1 tomcat-admin-webapps-9.0.36-3.58.1 tomcat-docs-webapp-9.0.36-3.58.1 tomcat-el-3_0-api-9.0.36-3.58.1 tomcat-javadoc-9.0.36-3.58.1 tomcat-jsp-2_3-api-9.0.36-3.58.1 tomcat-lib-9.0.36-3.58.1 tomcat-servlet-4_0-api-9.0.36-3.58.1 tomcat-webapps-9.0.36-3.58.1 References: https://www.suse.com/security/cve/CVE-2020-17527.html https://bugzilla.suse.com/1179602 From sle-updates at lists.suse.com Tue Jan 5 13:16:32 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jan 2021 21:16:32 +0100 (CET) Subject: SUSE-SU-2021:0028-1: important: Security update for dovecot23 Message-ID: <20210105201632.954C7FF0B@maintenance.suse.de> SUSE Security Update: Security update for dovecot23 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0028-1 Rating: important References: #1174920 #1174922 #1174923 #1180405 #1180406 Cross-References: CVE-2020-12100 CVE-2020-12673 CVE-2020-12674 CVE-2020-24386 CVE-2020-25275 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for dovecot23 fixes the following issues: Security issues fixed: - CVE-2020-12100: Fixed a resource exhaustion caused by deeply nested MIME parts (bsc#1174920). - CVE-2020-12673: Fixed an improper implementation of NTLM that did not check the message buffer size (bsc#1174922). - CVE-2020-12674: Fixed an improper implementation of the RPA mechanism (bsc#1174923). - CVE-2020-24386: Fixed an issue with IMAP hibernation that allowed users to access other users' emails (bsc#1180405). - CVE-2020-25275: Fixed a crash when the 10000th MIME part was message/rfc822 (bsc#1180406). Non-security issues fixed: - Pigeonhole was updated to version 0.5.11. - Dovecot was updated to version 2.3.11.3. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-28=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): dovecot23-2.3.11.3-17.5.1 dovecot23-backend-mysql-2.3.11.3-17.5.1 dovecot23-backend-mysql-debuginfo-2.3.11.3-17.5.1 dovecot23-backend-pgsql-2.3.11.3-17.5.1 dovecot23-backend-pgsql-debuginfo-2.3.11.3-17.5.1 dovecot23-backend-sqlite-2.3.11.3-17.5.1 dovecot23-backend-sqlite-debuginfo-2.3.11.3-17.5.1 dovecot23-debuginfo-2.3.11.3-17.5.1 dovecot23-debugsource-2.3.11.3-17.5.1 dovecot23-devel-2.3.11.3-17.5.1 dovecot23-fts-2.3.11.3-17.5.1 dovecot23-fts-debuginfo-2.3.11.3-17.5.1 dovecot23-fts-lucene-2.3.11.3-17.5.1 dovecot23-fts-lucene-debuginfo-2.3.11.3-17.5.1 dovecot23-fts-solr-2.3.11.3-17.5.1 dovecot23-fts-solr-debuginfo-2.3.11.3-17.5.1 dovecot23-fts-squat-2.3.11.3-17.5.1 dovecot23-fts-squat-debuginfo-2.3.11.3-17.5.1 References: https://www.suse.com/security/cve/CVE-2020-12100.html https://www.suse.com/security/cve/CVE-2020-12673.html https://www.suse.com/security/cve/CVE-2020-12674.html https://www.suse.com/security/cve/CVE-2020-24386.html https://www.suse.com/security/cve/CVE-2020-25275.html https://bugzilla.suse.com/1174920 https://bugzilla.suse.com/1174922 https://bugzilla.suse.com/1174923 https://bugzilla.suse.com/1180405 https://bugzilla.suse.com/1180406 From sle-updates at lists.suse.com Tue Jan 5 13:17:57 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jan 2021 21:17:57 +0100 (CET) Subject: SUSE-RU-2020:3622-2: moderate: Recommended update for sblim-sfcb Message-ID: <20210105201757.69D72FF0B@maintenance.suse.de> SUSE Recommended Update: Recommended update for sblim-sfcb ______________________________________________________________________________ Announcement ID: SUSE-RU-2020:3622-2 Rating: moderate References: #1092281 #1161745 #1178415 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for sblim-sfcb fixes the following issues: - Add a configuration option `sslNoTLSv1_1` to optionally disable TLSv1.1. (bsc#1178415) - Fix intermittent crashes at shutdown. (bsc#1161745) - Fix compile issues with the new `bison`. - Correct additional uninitialized memory usage. - Generate certificates at runtime, not during installation. (bsc#1092281) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-33=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-33=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-33=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-33=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2021-33=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-33=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-33=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2021-33=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-33=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-33=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-33=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2021-33=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-33=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2021-33=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-33=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): sblim-sfcb-1.4.8-17.6.1 sblim-sfcb-debuginfo-1.4.8-17.6.1 sblim-sfcb-debugsource-1.4.8-17.6.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): sblim-sfcb-1.4.8-17.6.1 sblim-sfcb-debuginfo-1.4.8-17.6.1 sblim-sfcb-debugsource-1.4.8-17.6.1 - SUSE OpenStack Cloud 9 (x86_64): sblim-sfcb-1.4.8-17.6.1 sblim-sfcb-debuginfo-1.4.8-17.6.1 sblim-sfcb-debugsource-1.4.8-17.6.1 - SUSE OpenStack Cloud 8 (x86_64): sblim-sfcb-1.4.8-17.6.1 sblim-sfcb-debuginfo-1.4.8-17.6.1 sblim-sfcb-debugsource-1.4.8-17.6.1 - SUSE OpenStack Cloud 7 (s390x x86_64): sblim-sfcb-1.4.8-17.6.1 sblim-sfcb-debuginfo-1.4.8-17.6.1 sblim-sfcb-debugsource-1.4.8-17.6.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): sblim-sfcb-1.4.8-17.6.1 sblim-sfcb-debuginfo-1.4.8-17.6.1 sblim-sfcb-debugsource-1.4.8-17.6.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): sblim-sfcb-1.4.8-17.6.1 sblim-sfcb-debuginfo-1.4.8-17.6.1 sblim-sfcb-debugsource-1.4.8-17.6.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): sblim-sfcb-1.4.8-17.6.1 sblim-sfcb-debuginfo-1.4.8-17.6.1 sblim-sfcb-debugsource-1.4.8-17.6.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): sblim-sfcb-1.4.8-17.6.1 sblim-sfcb-debuginfo-1.4.8-17.6.1 sblim-sfcb-debugsource-1.4.8-17.6.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): sblim-sfcb-1.4.8-17.6.1 sblim-sfcb-debuginfo-1.4.8-17.6.1 sblim-sfcb-debugsource-1.4.8-17.6.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): sblim-sfcb-1.4.8-17.6.1 sblim-sfcb-debuginfo-1.4.8-17.6.1 sblim-sfcb-debugsource-1.4.8-17.6.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): sblim-sfcb-1.4.8-17.6.1 sblim-sfcb-debuginfo-1.4.8-17.6.1 sblim-sfcb-debugsource-1.4.8-17.6.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): sblim-sfcb-1.4.8-17.6.1 sblim-sfcb-debuginfo-1.4.8-17.6.1 sblim-sfcb-debugsource-1.4.8-17.6.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): sblim-sfcb-1.4.8-17.6.1 sblim-sfcb-debuginfo-1.4.8-17.6.1 sblim-sfcb-debugsource-1.4.8-17.6.1 - HPE Helion Openstack 8 (x86_64): sblim-sfcb-1.4.8-17.6.1 sblim-sfcb-debuginfo-1.4.8-17.6.1 sblim-sfcb-debugsource-1.4.8-17.6.1 References: https://bugzilla.suse.com/1092281 https://bugzilla.suse.com/1161745 https://bugzilla.suse.com/1178415 From sle-updates at lists.suse.com Tue Jan 5 13:19:09 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jan 2021 21:19:09 +0100 (CET) Subject: SUSE-SU-2021:0029-1: important: Security update for dovecot23 Message-ID: <20210105201909.88553FF0B@maintenance.suse.de> SUSE Security Update: Security update for dovecot23 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0029-1 Rating: important References: #1174920 #1180405 #1180406 Cross-References: CVE-2020-12100 CVE-2020-24386 CVE-2020-25275 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for dovecot23 fixes the following issues: Security issues fixed: - CVE-2020-12100: Fixed a resource exhaustion caused by deeply nested MIME parts (bsc#1174920). - CVE-2020-24386: Fixed an issue with IMAP hibernation that allowed users to access other users' emails (bsc#1180405). - CVE-2020-25275: Fixed a crash when the 10000th MIME part was message/rfc822 (bsc#1180406). Non-security issues fixed: - Pigeonhole was updated to version 0.5.11. - Dovecot was updated to version 2.3.11.3. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-29=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-29=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-29=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-29=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): dovecot23-2.3.11.3-4.32.1 dovecot23-backend-mysql-2.3.11.3-4.32.1 dovecot23-backend-mysql-debuginfo-2.3.11.3-4.32.1 dovecot23-backend-pgsql-2.3.11.3-4.32.1 dovecot23-backend-pgsql-debuginfo-2.3.11.3-4.32.1 dovecot23-backend-sqlite-2.3.11.3-4.32.1 dovecot23-backend-sqlite-debuginfo-2.3.11.3-4.32.1 dovecot23-debuginfo-2.3.11.3-4.32.1 dovecot23-debugsource-2.3.11.3-4.32.1 dovecot23-devel-2.3.11.3-4.32.1 dovecot23-fts-2.3.11.3-4.32.1 dovecot23-fts-debuginfo-2.3.11.3-4.32.1 dovecot23-fts-lucene-2.3.11.3-4.32.1 dovecot23-fts-lucene-debuginfo-2.3.11.3-4.32.1 dovecot23-fts-solr-2.3.11.3-4.32.1 dovecot23-fts-solr-debuginfo-2.3.11.3-4.32.1 dovecot23-fts-squat-2.3.11.3-4.32.1 dovecot23-fts-squat-debuginfo-2.3.11.3-4.32.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): dovecot23-2.3.11.3-4.32.1 dovecot23-backend-mysql-2.3.11.3-4.32.1 dovecot23-backend-mysql-debuginfo-2.3.11.3-4.32.1 dovecot23-backend-pgsql-2.3.11.3-4.32.1 dovecot23-backend-pgsql-debuginfo-2.3.11.3-4.32.1 dovecot23-backend-sqlite-2.3.11.3-4.32.1 dovecot23-backend-sqlite-debuginfo-2.3.11.3-4.32.1 dovecot23-debuginfo-2.3.11.3-4.32.1 dovecot23-debugsource-2.3.11.3-4.32.1 dovecot23-devel-2.3.11.3-4.32.1 dovecot23-fts-2.3.11.3-4.32.1 dovecot23-fts-debuginfo-2.3.11.3-4.32.1 dovecot23-fts-lucene-2.3.11.3-4.32.1 dovecot23-fts-lucene-debuginfo-2.3.11.3-4.32.1 dovecot23-fts-solr-2.3.11.3-4.32.1 dovecot23-fts-solr-debuginfo-2.3.11.3-4.32.1 dovecot23-fts-squat-2.3.11.3-4.32.1 dovecot23-fts-squat-debuginfo-2.3.11.3-4.32.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): dovecot23-2.3.11.3-4.32.1 dovecot23-backend-mysql-2.3.11.3-4.32.1 dovecot23-backend-mysql-debuginfo-2.3.11.3-4.32.1 dovecot23-backend-pgsql-2.3.11.3-4.32.1 dovecot23-backend-pgsql-debuginfo-2.3.11.3-4.32.1 dovecot23-backend-sqlite-2.3.11.3-4.32.1 dovecot23-backend-sqlite-debuginfo-2.3.11.3-4.32.1 dovecot23-debuginfo-2.3.11.3-4.32.1 dovecot23-debugsource-2.3.11.3-4.32.1 dovecot23-devel-2.3.11.3-4.32.1 dovecot23-fts-2.3.11.3-4.32.1 dovecot23-fts-debuginfo-2.3.11.3-4.32.1 dovecot23-fts-lucene-2.3.11.3-4.32.1 dovecot23-fts-lucene-debuginfo-2.3.11.3-4.32.1 dovecot23-fts-solr-2.3.11.3-4.32.1 dovecot23-fts-solr-debuginfo-2.3.11.3-4.32.1 dovecot23-fts-squat-2.3.11.3-4.32.1 dovecot23-fts-squat-debuginfo-2.3.11.3-4.32.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): dovecot23-2.3.11.3-4.32.1 dovecot23-backend-mysql-2.3.11.3-4.32.1 dovecot23-backend-mysql-debuginfo-2.3.11.3-4.32.1 dovecot23-backend-pgsql-2.3.11.3-4.32.1 dovecot23-backend-pgsql-debuginfo-2.3.11.3-4.32.1 dovecot23-backend-sqlite-2.3.11.3-4.32.1 dovecot23-backend-sqlite-debuginfo-2.3.11.3-4.32.1 dovecot23-debuginfo-2.3.11.3-4.32.1 dovecot23-debugsource-2.3.11.3-4.32.1 dovecot23-devel-2.3.11.3-4.32.1 dovecot23-fts-2.3.11.3-4.32.1 dovecot23-fts-debuginfo-2.3.11.3-4.32.1 dovecot23-fts-lucene-2.3.11.3-4.32.1 dovecot23-fts-lucene-debuginfo-2.3.11.3-4.32.1 dovecot23-fts-solr-2.3.11.3-4.32.1 dovecot23-fts-solr-debuginfo-2.3.11.3-4.32.1 dovecot23-fts-squat-2.3.11.3-4.32.1 dovecot23-fts-squat-debuginfo-2.3.11.3-4.32.1 References: https://www.suse.com/security/cve/CVE-2020-12100.html https://www.suse.com/security/cve/CVE-2020-24386.html https://www.suse.com/security/cve/CVE-2020-25275.html https://bugzilla.suse.com/1174920 https://bugzilla.suse.com/1180405 https://bugzilla.suse.com/1180406 From sle-updates at lists.suse.com Tue Jan 5 13:20:16 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jan 2021 21:20:16 +0100 (CET) Subject: SUSE-SU-2021:0027-1: important: Security update for dovecot23 Message-ID: <20210105202016.38F3AFF0B@maintenance.suse.de> SUSE Security Update: Security update for dovecot23 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0027-1 Rating: important References: #1174920 #1180405 #1180406 Cross-References: CVE-2020-12100 CVE-2020-24386 CVE-2020-25275 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for dovecot23 fixes the following issues: Security issues fixed: - CVE-2020-12100: Fixed a resource exhaustion caused by deeply nested MIME parts (bsc#1174920). - CVE-2020-24386: Fixed an issue with IMAP hibernation that allowed users to access other users' emails (bsc#1180405). - CVE-2020-25275: Fixed a crash when the 10000th MIME part was message/rfc822 (bsc#1180406). Non-security issues fixed: - Pigeonhole was updated to version 0.5.11. - Dovecot was updated to version 2.3.11.3. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2021-27=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): dovecot23-2.3.11.3-21.1 dovecot23-backend-mysql-2.3.11.3-21.1 dovecot23-backend-mysql-debuginfo-2.3.11.3-21.1 dovecot23-backend-pgsql-2.3.11.3-21.1 dovecot23-backend-pgsql-debuginfo-2.3.11.3-21.1 dovecot23-backend-sqlite-2.3.11.3-21.1 dovecot23-backend-sqlite-debuginfo-2.3.11.3-21.1 dovecot23-debuginfo-2.3.11.3-21.1 dovecot23-debugsource-2.3.11.3-21.1 dovecot23-devel-2.3.11.3-21.1 dovecot23-fts-2.3.11.3-21.1 dovecot23-fts-debuginfo-2.3.11.3-21.1 dovecot23-fts-lucene-2.3.11.3-21.1 dovecot23-fts-lucene-debuginfo-2.3.11.3-21.1 dovecot23-fts-solr-2.3.11.3-21.1 dovecot23-fts-solr-debuginfo-2.3.11.3-21.1 dovecot23-fts-squat-2.3.11.3-21.1 dovecot23-fts-squat-debuginfo-2.3.11.3-21.1 References: https://www.suse.com/security/cve/CVE-2020-12100.html https://www.suse.com/security/cve/CVE-2020-24386.html https://www.suse.com/security/cve/CVE-2020-25275.html https://bugzilla.suse.com/1174920 https://bugzilla.suse.com/1180405 https://bugzilla.suse.com/1180406 From sle-updates at lists.suse.com Tue Jan 5 13:21:26 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jan 2021 21:21:26 +0100 (CET) Subject: SUSE-SU-2021:0032-1: moderate: Security update for java-1_8_0-ibm Message-ID: <20210105202126.1C8B7FF0B@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0032-1 Rating: moderate References: #1177943 #1180063 Cross-References: CVE-2020-14779 CVE-2020-14781 CVE-2020-14792 CVE-2020-14796 CVE-2020-14797 CVE-2020-14798 CVE-2020-14803 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 6 Fix Pack 20 [bsc#1180063,bsc#1177943] CVE-2020-14792 CVE-2020-14797 CVE-2020-14781 CVE-2020-14779 CVE-2020-14798 CVE-2020-14796 CVE-2020-14803 * Class libraries: - SOCKETADAPTOR$SOCKETINPUTSTREAM.READ is blocking for more time that the set timeout - Z/OS specific C function send_file is changing the file pointer position * Java Virtual Machine: - Crash on iterate java stack - Java process hang on SIGTERM * JIT Compiler: - JMS performance regression from JDK8 SR5 FP40 TO FP41 * Class Libraries: - z15 high utilization following Z/VM and Linux migration from z14 To z15 * Java Virtual Machine: - Assertion failed when trying to write a class file - Assertion failure at modronapi.cpp - Improve the performance of defining and finding classes * JIT Compiler: - An assert in ppcbinaryencoding.cpp may trigger when running with traps disabled on power - AOT field offset off by n bytes - Segmentation fault in jit module on ibm z platform Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-32=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-32=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-32=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-32=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2021-32=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-32=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-32=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-32=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2021-32=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-32=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-32=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-32=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-32=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2021-32=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-32=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2021-32=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-32=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): java-1_8_0-ibm-1.8.0_sr6.20-30.78.1 java-1_8_0-ibm-alsa-1.8.0_sr6.20-30.78.1 java-1_8_0-ibm-devel-1.8.0_sr6.20-30.78.1 java-1_8_0-ibm-plugin-1.8.0_sr6.20-30.78.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): java-1_8_0-ibm-1.8.0_sr6.20-30.78.1 java-1_8_0-ibm-alsa-1.8.0_sr6.20-30.78.1 java-1_8_0-ibm-devel-1.8.0_sr6.20-30.78.1 java-1_8_0-ibm-plugin-1.8.0_sr6.20-30.78.1 - SUSE OpenStack Cloud 9 (x86_64): java-1_8_0-ibm-1.8.0_sr6.20-30.78.1 java-1_8_0-ibm-alsa-1.8.0_sr6.20-30.78.1 java-1_8_0-ibm-devel-1.8.0_sr6.20-30.78.1 java-1_8_0-ibm-plugin-1.8.0_sr6.20-30.78.1 - SUSE OpenStack Cloud 8 (x86_64): java-1_8_0-ibm-1.8.0_sr6.20-30.78.1 java-1_8_0-ibm-alsa-1.8.0_sr6.20-30.78.1 java-1_8_0-ibm-devel-1.8.0_sr6.20-30.78.1 java-1_8_0-ibm-plugin-1.8.0_sr6.20-30.78.1 - SUSE OpenStack Cloud 7 (s390x x86_64): java-1_8_0-ibm-1.8.0_sr6.20-30.78.1 java-1_8_0-ibm-devel-1.8.0_sr6.20-30.78.1 - SUSE OpenStack Cloud 7 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr6.20-30.78.1 java-1_8_0-ibm-plugin-1.8.0_sr6.20-30.78.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (ppc64le s390x x86_64): java-1_8_0-ibm-devel-1.8.0_sr6.20-30.78.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): java-1_8_0-ibm-1.8.0_sr6.20-30.78.1 java-1_8_0-ibm-devel-1.8.0_sr6.20-30.78.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr6.20-30.78.1 java-1_8_0-ibm-plugin-1.8.0_sr6.20-30.78.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): java-1_8_0-ibm-1.8.0_sr6.20-30.78.1 java-1_8_0-ibm-devel-1.8.0_sr6.20-30.78.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr6.20-30.78.1 java-1_8_0-ibm-plugin-1.8.0_sr6.20-30.78.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): java-1_8_0-ibm-1.8.0_sr6.20-30.78.1 java-1_8_0-ibm-devel-1.8.0_sr6.20-30.78.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr6.20-30.78.1 java-1_8_0-ibm-plugin-1.8.0_sr6.20-30.78.1 - SUSE Linux Enterprise Server 12-SP5 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr6.20-30.78.1 java-1_8_0-ibm-devel-1.8.0_sr6.20-30.78.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr6.20-30.78.1 java-1_8_0-ibm-plugin-1.8.0_sr6.20-30.78.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr6.20-30.78.1 java-1_8_0-ibm-devel-1.8.0_sr6.20-30.78.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr6.20-30.78.1 java-1_8_0-ibm-plugin-1.8.0_sr6.20-30.78.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr6.20-30.78.1 java-1_8_0-ibm-devel-1.8.0_sr6.20-30.78.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr6.20-30.78.1 java-1_8_0-ibm-plugin-1.8.0_sr6.20-30.78.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): java-1_8_0-ibm-1.8.0_sr6.20-30.78.1 java-1_8_0-ibm-alsa-1.8.0_sr6.20-30.78.1 java-1_8_0-ibm-devel-1.8.0_sr6.20-30.78.1 java-1_8_0-ibm-plugin-1.8.0_sr6.20-30.78.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr6.20-30.78.1 java-1_8_0-ibm-devel-1.8.0_sr6.20-30.78.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr6.20-30.78.1 java-1_8_0-ibm-plugin-1.8.0_sr6.20-30.78.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): java-1_8_0-ibm-1.8.0_sr6.20-30.78.1 java-1_8_0-ibm-alsa-1.8.0_sr6.20-30.78.1 java-1_8_0-ibm-devel-1.8.0_sr6.20-30.78.1 java-1_8_0-ibm-plugin-1.8.0_sr6.20-30.78.1 - SUSE Enterprise Storage 5 (x86_64): java-1_8_0-ibm-1.8.0_sr6.20-30.78.1 java-1_8_0-ibm-alsa-1.8.0_sr6.20-30.78.1 java-1_8_0-ibm-devel-1.8.0_sr6.20-30.78.1 java-1_8_0-ibm-plugin-1.8.0_sr6.20-30.78.1 - HPE Helion Openstack 8 (x86_64): java-1_8_0-ibm-1.8.0_sr6.20-30.78.1 java-1_8_0-ibm-alsa-1.8.0_sr6.20-30.78.1 java-1_8_0-ibm-devel-1.8.0_sr6.20-30.78.1 java-1_8_0-ibm-plugin-1.8.0_sr6.20-30.78.1 References: https://www.suse.com/security/cve/CVE-2020-14779.html https://www.suse.com/security/cve/CVE-2020-14781.html https://www.suse.com/security/cve/CVE-2020-14792.html https://www.suse.com/security/cve/CVE-2020-14796.html https://www.suse.com/security/cve/CVE-2020-14797.html https://www.suse.com/security/cve/CVE-2020-14798.html https://www.suse.com/security/cve/CVE-2020-14803.html https://bugzilla.suse.com/1177943 https://bugzilla.suse.com/1180063 From sle-updates at lists.suse.com Tue Jan 5 13:22:30 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Jan 2021 21:22:30 +0100 (CET) Subject: SUSE-SU-2021:14592-1: moderate: Security update for clamav Message-ID: <20210105202230.D8AB9FF0B@maintenance.suse.de> SUSE Security Update: Security update for clamav ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14592-1 Rating: moderate References: #1118459 #1171981 #1174250 #1174255 ECO-3010 Cross-References: CVE-2020-3123 CVE-2020-3327 CVE-2020-3341 CVE-2020-3350 CVE-2020-3481 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes 5 vulnerabilities, contains one feature is now available. Description: This update for clamav fixes the following issues: - Update to 0.103.0 to implement jsc#ECO-3010 and bsc#1118459 - This update incorporates incompatible changes that were introduced in version 0.101.0. - Accumulated security fixes: * CVE-2020-3350: Fix a vulnerability wherein a malicious user could replace a scan target's directory with a symlink to another path to trick clamscan, clamdscan, or clamonacc into removing or moving a different file (eg. a critical system file). The issue would affect users that use the --move or --remove options for clamscan, clamdscan, and clamonacc. (bsc#1174255) * CVE-2020-3327: Fix a vulnerability in the ARJ archive parsing module in ClamAV 0.102.3 that could cause a Denial-of-Service (DoS) condition. Improper bounds checking results in an out-of-bounds read which could cause a crash. The previous fix for this CVE in 0.102.3 was incomplete. This fix correctly resolves the issue. * CVE-2020-3481: Fix a vulnerability in the EGG archive module in ClamAV 0.102.0 - 0.102.3 could cause a Denial-of-Service (DoS) condition. Improper error handling may result in a crash due to a NULL pointer dereference. This vulnerability is mitigated for those using the official ClamAV signature databases because the file type signatures in daily.cvd will not enable the EGG archive parser in versions affected by the vulnerability. (bsc#1174250) * CVE-2020-3341: Fix a vulnerability in the PDF parsing module in ClamAV 0.101 - 0.102.2 that could cause a Denial-of-Service (DoS) condition. Improper size checking of a buffer used to initialize AES decryption routines results in an out-of-bounds read which may cause a crash. (bsc#1171981) * CVE-2020-3123: A denial-of-service (DoS) condition may occur when using the optional credit card data-loss-prevention (DLP) feature. Improper bounds checking of an unsigned variable resulted in an out-of-bounds read, which causes a crash. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-clamav-14592=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-clamav-14592=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-clamav-14592=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-clamav-14592=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): clamav-0.103.0-0.20.32.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): clamav-0.103.0-0.20.32.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): clamav-debuginfo-0.103.0-0.20.32.1 clamav-debugsource-0.103.0-0.20.32.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): clamav-debuginfo-0.103.0-0.20.32.1 clamav-debugsource-0.103.0-0.20.32.1 References: https://www.suse.com/security/cve/CVE-2020-3123.html https://www.suse.com/security/cve/CVE-2020-3327.html https://www.suse.com/security/cve/CVE-2020-3341.html https://www.suse.com/security/cve/CVE-2020-3350.html https://www.suse.com/security/cve/CVE-2020-3481.html https://bugzilla.suse.com/1118459 https://bugzilla.suse.com/1171981 https://bugzilla.suse.com/1174250 https://bugzilla.suse.com/1174255 From sle-updates at lists.suse.com Tue Jan 5 23:52:27 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Jan 2021 07:52:27 +0100 (CET) Subject: SUSE-CU-2021:16-1: Recommended update of suse/sles12sp5 Message-ID: <20210106065227.56CF8FEDA@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:16-1 Container Tags : suse/sles12sp5:6.5.116 , suse/sles12sp5:latest Container Release : 6.5.116 Severity : moderate Type : recommended References : 1178823 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:26-1 Released: Tue Jan 5 14:18:00 2021 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation. (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. From sle-updates at lists.suse.com Wed Jan 6 10:15:27 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Jan 2021 18:15:27 +0100 (CET) Subject: SUSE-RU-2021:0037-1: important: Recommended update for plymouth Message-ID: <20210106171527.88DA2FEDA@maintenance.suse.de> SUSE Recommended Update: Recommended update for plymouth ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0037-1 Rating: important References: #1051692 #1105688 #1129386 #1134660 #1138248 #1164123 #1170906 #1172028 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This update for plymouth fixes the following issues: - Avoid calling nsslookup on grantpt() to fix the system hanging while trying to unmount /var on shutdown. (bsc#1105688, bsc#1129386, bsc#1134660) - two-step: Deal with buggy firmwares which do not pre-rotate the bgrt image. - internationalization: Add zh_HK and zh_TW translations. - Add a delay time of 8 seconds to fit AMD graphics cards. - Disable building upstart-monitor as it is not used in SUSE Linux. - Obsolete unused plymouth render plugin for Xwindows. - two-step: Add support for firmware-splashes with rotation status bits set. - Add dependency to dracut for plymouth-scripts. (bsc#1138248) - Change default openSUSE theme to bgrt - themes: Update spinner and bgrt background settings. - Do not output in serial console for openQA (as it needs to take the serial for testing). (bsc#1051692, bsc#1164123, bsc#1170906) - Fix a problem that was causing the plymouth theme with script module not to go to graphical mode. (bsc#1172028) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2021-37=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-37=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2021-37=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (aarch64 ppc64le s390x x86_64): plymouth-debuginfo-0.9.5+git20190908+3abfab2-3.14.1 plymouth-debugsource-0.9.5+git20190908+3abfab2-3.14.1 plymouth-plugin-label-ft-0.9.5+git20190908+3abfab2-3.14.1 plymouth-plugin-label-ft-debuginfo-0.9.5+git20190908+3abfab2-3.14.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libply-boot-client5-0.9.5+git20190908+3abfab2-3.14.1 libply-boot-client5-debuginfo-0.9.5+git20190908+3abfab2-3.14.1 libply-splash-core5-0.9.5+git20190908+3abfab2-3.14.1 libply-splash-core5-debuginfo-0.9.5+git20190908+3abfab2-3.14.1 libply-splash-graphics5-0.9.5+git20190908+3abfab2-3.14.1 libply-splash-graphics5-debuginfo-0.9.5+git20190908+3abfab2-3.14.1 libply5-0.9.5+git20190908+3abfab2-3.14.1 libply5-debuginfo-0.9.5+git20190908+3abfab2-3.14.1 plymouth-0.9.5+git20190908+3abfab2-3.14.1 plymouth-debuginfo-0.9.5+git20190908+3abfab2-3.14.1 plymouth-debugsource-0.9.5+git20190908+3abfab2-3.14.1 plymouth-devel-0.9.5+git20190908+3abfab2-3.14.1 plymouth-dracut-0.9.5+git20190908+3abfab2-3.14.1 plymouth-plugin-label-0.9.5+git20190908+3abfab2-3.14.1 plymouth-plugin-label-debuginfo-0.9.5+git20190908+3abfab2-3.14.1 plymouth-plugin-label-ft-0.9.5+git20190908+3abfab2-3.14.1 plymouth-plugin-label-ft-debuginfo-0.9.5+git20190908+3abfab2-3.14.1 plymouth-plugin-script-0.9.5+git20190908+3abfab2-3.14.1 plymouth-plugin-script-debuginfo-0.9.5+git20190908+3abfab2-3.14.1 plymouth-scripts-0.9.5+git20190908+3abfab2-3.14.1 plymouth-x11-renderer-0.9.5+git20190908+3abfab2-3.14.1 plymouth-x11-renderer-debuginfo-0.9.5+git20190908+3abfab2-3.14.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libply-boot-client5-0.9.5+git20190908+3abfab2-3.14.1 libply-boot-client5-debuginfo-0.9.5+git20190908+3abfab2-3.14.1 libply-splash-core5-0.9.5+git20190908+3abfab2-3.14.1 libply-splash-core5-debuginfo-0.9.5+git20190908+3abfab2-3.14.1 libply-splash-graphics5-0.9.5+git20190908+3abfab2-3.14.1 libply-splash-graphics5-debuginfo-0.9.5+git20190908+3abfab2-3.14.1 libply5-0.9.5+git20190908+3abfab2-3.14.1 libply5-debuginfo-0.9.5+git20190908+3abfab2-3.14.1 plymouth-0.9.5+git20190908+3abfab2-3.14.1 plymouth-debuginfo-0.9.5+git20190908+3abfab2-3.14.1 plymouth-debugsource-0.9.5+git20190908+3abfab2-3.14.1 plymouth-devel-0.9.5+git20190908+3abfab2-3.14.1 plymouth-dracut-0.9.5+git20190908+3abfab2-3.14.1 plymouth-plugin-label-0.9.5+git20190908+3abfab2-3.14.1 plymouth-plugin-label-debuginfo-0.9.5+git20190908+3abfab2-3.14.1 plymouth-plugin-script-0.9.5+git20190908+3abfab2-3.14.1 plymouth-plugin-script-debuginfo-0.9.5+git20190908+3abfab2-3.14.1 plymouth-scripts-0.9.5+git20190908+3abfab2-3.14.1 plymouth-x11-renderer-0.9.5+git20190908+3abfab2-3.14.1 plymouth-x11-renderer-debuginfo-0.9.5+git20190908+3abfab2-3.14.1 References: https://bugzilla.suse.com/1051692 https://bugzilla.suse.com/1105688 https://bugzilla.suse.com/1129386 https://bugzilla.suse.com/1134660 https://bugzilla.suse.com/1138248 https://bugzilla.suse.com/1164123 https://bugzilla.suse.com/1170906 https://bugzilla.suse.com/1172028 From sle-updates at lists.suse.com Wed Jan 6 10:17:10 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Jan 2021 18:17:10 +0100 (CET) Subject: SUSE-RU-2021:0036-1: important: Recommended update for release-notes-sle_hpc Message-ID: <20210106171710.9E89FFEDA@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sle_hpc ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0036-1 Rating: important References: #1123633 #1173308 #1180158 Affected Products: SUSE Linux Enterprise Module for HPC 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for release-notes-sle_hpc fixes the following issues: - 15.2.20201217 (tracked in bsc#1180158) - Update displayed product name to "SUSE Linux Enterprise High-Performance Computing" - Many corrections, clarity, wording, and markup improvements - Added notes: - Contents of the HPC module - Contents of the NVIDIA Compute module - The Python 2 module needs to be installed (bsc#1173308, bsc#1123633) - Added tools/libraries: - Boost - Updated tools/libraries: - Lmod - HPC flavor of Boost - HPC flavor of pnetcdf - netcdf-cxx4 - ScaLAPACK - IMB (Intel MPI Benchmarks) - netcdf - Trilinos - PETSc - Slurm, including subnotes on configuration changes, slurm-webdoc, and PMIx support - MUNGE - ConMan - SciPy - clustduct - ganglia-web - SCOTCH - Removed tool: - ohpc - Usage notes: - ADIOS - Boost - HYPRE - MPI library implementations - mpiP - MUMPS - pnetcdf - SCOTCH - Slurm update workflow - SuperLU - Trilinos - Removed notes: - Description of ohpc, as ohpc is no longer shipped - Changed notes: - Updated system roles, the default root file system is now Btrfs - The update notes for libfabric, rdma-core, and openmpi3 have been moved to the AWS section - The update notes for hwloc have been expanded - The update notes for memkind have been expanded - The update notes for genders have been expanded - Updated and expanded GCC note - Updated list of available MPI implementations - Updated list of master packages of HPC libraries for different MPI implementations - Ganglia web interface no longer needs the Web and Scripting module - The description of MUNGE has been expanded Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 15-SP2: zypper in -t patch SUSE-SLE-Module-HPC-15-SP2-2021-36=1 - SUSE Linux Enterprise High Performance Computing 15-SP2: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-2021-36=1 Package List: - SUSE Linux Enterprise Module for HPC 15-SP2 (noarch): release-notes-sle_hpc-15.200000000.20201217-3.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP2 (noarch): release-notes-sle_hpc-15.200000000.20201217-3.6.1 References: https://bugzilla.suse.com/1123633 https://bugzilla.suse.com/1173308 https://bugzilla.suse.com/1180158 From sle-updates at lists.suse.com Wed Jan 6 10:18:21 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Jan 2021 18:18:21 +0100 (CET) Subject: SUSE-RU-2021:0035-1: moderate: Recommended update for taglib Message-ID: <20210106171821.D0BBFFEDA@maintenance.suse.de> SUSE Recommended Update: Recommended update for taglib ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0035-1 Rating: moderate References: #1179817 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for taglib fixes the following issues: - Fixed a possible file corruption of ogg files (bsc#1179817, gh#taglib/taglib#864): Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-35=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2021-35=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-35=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2021-35=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-35=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2021-35=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): taglib-1.11.1-4.9.1 taglib-debuginfo-1.11.1-4.9.1 taglib-debugsource-1.11.1-4.9.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (aarch64 ppc64le s390x x86_64): taglib-1.11.1-4.9.1 taglib-debuginfo-1.11.1-4.9.1 taglib-debugsource-1.11.1-4.9.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): libtag-devel-1.11.1-4.9.1 libtag_c0-1.11.1-4.9.1 libtag_c0-debuginfo-1.11.1-4.9.1 taglib-debuginfo-1.11.1-4.9.1 taglib-debugsource-1.11.1-4.9.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): libtag-devel-1.11.1-4.9.1 libtag_c0-1.11.1-4.9.1 libtag_c0-debuginfo-1.11.1-4.9.1 taglib-debuginfo-1.11.1-4.9.1 taglib-debugsource-1.11.1-4.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libtag1-1.11.1-4.9.1 libtag1-debuginfo-1.11.1-4.9.1 taglib-debuginfo-1.11.1-4.9.1 taglib-debugsource-1.11.1-4.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libtag1-1.11.1-4.9.1 libtag1-debuginfo-1.11.1-4.9.1 taglib-debuginfo-1.11.1-4.9.1 taglib-debugsource-1.11.1-4.9.1 References: https://bugzilla.suse.com/1179817 From sle-updates at lists.suse.com Thu Jan 7 07:17:03 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jan 2021 15:17:03 +0100 (CET) Subject: SUSE-SU-2021:0038-1: important: Security update for python-paramiko Message-ID: <20210107141703.C7B95FEDA@maintenance.suse.de> SUSE Security Update: Security update for python-paramiko ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0038-1 Rating: important References: #1111151 Cross-References: CVE-2018-1000805 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-paramiko fixes the following issue: - CVE-2018-1000805: Fixed an authentication bypass in auth_handler.py (bsc#1111151). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2021-38=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-paramiko-2.1.3-9.6.1 python3-paramiko-2.1.3-9.6.1 References: https://www.suse.com/security/cve/CVE-2018-1000805.html https://bugzilla.suse.com/1111151 From sle-updates at lists.suse.com Thu Jan 7 07:18:07 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jan 2021 15:18:07 +0100 (CET) Subject: SUSE-SU-2021:0040-1: moderate: Security update for tomcat Message-ID: <20210107141807.8D99EFEDA@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0040-1 Rating: moderate References: #1092163 #1172562 #1177582 #1178396 #1179602 Cross-References: CVE-2020-13943 CVE-2020-17527 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that solves two vulnerabilities and has three fixes is now available. Description: This update for tomcat fixes the following issues: Security issues fixed: - CVE-2020-13943: Fixed a HTTP/2 Request mix-up (bsc#1177582). - CVE-2020-17527: Fixed a HTTP/2 request header mix-up (bsc#1179602). Non-security issue fixed: - Removed tomcat-9.0.init and /usr/lib/tmpfiles.d/tomcat.conf from package. They're not used anymore becuse of systemd (bsc#1178396). - Fixed 'tomcat-servlet-4_0-api' package alternatives to use and keep a symlink for compatibility (bsc#1092163). - Don't give write permissions for the tomcat group on files and directories where it's not needed (bsc#1172562). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-40=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-40=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-40=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-40=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (noarch): tomcat-9.0.36-3.74.1 tomcat-admin-webapps-9.0.36-3.74.1 tomcat-el-3_0-api-9.0.36-3.74.1 tomcat-jsp-2_3-api-9.0.36-3.74.1 tomcat-lib-9.0.36-3.74.1 tomcat-servlet-4_0-api-9.0.36-3.74.1 tomcat-webapps-9.0.36-3.74.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): tomcat-9.0.36-3.74.1 tomcat-admin-webapps-9.0.36-3.74.1 tomcat-el-3_0-api-9.0.36-3.74.1 tomcat-jsp-2_3-api-9.0.36-3.74.1 tomcat-lib-9.0.36-3.74.1 tomcat-servlet-4_0-api-9.0.36-3.74.1 tomcat-webapps-9.0.36-3.74.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): tomcat-9.0.36-3.74.1 tomcat-admin-webapps-9.0.36-3.74.1 tomcat-el-3_0-api-9.0.36-3.74.1 tomcat-jsp-2_3-api-9.0.36-3.74.1 tomcat-lib-9.0.36-3.74.1 tomcat-servlet-4_0-api-9.0.36-3.74.1 tomcat-webapps-9.0.36-3.74.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): tomcat-9.0.36-3.74.1 tomcat-admin-webapps-9.0.36-3.74.1 tomcat-el-3_0-api-9.0.36-3.74.1 tomcat-jsp-2_3-api-9.0.36-3.74.1 tomcat-lib-9.0.36-3.74.1 tomcat-servlet-4_0-api-9.0.36-3.74.1 tomcat-webapps-9.0.36-3.74.1 References: https://www.suse.com/security/cve/CVE-2020-13943.html https://www.suse.com/security/cve/CVE-2020-17527.html https://bugzilla.suse.com/1092163 https://bugzilla.suse.com/1172562 https://bugzilla.suse.com/1177582 https://bugzilla.suse.com/1178396 https://bugzilla.suse.com/1179602 From sle-updates at lists.suse.com Thu Jan 7 07:19:33 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jan 2021 15:19:33 +0100 (CET) Subject: SUSE-SU-2021:0041-1: moderate: Security update for tomcat Message-ID: <20210107141933.0EBF1FEDA@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0041-1 Rating: moderate References: #1179602 Cross-References: CVE-2020-17527 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for tomcat fixes the following issue: - CVE-2020-17527: Fixed a HTTP/2 request header mix-up (bsc#1179602). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP2: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP2-2021-41=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP2 (noarch): tomcat-9.0.36-3.18.1 tomcat-admin-webapps-9.0.36-3.18.1 tomcat-el-3_0-api-9.0.36-3.18.1 tomcat-jsp-2_3-api-9.0.36-3.18.1 tomcat-lib-9.0.36-3.18.1 tomcat-servlet-4_0-api-9.0.36-3.18.1 tomcat-webapps-9.0.36-3.18.1 References: https://www.suse.com/security/cve/CVE-2020-17527.html https://bugzilla.suse.com/1179602 From sle-updates at lists.suse.com Thu Jan 7 07:20:33 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Jan 2021 15:20:33 +0100 (CET) Subject: SUSE-SU-2021:0042-1: moderate: Security update for tomcat Message-ID: <20210107142033.F1B8DFEDA@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0042-1 Rating: moderate References: #1179602 Cross-References: CVE-2020-17527 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for tomcat fixes the following issue: - CVE-2020-17527: Fixed a HTTP/2 request header mix-up (bsc#1179602). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP1: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP1-2021-42=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP1 (noarch): tomcat-9.0.36-4.53.1 tomcat-admin-webapps-9.0.36-4.53.1 tomcat-el-3_0-api-9.0.36-4.53.1 tomcat-jsp-2_3-api-9.0.36-4.53.1 tomcat-lib-9.0.36-4.53.1 tomcat-servlet-4_0-api-9.0.36-4.53.1 tomcat-webapps-9.0.36-4.53.1 References: https://www.suse.com/security/cve/CVE-2020-17527.html https://bugzilla.suse.com/1179602 From sle-updates at lists.suse.com Thu Jan 7 16:16:09 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 8 Jan 2021 00:16:09 +0100 (CET) Subject: SUSE-RU-2021:0044-1: moderate: Recommended update for release-notes-sles Message-ID: <20210107231609.19888FEDA@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0044-1 Rating: moderate References: #1180181 ECO-2878 SLE-11089 SLE-11439 SLE-12396 SLE-16745 Affected Products: SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Installer 15-SP2 ______________________________________________________________________________ An update that has one recommended fix and contains 5 features can now be installed. Description: This update for release-notes-sles fixes the following issues: - 15.2.20201217 (tracked in bsc#1180181) - Added note about NIVIDA Compute Module (jsc#ECO-2878) - Added note about Git update (jsc#SLE-12396) - Added note about kernel time namespaces (jsc#SLE-11439) - Added note about KubeVirt as technology preview (jsc#SLE-11089) - Updated Python 2 note: Python 2 is scheduled for removal with SLE 15 SP4 (jsc#SLE-16745) - Updated spice-gtk PulseAudio back-end note: package is scheduled for removal with SLE 15 SP3 - Improved terminology, other minor changes Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-2021-44=1 - SUSE Linux Enterprise Installer 15-SP2: zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2021-44=1 Package List: - SUSE Linux Enterprise Server 15-SP2 (noarch): release-notes-sles-15.2.20201217-3.9.1 - SUSE Linux Enterprise Installer 15-SP2 (noarch): release-notes-sles-15.2.20201217-3.9.1 References: https://bugzilla.suse.com/1180181 From sle-updates at lists.suse.com Thu Jan 7 16:17:14 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 8 Jan 2021 00:17:14 +0100 (CET) Subject: SUSE-RU-2021:0043-1: Recommended update for jakarta-commons-dbcp Message-ID: <20210107231714.064C2FEDA@maintenance.suse.de> SUSE Recommended Update: Recommended update for jakarta-commons-dbcp ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0043-1 Rating: low References: #954603 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for jakarta-commons-dbcp removes Tomcat from the package's dependency list. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-43=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (noarch): jakarta-commons-dbcp-1.2.2-111.4.117 jakarta-commons-dbcp-javadoc-1.2.2-111.4.117 References: https://bugzilla.suse.com/954603 From sle-updates at lists.suse.com Thu Jan 7 23:52:42 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 8 Jan 2021 07:52:42 +0100 (CET) Subject: SUSE-CU-2021:17-1: Security update of ses/6/cephcsi/cephcsi Message-ID: <20210108065242.8FBB6FEDA@maintenance.suse.de> SUSE Container Update Advisory: ses/6/cephcsi/cephcsi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:17-1 Container Tags : ses/6/cephcsi/cephcsi:1.2.0.0 , ses/6/cephcsi/cephcsi:1.2.0.0.1.5.338 , ses/6/cephcsi/cephcsi:latest Container Release : 1.5.338 Severity : important Type : security References : 1084671 1123327 1145276 1150164 1155094 1158499 1160158 1160790 1161088 1161089 1161198 1161203 1161670 1161913 1163569 1165281 1165534 1166848 1167939 1169006 1169134 1170487 1172546 1172695 1172798 1173503 1174091 1174232 1174571 1174591 1174593 1174701 1174918 1174918 1174942 1175061 1175110 1175240 1175514 1175585 1175623 1175781 1175847 1176116 1176192 1176192 1176256 1176257 1176258 1176259 1176262 1176262 1176435 1176435 1176712 1176712 1176740 1176740 1176902 1176902 1176988 1177120 1177211 1177238 1177238 1177458 1177479 1177490 1177510 1177533 1177843 1177858 1178009 1178346 1178376 1178387 1178512 1178554 1178577 1178614 1178624 1178675 1178727 1178823 1178825 1178837 1179036 1179139 1179193 1179193 1179341 1179398 1179399 1179431 1179452 1179491 1179593 1179630 1179802 1180118 1180138 1180155 1180377 935885 935885 998893 CVE-2019-16785 CVE-2019-16786 CVE-2019-16789 CVE-2019-16792 CVE-2019-16935 CVE-2019-18348 CVE-2019-20907 CVE-2019-20916 CVE-2019-20916 CVE-2019-5010 CVE-2020-13844 CVE-2020-14422 CVE-2020-15166 CVE-2020-1971 CVE-2020-25660 CVE-2020-25692 CVE-2020-26116 CVE-2020-26137 CVE-2020-27619 CVE-2020-27781 CVE-2020-28196 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2020-8492 ----------------------------------------------------------------- The container ses/6/cephcsi/cephcsi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3048-1 Released: Tue Oct 27 16:04:52 2020 Summary: Recommended update for libsolv, libzypp, yaml-cpp, zypper Type: recommended Severity: moderate References: 1174918,1176192,1176435,1176712,1176740,1176902,1177238,935885 This update for libsolv, libzypp, yaml-cpp, zypper fixes the following issues: libzypp was updated to 17.25.1: - When kernel-rt has been installed, the purge-kernels service fails during boot. (bsc#1176902) - Use package name provides as group key in purge-kernel (bsc#1176740 bsc#1176192) kernel-default-base has new packaging, where the kernel uname -r does not reflect the full package version anymore. This patch adds additional logic to use the most generic/shortest edition each package provides with %{packagename}= to group the kernel packages instead of the rpm versions. This also changes how the keep-spec for specific versions is applied, instead of matching the package versions, each of the package name provides will be matched. - RepoInfo: Return the type of the local metadata cache as fallback (bsc#1176435) - VendorAttr: Fix broken 'suse,opensuse' equivalence handling. Enhance API and testcases. (bsc#1174918) - Update docs regarding 'opensuse' namepace matching. - Link against libzstd to close libsolvs open references (as we link statically) yaml-cpp: - The libyaml-cpp0_6 library package is added the to the Basesystem module, LTSS and ESPOS channels, and the INSTALLER channels, as a new libzypp dependency. No source changes were done to yaml-cpp. zypper was updated to 1.14.40: - info: Assume descriptions starting with '

' are richtext (bsc#935885) - help: prevent 'whatis' from writing to stderr (bsc#1176712) - wp: point out that command is aliased to a search command and searches case-insensitive (jsc#SLE-16271) libsolv was updated to 0.7.15 to fix: - make testcase_mangle_repo_names deal correctly with freed repos [bsc#1177238] - fix deduceq2addedmap clearing bits outside of the map - conda: feature depriorization first - conda: fix startswith implementation - move find_update_seeds() call in cleandeps calculation - set SOLVABLE_BUILDHOST in rpm and rpmmd parsers - new testcase_mangle_repo_names() function - new solv_fmemopen() function ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3264-1 Released: Tue Nov 10 09:50:29 2020 Summary: Security update for zeromq Type: security Severity: moderate References: 1176116,1176256,1176257,1176258,1176259,CVE-2020-15166 This update for zeromq fixes the following issues: - CVE-2020-15166: Fixed the possibility of unauthenticated clients causing a denial-of-service (bsc#1176116). - Fixed a heap overflow when receiving malformed ZMTP v1 packets (bsc#1176256) - Fixed a memory leak in client induced by malicious server(s) without CURVE/ZAP (bsc#1176257) - Fixed memory leak when processing PUB messages with metadata (bsc#1176259) - Fixed a stack overflow in PUB/XPUB subscription store (bsc#1176258) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3269-1 Released: Tue Nov 10 15:57:24 2020 Summary: Security update for python-waitress Type: security Severity: moderate References: 1160790,1161088,1161089,1161670,CVE-2019-16785,CVE-2019-16786,CVE-2019-16789,CVE-2019-16792 This update for python-waitress to 1.4.3 fixes the following security issues: - CVE-2019-16785: HTTP request smuggling through LF vs CRLF handling (bsc#1161088). - CVE-2019-16786: HTTP request smuggling through invalid Transfer-Encoding (bsc#1161089). - CVE-2019-16789: HTTP request smuggling through invalid whitespace characters (bsc#1160790). - CVE-2019-16792: HTTP request smuggling by sending the Content-Length header twice (bsc#1161670). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3285-1 Released: Wed Nov 11 11:22:14 2020 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1174918,1176192,1176435,1176712,1176740,1176902,1177238,935885 This update for libsolv, libzypp, zypper fixes the following issues: libzypp was updated to version 17.25.1: - Fix bsc#1176902: When kernel-rt has been installed, the purge-kernels service fails during boot. - Use package name provides as group key in purge-kernel (bsc#1176740 bsc#1176192) kernel-default-base has new packaging, where the kernel uname -r does not reflect the full package version anymore. This patch adds additional logic to use the most generic/shortest edition each package provides with %{packagename}= to group the kernel packages instead of the rpm versions. This also changes how the keep-spec for specific versions is applied, instead of matching the package versions, each of the package name provides will be matched. - RepoInfo: Return the type of the local metadata cache as fallback (bsc#1176435) - VendorAttr: Fix broken 'suse,opensuse' equivalence handling. Enhance API and testcases. (bsc#1174918) - Update docs regarding 'opensuse' namepace matching. - New solver testcase format. - Link against libzsd to close libsolvs open references (as we link statically) zypper was updated to version 1.14.40. - info: Assume descriptions starting with '

' are richtext (bsc#935885) - Use new testcase API in libzypp. - BuildRequires: libzypp-devel >= 17.25.0. - help: prevent 'whatis' from writing to stderr (bsc#1176712) - wp: point out that command is aliased to a search command and searches case-insensitive (jsc#SLE-16271) libsolv was updated to version 0.7.16: - do not ask the namespace callback for splitprovides when writing a testcase - fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes - improve choicerule generation so that package updates are prefered in more cases - make testcase_mangle_repo_names deal correctly with freed repos [bsc#1177238] - fix deduceq2addedmap clearing bits outside of the map - conda: feature depriorization first - conda: fix startswith implementation - move find_update_seeds() call in cleandeps calculation - set SOLVABLE_BUILDHOST in rpm and rpmmd parsers - new testcase_mangle_repo_names() function - new solv_fmemopen() function ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3289-1 Released: Wed Nov 11 12:25:19 2020 Summary: Recommended update for python-cheroot Type: recommended Severity: moderate References: 1176988 This update for python-cheroot fixes the following issue: - Ignore OpenSSL's 1.1+ Error 0 under any Python while wrapping a socket. (bsc#1176988) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3290-1 Released: Wed Nov 11 12:25:32 2020 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1174232 This update for findutils fixes the following issues: - Do not unconditionally use leaf optimization for NFS. (bsc#1174232) NFS st_nlink are not accurate on all implementations, leading to aborts() if that assumption is made. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3313-1 Released: Thu Nov 12 16:07:37 2020 Summary: Security update for openldap2 Type: security Severity: important References: 1178387,CVE-2020-25692 This update for openldap2 fixes the following issues: - CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules (bsc#1178387). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3377-1 Released: Thu Nov 19 09:29:32 2020 Summary: Security update for krb5 Type: security Severity: moderate References: 1178512,CVE-2020-28196 This update for krb5 fixes the following security issue: - CVE-2020-28196: Fixed an unbounded recursion via an ASN.1-encoded Kerberos message (bsc#1178512). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3381-1 Released: Thu Nov 19 10:53:38 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1177458,1177490,1177510 This update for systemd fixes the following issues: - build-sys: optionally disable support of journal over the network (bsc#1177458) - ask-password: prevent buffer overflow when reading from keyring (bsc#1177510) - mount: don't propagate errors from mount_setup_unit() further up - Rely on the new build option --disable-remote for journal_remote This allows to drop the workaround that consisted in cleaning journal-upload files and {sysusers.d,tmpfiles.d}/systemd-remote.conf manually when 'journal_remote' support was disabled. - Move journal-{remote,upload}.conf.5.gz man pages into systemd-journal_remote sub package - Make sure {sysusers.d,tmpfiles.d}/systemd-remote.conf are not shipped with --without=journal_remote (bsc#1177458) These files were incorrectly packaged in the main package when systemd-journal_remote was disabled. - Make use of %{_unitdir} and %{_sysusersdir} - Remove mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3462-1 Released: Fri Nov 20 13:14:35 2020 Summary: Recommended update for pam and sudo Type: recommended Severity: moderate References: 1174593,1177858,1178727 This update for pam and sudo fixes the following issue: pam: - pam_xauth: do not *free* a string which has been successfully passed to *putenv*. (bsc#1177858) - Initialize the local variable *daysleft* to avoid a misleading warning for password expire days. (bsc#1178727) - Run /usr/bin/xauth using the old user's and group's identifiers. (bsc#1174593) sudo: - Fix a problem with pam_xauth which checks effective and real uids to get the real identity of the user. (bsc#1174593) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3485-1 Released: Mon Nov 23 13:10:36 2020 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1123327,1173503,1175110,998893 This update for lvm2 fixes the following issues: - Fixed an issue when the hot spares in LVM not added automatically. (bsc#1175110) - Fixed an issue when lvm produces a large number of luns with error message 'Too many open files'. (bsc#1173503) - Fixes an issue when LVM initialization failed during reboot. (bsc#998893) - Fixed a misplaced parameter in the lvm configuration. (bsc#1123327) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3546-1 Released: Fri Nov 27 11:21:09 2020 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1172695 This update for gnutls fixes the following issue: - Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3560-1 Released: Mon Nov 30 12:21:34 2020 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1158499,1160158,1161198,1161203,1163569,1165281,1165534,1166848,1175847,1177479 This update for openssl-1_1 fixes the following issues: This update backports various bugfixes for FIPS: - Restore private key check in EC_KEY_check_key [bsc#1177479] - Add shared secret KAT to FIPS DH selftest [bsc#1175847] - Include ECDH/DH Requirements from SP800-56Arev3 [bsc#1175847] - Fix locking issue uncovered by python testsuite (bsc#1166848) - Fix the sequence of locking operations in FIPS mode [bsc#1165534] - Fix deadlock in FIPS rand code (bsc#1165281) - Fix wrong return values of FIPS DSA and ECDH selftests (bsc#1163569) - Fix FIPS DRBG without derivation function (bsc#1161198) - Allow md5_sha1 in FIPS mode to enable TLS 1.0 (bsc#1161203) - Obsolete libopenssl-1_0_0-hmac for a clean upgrade from SLE-12 (bsc#1158499) - Restore the EVP_PBE_scrypt() behavior from before the KDF patch by treating salt=NULL as salt='' (bsc#1160158) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3566-1 Released: Mon Nov 30 16:56:52 2020 Summary: Security update for python-setuptools Type: security Severity: important References: 1176262,CVE-2019-20916 This update for python-setuptools fixes the following issues: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3572-1 Released: Mon Nov 30 18:12:34 2020 Summary: Recommended update for lvm2 Type: recommended Severity: important References: 1177533 This update for lvm2 fixes the following issues: - Fixed an issue where /boot logical volume was accidentally unmounted (bsc#1177533) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3579-1 Released: Tue Dec 1 14:24:31 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: - Add support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3581-1 Released: Tue Dec 1 14:40:22 2020 Summary: Recommended update for libusb-1_0 Type: recommended Severity: moderate References: 1178376 This update for libusb-1_0 fixes the following issues: - Fixes a build failure for libusb for the inclusion of 'sys/time.h' on PowerPC. (bsc#1178376) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3593-1 Released: Wed Dec 2 10:33:49 2020 Summary: Security update for python3 Type: security Severity: important References: 1176262,1179193,CVE-2019-20916 This update for python3 fixes the following issues: Update to 3.6.12 (bsc#1179193), including: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3620-1 Released: Thu Dec 3 17:03:55 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issues: - Check if the password is part of the username. (jsc#SLE-16719, jsc#SLE-16720) - Check whether the password contains a substring of of the user's name of at least `` characters length in some form. This is enabled by the new parameter `usersubstr=` ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3640-1 Released: Mon Dec 7 13:24:41 2020 Summary: Recommended update for binutils Type: recommended Severity: important References: 1179036,1179341 This update for binutils fixes the following issues: Update binutils 2.35 branch to commit 1c5243df: * Fixes PR26520, aka [bsc#1179036], a problem in addr2line with certain DWARF variable descriptions. * Also fixes PR26711, PR26656, PR26655, PR26929, PR26808, PR25878, PR26740, PR26778, PR26763, PR26685, PR26699, PR26902, PR26869, PR26711 * The above includes fixes for dwo files produced by modern dwp, fixing several problems in the DWARF reader. Update binutils to 2.35.1 and rebased branch diff: * This is a point release over the previous 2.35 version, containing bug fixes, and as an exception to the usual rule, one new feature. The new feature is the support for a new directive in the assembler: '.nop'. This directive creates a single no-op instruction in whatever encoding is correct for the target architecture. Unlike the .space or .fill this is a real instruction, and it does affect the generation of DWARF line number tables, should they be enabled. This fixes an incompatibility introduced in the latest update that broke the install scripts of the Oracle server. [bsc#1179341] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3703-1 Released: Mon Dec 7 20:17:32 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1179431 This update for aaa_base fixes the following issue: - Avoid semicolon within (t)csh login script on S/390. (bsc#1179431) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3720-1 Released: Wed Dec 9 13:36:26 2020 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1179491,CVE-2020-1971 This update for openssl-1_1 fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3723-1 Released: Wed Dec 9 13:37:55 2020 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1177120,CVE-2020-26137 This update for python-urllib3 fixes the following issues: - CVE-2020-26137: Fixed a CRLF injection via HTTP request method (bsc#1177120). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3733-1 Released: Wed Dec 9 18:18:35 2020 Summary: Security update for curl Type: security Severity: moderate References: 1179398,1179399,1179593,CVE-2020-8284,CVE-2020-8285,CVE-2020-8286 This update for curl fixes the following issues: - CVE-2020-8286: Fixed improper OSCP verification in the client side (bsc#1179593). - CVE-2020-8285: Fixed a stack overflow due to FTP wildcard (bsc#1179399). - CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP (bsc#1179398). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3749-1 Released: Thu Dec 10 14:39:28 2020 Summary: Security update for gcc7 Type: security Severity: moderate References: 1150164,1161913,1167939,1172798,1178577,1178614,1178624,1178675,CVE-2020-13844 This update for gcc7 fixes the following issues: - CVE-2020-13844: Added mitigation for aarch64 Straight Line Speculation issue (bsc#1172798) - Enable fortran for the nvptx offload compiler. - Update README.First-for.SuSE.packagers - avoid assembler errors with AVX512 gather and scatter instructions when using -masm=intel. - Backport the aarch64 -moutline-atomics feature and accumulated fixes but not its default enabling. [jsc#SLE-12209, bsc#1167939] - Fixed 32bit libgnat.so link. [bsc#1178675] - Fixed memcpy miscompilation on aarch64. [bsc#1178624, bsc#1178577] - Fixed debug line info for try/catch. [bsc#1178614] - Remove -mbranch-protection=standard (aarch64 flag) when gcc7 is used to build gcc7 (ie when ada is enabled) - Fixed corruption of pass private ->aux via DF. [gcc#94148] - Fixed debug information issue with inlined functions and passed by reference arguments. [gcc#93888] - Fixed binutils release date detection issue. - Fixed register allocation issue with exception handling code on s390x. [bsc#1161913] - Fixed miscompilation of some atomic code on aarch64. [bsc#1150164] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3792-1 Released: Mon Dec 14 17:39:24 2020 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1145276 This update for gzip fixes the following issues: Update from version 1.9 to version 1.10 (jsc#ECO-2217, jsc#SLE-12974) - Enable `DFLTCC` (Deflate Conversion Call) compression for s390x for levels 1-6 to `CFLAGS`. (jsc#SLE-13775) Enable by adding `-DDFLTCC_LEVEL_MASK=0x7e` to `CFLAGS`. - Fix three data corruption issues. (bsc#1145276, jsc#SLE-5818, jsc#SLE-8914) - Add support for `DFLTCC` (hardware-accelerated deflation) for s390x arch. (jsc#SLE-5818, jsc#SLE-8914) Enable it using the `--enable-dfltcc` option. - Compressed gzip output no longer contains the current time as a timestamp when the input is not a regular file. Instead, the output contains a `null` (zero) timestamp. This makes gzip's behavior more reproducible when used as part of a pipeline. - A use of uninitialized memory on some malformed inputs has been fixed. - A few theoretical race conditions in signal handlers have been fixed. - Update gnulib for `libio.h` removal. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3921-1 Released: Tue Dec 22 15:19:17 2020 Summary: Recommended update for libpwquality Type: recommended Severity: low References: This update for libpwquality fixes the following issues: - Implement alignment with 'pam_cracklib'. (jsc#SLE-16720) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3930-1 Released: Wed Dec 23 18:19:39 2020 Summary: Security update for python3 Type: security Severity: important References: 1155094,1174091,1174571,1174701,1177211,1178009,1179193,1179630,CVE-2019-16935,CVE-2019-18348,CVE-2019-20907,CVE-2019-5010,CVE-2020-14422,CVE-2020-26116,CVE-2020-27619,CVE-2020-8492 This update for python3 fixes the following issues: - Fixed CVE-2020-27619 (bsc#1178009), where Lib/test/multibytecodec_support calls eval() on content retrieved via HTTP. - Change setuptools and pip version numbers according to new wheels - Handful of changes to make python36 compatible with SLE15 and SLE12 (jsc#ECO-2799, jsc#SLE-13738) - add triplets for mips-r6 and riscv - RISC-V needs CTYPES_PASS_BY_REF_HACK Update to 3.6.12 (bsc#1179193) * Ensure python3.dll is loaded from correct locations when Python is embedded * The __hash__() methods of ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 respectively. This resulted in always causing hash collisions. The fix uses hash() to generate hash values for the tuple of (address, mask length, network address). * Prevent http header injection by rejecting control characters in http.client.putrequest(???). * Unpickling invalid NEWOBJ_EX opcode with the C implementation raises now UnpicklingError instead of crashing. * Avoid infinite loop when reading specially crafted TAR files using the tarfile module - This release also fixes CVE-2020-26116 (bsc#1177211) and CVE-2019-20907 (bsc#1174091). Update to 3.6.11: - Disallow CR or LF in email.headerregistry. Address arguments to guard against header injection attacks. - Disallow control characters in hostnames in http.client, addressing CVE-2019-18348. Such potentially malicious header injection URLs now cause a InvalidURL to be raised. (bsc#1155094) - CVE-2020-8492: The AbstractBasicAuthHandler class of the urllib.request module uses an inefficient regular expression which can be exploited by an attacker to cause a denial of service. Fix the regex to prevent the catastrophic backtracking. Vulnerability reported by Ben Caller and Matt Schwager. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3946-1 Released: Tue Dec 29 17:39:54 2020 Summary: Recommended update for python3 Type: recommended Severity: important References: 1180377 This update for python3 fixes the following issues: - A previous update inadvertently removed the 'PyFPE_jbuf' symbol from Python3, which caused regressions in several applications. (bsc#1180377) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:24-1 Released: Tue Jan 5 11:02:26 2021 Summary: Security update for ceph Type: security Severity: moderate References: 1169134,1170487,1172546,1174591,1175061,1175240,1175585,1175781,1177843,1178837,1179139,1179452,1179802,1180118,1180155,CVE-2020-25660,CVE-2020-27781 This update for ceph fixes the following issues: - CVE-2020-25660: Bring back CEPHX_V2 authorizer challenges (bsc#1177843). - CVE-2020-27781: Fixed a privilege escalation via the ceph_volume_client Python interface (bsc#1179802 bsc#1180155). - Fixes an issue when check in legacy collection reaches end. (bsc#1179139) - Fixes an issue when storage service stops. (bsc#1178837) - Fix for failing test run due to missing module 'six'. (bsc#1179452) - Documented Prometheus' security model (bsc#1169134) - monclient: Fixed an issue where executing several ceph commands in a short amount of time led to a segmentation fault (bsc#1170487) - Fixed an issue, where it was not possible to edit an iSCSI logged-in client (bsc#1174591) - Fixed an issue, where OSDs could not get started after they failed (bsc#1175061) - Fixed an issue with the restful module, where it aborted on execution for POST calls (bsc#1175240) - Fixed a many-to-many issue in host-details Grafana dashboard (bsc#1175585) - Fixed collection_list ordering in os/bluestore (bsc#1172546) - Fixed help output of lvmcache (bsc#1175781) - Provide a different name for the fallback allocator in bluestore. (bsc#1180118) From sle-updates at lists.suse.com Thu Jan 7 23:55:41 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 8 Jan 2021 07:55:41 +0100 (CET) Subject: SUSE-CU-2021:18-1: Security update of ses/6/ceph/ceph Message-ID: <20210108065541.C8A4DFEDA@maintenance.suse.de> SUSE Container Update Advisory: ses/6/ceph/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:18-1 Container Tags : ses/6/ceph/ceph:14.2.16.402 , ses/6/ceph/ceph:14.2.16.402.1.5.336 , ses/6/ceph/ceph:latest Container Release : 1.5.336 Severity : important Type : security References : 1084671 1123327 1145276 1150164 1155094 1158499 1160158 1160790 1161088 1161089 1161198 1161203 1161670 1161913 1163569 1165281 1165534 1166848 1167939 1169006 1169134 1170487 1172546 1172695 1172798 1173503 1174091 1174232 1174571 1174591 1174593 1174701 1174918 1174918 1174942 1175061 1175110 1175240 1175514 1175585 1175623 1175781 1175847 1176116 1176192 1176192 1176256 1176257 1176258 1176259 1176262 1176262 1176435 1176435 1176712 1176712 1176740 1176740 1176902 1176902 1176988 1177120 1177211 1177238 1177238 1177458 1177479 1177490 1177510 1177533 1177843 1177858 1178009 1178346 1178376 1178387 1178512 1178554 1178577 1178614 1178624 1178675 1178727 1178823 1178825 1178837 1179036 1179139 1179193 1179193 1179341 1179398 1179399 1179431 1179452 1179491 1179593 1179630 1179802 1180118 1180138 1180155 1180377 935885 935885 998893 CVE-2019-16785 CVE-2019-16786 CVE-2019-16789 CVE-2019-16792 CVE-2019-16935 CVE-2019-18348 CVE-2019-20907 CVE-2019-20916 CVE-2019-20916 CVE-2019-5010 CVE-2020-13844 CVE-2020-14422 CVE-2020-15166 CVE-2020-1971 CVE-2020-25660 CVE-2020-25692 CVE-2020-26116 CVE-2020-26137 CVE-2020-27619 CVE-2020-27781 CVE-2020-28196 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2020-8492 ----------------------------------------------------------------- The container ses/6/ceph/ceph was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3048-1 Released: Tue Oct 27 16:04:52 2020 Summary: Recommended update for libsolv, libzypp, yaml-cpp, zypper Type: recommended Severity: moderate References: 1174918,1176192,1176435,1176712,1176740,1176902,1177238,935885 This update for libsolv, libzypp, yaml-cpp, zypper fixes the following issues: libzypp was updated to 17.25.1: - When kernel-rt has been installed, the purge-kernels service fails during boot. (bsc#1176902) - Use package name provides as group key in purge-kernel (bsc#1176740 bsc#1176192) kernel-default-base has new packaging, where the kernel uname -r does not reflect the full package version anymore. This patch adds additional logic to use the most generic/shortest edition each package provides with %{packagename}= to group the kernel packages instead of the rpm versions. This also changes how the keep-spec for specific versions is applied, instead of matching the package versions, each of the package name provides will be matched. - RepoInfo: Return the type of the local metadata cache as fallback (bsc#1176435) - VendorAttr: Fix broken 'suse,opensuse' equivalence handling. Enhance API and testcases. (bsc#1174918) - Update docs regarding 'opensuse' namepace matching. - Link against libzstd to close libsolvs open references (as we link statically) yaml-cpp: - The libyaml-cpp0_6 library package is added the to the Basesystem module, LTSS and ESPOS channels, and the INSTALLER channels, as a new libzypp dependency. No source changes were done to yaml-cpp. zypper was updated to 1.14.40: - info: Assume descriptions starting with '

' are richtext (bsc#935885) - help: prevent 'whatis' from writing to stderr (bsc#1176712) - wp: point out that command is aliased to a search command and searches case-insensitive (jsc#SLE-16271) libsolv was updated to 0.7.15 to fix: - make testcase_mangle_repo_names deal correctly with freed repos [bsc#1177238] - fix deduceq2addedmap clearing bits outside of the map - conda: feature depriorization first - conda: fix startswith implementation - move find_update_seeds() call in cleandeps calculation - set SOLVABLE_BUILDHOST in rpm and rpmmd parsers - new testcase_mangle_repo_names() function - new solv_fmemopen() function ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3264-1 Released: Tue Nov 10 09:50:29 2020 Summary: Security update for zeromq Type: security Severity: moderate References: 1176116,1176256,1176257,1176258,1176259,CVE-2020-15166 This update for zeromq fixes the following issues: - CVE-2020-15166: Fixed the possibility of unauthenticated clients causing a denial-of-service (bsc#1176116). - Fixed a heap overflow when receiving malformed ZMTP v1 packets (bsc#1176256) - Fixed a memory leak in client induced by malicious server(s) without CURVE/ZAP (bsc#1176257) - Fixed memory leak when processing PUB messages with metadata (bsc#1176259) - Fixed a stack overflow in PUB/XPUB subscription store (bsc#1176258) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3269-1 Released: Tue Nov 10 15:57:24 2020 Summary: Security update for python-waitress Type: security Severity: moderate References: 1160790,1161088,1161089,1161670,CVE-2019-16785,CVE-2019-16786,CVE-2019-16789,CVE-2019-16792 This update for python-waitress to 1.4.3 fixes the following security issues: - CVE-2019-16785: HTTP request smuggling through LF vs CRLF handling (bsc#1161088). - CVE-2019-16786: HTTP request smuggling through invalid Transfer-Encoding (bsc#1161089). - CVE-2019-16789: HTTP request smuggling through invalid whitespace characters (bsc#1160790). - CVE-2019-16792: HTTP request smuggling by sending the Content-Length header twice (bsc#1161670). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3285-1 Released: Wed Nov 11 11:22:14 2020 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1174918,1176192,1176435,1176712,1176740,1176902,1177238,935885 This update for libsolv, libzypp, zypper fixes the following issues: libzypp was updated to version 17.25.1: - Fix bsc#1176902: When kernel-rt has been installed, the purge-kernels service fails during boot. - Use package name provides as group key in purge-kernel (bsc#1176740 bsc#1176192) kernel-default-base has new packaging, where the kernel uname -r does not reflect the full package version anymore. This patch adds additional logic to use the most generic/shortest edition each package provides with %{packagename}= to group the kernel packages instead of the rpm versions. This also changes how the keep-spec for specific versions is applied, instead of matching the package versions, each of the package name provides will be matched. - RepoInfo: Return the type of the local metadata cache as fallback (bsc#1176435) - VendorAttr: Fix broken 'suse,opensuse' equivalence handling. Enhance API and testcases. (bsc#1174918) - Update docs regarding 'opensuse' namepace matching. - New solver testcase format. - Link against libzsd to close libsolvs open references (as we link statically) zypper was updated to version 1.14.40. - info: Assume descriptions starting with '

' are richtext (bsc#935885) - Use new testcase API in libzypp. - BuildRequires: libzypp-devel >= 17.25.0. - help: prevent 'whatis' from writing to stderr (bsc#1176712) - wp: point out that command is aliased to a search command and searches case-insensitive (jsc#SLE-16271) libsolv was updated to version 0.7.16: - do not ask the namespace callback for splitprovides when writing a testcase - fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes - improve choicerule generation so that package updates are prefered in more cases - make testcase_mangle_repo_names deal correctly with freed repos [bsc#1177238] - fix deduceq2addedmap clearing bits outside of the map - conda: feature depriorization first - conda: fix startswith implementation - move find_update_seeds() call in cleandeps calculation - set SOLVABLE_BUILDHOST in rpm and rpmmd parsers - new testcase_mangle_repo_names() function - new solv_fmemopen() function ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3289-1 Released: Wed Nov 11 12:25:19 2020 Summary: Recommended update for python-cheroot Type: recommended Severity: moderate References: 1176988 This update for python-cheroot fixes the following issue: - Ignore OpenSSL's 1.1+ Error 0 under any Python while wrapping a socket. (bsc#1176988) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3290-1 Released: Wed Nov 11 12:25:32 2020 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1174232 This update for findutils fixes the following issues: - Do not unconditionally use leaf optimization for NFS. (bsc#1174232) NFS st_nlink are not accurate on all implementations, leading to aborts() if that assumption is made. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3313-1 Released: Thu Nov 12 16:07:37 2020 Summary: Security update for openldap2 Type: security Severity: important References: 1178387,CVE-2020-25692 This update for openldap2 fixes the following issues: - CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules (bsc#1178387). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3377-1 Released: Thu Nov 19 09:29:32 2020 Summary: Security update for krb5 Type: security Severity: moderate References: 1178512,CVE-2020-28196 This update for krb5 fixes the following security issue: - CVE-2020-28196: Fixed an unbounded recursion via an ASN.1-encoded Kerberos message (bsc#1178512). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3381-1 Released: Thu Nov 19 10:53:38 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1177458,1177490,1177510 This update for systemd fixes the following issues: - build-sys: optionally disable support of journal over the network (bsc#1177458) - ask-password: prevent buffer overflow when reading from keyring (bsc#1177510) - mount: don't propagate errors from mount_setup_unit() further up - Rely on the new build option --disable-remote for journal_remote This allows to drop the workaround that consisted in cleaning journal-upload files and {sysusers.d,tmpfiles.d}/systemd-remote.conf manually when 'journal_remote' support was disabled. - Move journal-{remote,upload}.conf.5.gz man pages into systemd-journal_remote sub package - Make sure {sysusers.d,tmpfiles.d}/systemd-remote.conf are not shipped with --without=journal_remote (bsc#1177458) These files were incorrectly packaged in the main package when systemd-journal_remote was disabled. - Make use of %{_unitdir} and %{_sysusersdir} - Remove mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3462-1 Released: Fri Nov 20 13:14:35 2020 Summary: Recommended update for pam and sudo Type: recommended Severity: moderate References: 1174593,1177858,1178727 This update for pam and sudo fixes the following issue: pam: - pam_xauth: do not *free* a string which has been successfully passed to *putenv*. (bsc#1177858) - Initialize the local variable *daysleft* to avoid a misleading warning for password expire days. (bsc#1178727) - Run /usr/bin/xauth using the old user's and group's identifiers. (bsc#1174593) sudo: - Fix a problem with pam_xauth which checks effective and real uids to get the real identity of the user. (bsc#1174593) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3485-1 Released: Mon Nov 23 13:10:36 2020 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1123327,1173503,1175110,998893 This update for lvm2 fixes the following issues: - Fixed an issue when the hot spares in LVM not added automatically. (bsc#1175110) - Fixed an issue when lvm produces a large number of luns with error message 'Too many open files'. (bsc#1173503) - Fixes an issue when LVM initialization failed during reboot. (bsc#998893) - Fixed a misplaced parameter in the lvm configuration. (bsc#1123327) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3546-1 Released: Fri Nov 27 11:21:09 2020 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1172695 This update for gnutls fixes the following issue: - Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3560-1 Released: Mon Nov 30 12:21:34 2020 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1158499,1160158,1161198,1161203,1163569,1165281,1165534,1166848,1175847,1177479 This update for openssl-1_1 fixes the following issues: This update backports various bugfixes for FIPS: - Restore private key check in EC_KEY_check_key [bsc#1177479] - Add shared secret KAT to FIPS DH selftest [bsc#1175847] - Include ECDH/DH Requirements from SP800-56Arev3 [bsc#1175847] - Fix locking issue uncovered by python testsuite (bsc#1166848) - Fix the sequence of locking operations in FIPS mode [bsc#1165534] - Fix deadlock in FIPS rand code (bsc#1165281) - Fix wrong return values of FIPS DSA and ECDH selftests (bsc#1163569) - Fix FIPS DRBG without derivation function (bsc#1161198) - Allow md5_sha1 in FIPS mode to enable TLS 1.0 (bsc#1161203) - Obsolete libopenssl-1_0_0-hmac for a clean upgrade from SLE-12 (bsc#1158499) - Restore the EVP_PBE_scrypt() behavior from before the KDF patch by treating salt=NULL as salt='' (bsc#1160158) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3566-1 Released: Mon Nov 30 16:56:52 2020 Summary: Security update for python-setuptools Type: security Severity: important References: 1176262,CVE-2019-20916 This update for python-setuptools fixes the following issues: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3572-1 Released: Mon Nov 30 18:12:34 2020 Summary: Recommended update for lvm2 Type: recommended Severity: important References: 1177533 This update for lvm2 fixes the following issues: - Fixed an issue where /boot logical volume was accidentally unmounted (bsc#1177533) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3579-1 Released: Tue Dec 1 14:24:31 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: - Add support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3581-1 Released: Tue Dec 1 14:40:22 2020 Summary: Recommended update for libusb-1_0 Type: recommended Severity: moderate References: 1178376 This update for libusb-1_0 fixes the following issues: - Fixes a build failure for libusb for the inclusion of 'sys/time.h' on PowerPC. (bsc#1178376) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3593-1 Released: Wed Dec 2 10:33:49 2020 Summary: Security update for python3 Type: security Severity: important References: 1176262,1179193,CVE-2019-20916 This update for python3 fixes the following issues: Update to 3.6.12 (bsc#1179193), including: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3620-1 Released: Thu Dec 3 17:03:55 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issues: - Check if the password is part of the username. (jsc#SLE-16719, jsc#SLE-16720) - Check whether the password contains a substring of of the user's name of at least `` characters length in some form. This is enabled by the new parameter `usersubstr=` ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3640-1 Released: Mon Dec 7 13:24:41 2020 Summary: Recommended update for binutils Type: recommended Severity: important References: 1179036,1179341 This update for binutils fixes the following issues: Update binutils 2.35 branch to commit 1c5243df: * Fixes PR26520, aka [bsc#1179036], a problem in addr2line with certain DWARF variable descriptions. * Also fixes PR26711, PR26656, PR26655, PR26929, PR26808, PR25878, PR26740, PR26778, PR26763, PR26685, PR26699, PR26902, PR26869, PR26711 * The above includes fixes for dwo files produced by modern dwp, fixing several problems in the DWARF reader. Update binutils to 2.35.1 and rebased branch diff: * This is a point release over the previous 2.35 version, containing bug fixes, and as an exception to the usual rule, one new feature. The new feature is the support for a new directive in the assembler: '.nop'. This directive creates a single no-op instruction in whatever encoding is correct for the target architecture. Unlike the .space or .fill this is a real instruction, and it does affect the generation of DWARF line number tables, should they be enabled. This fixes an incompatibility introduced in the latest update that broke the install scripts of the Oracle server. [bsc#1179341] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3703-1 Released: Mon Dec 7 20:17:32 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1179431 This update for aaa_base fixes the following issue: - Avoid semicolon within (t)csh login script on S/390. (bsc#1179431) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3720-1 Released: Wed Dec 9 13:36:26 2020 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1179491,CVE-2020-1971 This update for openssl-1_1 fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3723-1 Released: Wed Dec 9 13:37:55 2020 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1177120,CVE-2020-26137 This update for python-urllib3 fixes the following issues: - CVE-2020-26137: Fixed a CRLF injection via HTTP request method (bsc#1177120). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3733-1 Released: Wed Dec 9 18:18:35 2020 Summary: Security update for curl Type: security Severity: moderate References: 1179398,1179399,1179593,CVE-2020-8284,CVE-2020-8285,CVE-2020-8286 This update for curl fixes the following issues: - CVE-2020-8286: Fixed improper OSCP verification in the client side (bsc#1179593). - CVE-2020-8285: Fixed a stack overflow due to FTP wildcard (bsc#1179399). - CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP (bsc#1179398). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3749-1 Released: Thu Dec 10 14:39:28 2020 Summary: Security update for gcc7 Type: security Severity: moderate References: 1150164,1161913,1167939,1172798,1178577,1178614,1178624,1178675,CVE-2020-13844 This update for gcc7 fixes the following issues: - CVE-2020-13844: Added mitigation for aarch64 Straight Line Speculation issue (bsc#1172798) - Enable fortran for the nvptx offload compiler. - Update README.First-for.SuSE.packagers - avoid assembler errors with AVX512 gather and scatter instructions when using -masm=intel. - Backport the aarch64 -moutline-atomics feature and accumulated fixes but not its default enabling. [jsc#SLE-12209, bsc#1167939] - Fixed 32bit libgnat.so link. [bsc#1178675] - Fixed memcpy miscompilation on aarch64. [bsc#1178624, bsc#1178577] - Fixed debug line info for try/catch. [bsc#1178614] - Remove -mbranch-protection=standard (aarch64 flag) when gcc7 is used to build gcc7 (ie when ada is enabled) - Fixed corruption of pass private ->aux via DF. [gcc#94148] - Fixed debug information issue with inlined functions and passed by reference arguments. [gcc#93888] - Fixed binutils release date detection issue. - Fixed register allocation issue with exception handling code on s390x. [bsc#1161913] - Fixed miscompilation of some atomic code on aarch64. [bsc#1150164] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3792-1 Released: Mon Dec 14 17:39:24 2020 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1145276 This update for gzip fixes the following issues: Update from version 1.9 to version 1.10 (jsc#ECO-2217, jsc#SLE-12974) - Enable `DFLTCC` (Deflate Conversion Call) compression for s390x for levels 1-6 to `CFLAGS`. (jsc#SLE-13775) Enable by adding `-DDFLTCC_LEVEL_MASK=0x7e` to `CFLAGS`. - Fix three data corruption issues. (bsc#1145276, jsc#SLE-5818, jsc#SLE-8914) - Add support for `DFLTCC` (hardware-accelerated deflation) for s390x arch. (jsc#SLE-5818, jsc#SLE-8914) Enable it using the `--enable-dfltcc` option. - Compressed gzip output no longer contains the current time as a timestamp when the input is not a regular file. Instead, the output contains a `null` (zero) timestamp. This makes gzip's behavior more reproducible when used as part of a pipeline. - A use of uninitialized memory on some malformed inputs has been fixed. - A few theoretical race conditions in signal handlers have been fixed. - Update gnulib for `libio.h` removal. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3921-1 Released: Tue Dec 22 15:19:17 2020 Summary: Recommended update for libpwquality Type: recommended Severity: low References: This update for libpwquality fixes the following issues: - Implement alignment with 'pam_cracklib'. (jsc#SLE-16720) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3930-1 Released: Wed Dec 23 18:19:39 2020 Summary: Security update for python3 Type: security Severity: important References: 1155094,1174091,1174571,1174701,1177211,1178009,1179193,1179630,CVE-2019-16935,CVE-2019-18348,CVE-2019-20907,CVE-2019-5010,CVE-2020-14422,CVE-2020-26116,CVE-2020-27619,CVE-2020-8492 This update for python3 fixes the following issues: - Fixed CVE-2020-27619 (bsc#1178009), where Lib/test/multibytecodec_support calls eval() on content retrieved via HTTP. - Change setuptools and pip version numbers according to new wheels - Handful of changes to make python36 compatible with SLE15 and SLE12 (jsc#ECO-2799, jsc#SLE-13738) - add triplets for mips-r6 and riscv - RISC-V needs CTYPES_PASS_BY_REF_HACK Update to 3.6.12 (bsc#1179193) * Ensure python3.dll is loaded from correct locations when Python is embedded * The __hash__() methods of ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 respectively. This resulted in always causing hash collisions. The fix uses hash() to generate hash values for the tuple of (address, mask length, network address). * Prevent http header injection by rejecting control characters in http.client.putrequest(???). * Unpickling invalid NEWOBJ_EX opcode with the C implementation raises now UnpicklingError instead of crashing. * Avoid infinite loop when reading specially crafted TAR files using the tarfile module - This release also fixes CVE-2020-26116 (bsc#1177211) and CVE-2019-20907 (bsc#1174091). Update to 3.6.11: - Disallow CR or LF in email.headerregistry. Address arguments to guard against header injection attacks. - Disallow control characters in hostnames in http.client, addressing CVE-2019-18348. Such potentially malicious header injection URLs now cause a InvalidURL to be raised. (bsc#1155094) - CVE-2020-8492: The AbstractBasicAuthHandler class of the urllib.request module uses an inefficient regular expression which can be exploited by an attacker to cause a denial of service. Fix the regex to prevent the catastrophic backtracking. Vulnerability reported by Ben Caller and Matt Schwager. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3946-1 Released: Tue Dec 29 17:39:54 2020 Summary: Recommended update for python3 Type: recommended Severity: important References: 1180377 This update for python3 fixes the following issues: - A previous update inadvertently removed the 'PyFPE_jbuf' symbol from Python3, which caused regressions in several applications. (bsc#1180377) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:24-1 Released: Tue Jan 5 11:02:26 2021 Summary: Security update for ceph Type: security Severity: moderate References: 1169134,1170487,1172546,1174591,1175061,1175240,1175585,1175781,1177843,1178837,1179139,1179452,1179802,1180118,1180155,CVE-2020-25660,CVE-2020-27781 This update for ceph fixes the following issues: - CVE-2020-25660: Bring back CEPHX_V2 authorizer challenges (bsc#1177843). - CVE-2020-27781: Fixed a privilege escalation via the ceph_volume_client Python interface (bsc#1179802 bsc#1180155). - Fixes an issue when check in legacy collection reaches end. (bsc#1179139) - Fixes an issue when storage service stops. (bsc#1178837) - Fix for failing test run due to missing module 'six'. (bsc#1179452) - Documented Prometheus' security model (bsc#1169134) - monclient: Fixed an issue where executing several ceph commands in a short amount of time led to a segmentation fault (bsc#1170487) - Fixed an issue, where it was not possible to edit an iSCSI logged-in client (bsc#1174591) - Fixed an issue, where OSDs could not get started after they failed (bsc#1175061) - Fixed an issue with the restful module, where it aborted on execution for POST calls (bsc#1175240) - Fixed a many-to-many issue in host-details Grafana dashboard (bsc#1175585) - Fixed collection_list ordering in os/bluestore (bsc#1172546) - Fixed help output of lvmcache (bsc#1175781) - Provide a different name for the fallback allocator in bluestore. (bsc#1180118) From sle-updates at lists.suse.com Thu Jan 7 23:58:25 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 8 Jan 2021 07:58:25 +0100 (CET) Subject: SUSE-CU-2021:19-1: Security update of ses/6/rook/ceph Message-ID: <20210108065825.81D26FEDA@maintenance.suse.de> SUSE Container Update Advisory: ses/6/rook/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:19-1 Container Tags : ses/6/rook/ceph:1.1.1.0 , ses/6/rook/ceph:1.1.1.0.1.5.334 , ses/6/rook/ceph:latest Container Release : 1.5.334 Severity : important Type : security References : 1084671 1123327 1145276 1150164 1155094 1158499 1160158 1160790 1161088 1161089 1161198 1161203 1161670 1161913 1163569 1165281 1165534 1166848 1167939 1169006 1169134 1170487 1172546 1172695 1172798 1173503 1174091 1174232 1174571 1174591 1174593 1174701 1174918 1174918 1174942 1175061 1175110 1175240 1175514 1175585 1175623 1175781 1175847 1176116 1176192 1176192 1176256 1176257 1176258 1176259 1176262 1176262 1176435 1176435 1176712 1176712 1176740 1176740 1176902 1176902 1176988 1177120 1177211 1177238 1177238 1177458 1177479 1177490 1177510 1177533 1177843 1177858 1178009 1178346 1178376 1178387 1178512 1178554 1178577 1178614 1178624 1178675 1178727 1178823 1178825 1178837 1179036 1179139 1179193 1179193 1179341 1179398 1179399 1179431 1179452 1179491 1179593 1179630 1179802 1180118 1180138 1180155 1180377 935885 935885 998893 CVE-2019-16785 CVE-2019-16786 CVE-2019-16789 CVE-2019-16792 CVE-2019-16935 CVE-2019-18348 CVE-2019-20907 CVE-2019-20916 CVE-2019-20916 CVE-2019-5010 CVE-2020-13844 CVE-2020-14422 CVE-2020-15166 CVE-2020-1971 CVE-2020-25660 CVE-2020-25692 CVE-2020-26116 CVE-2020-26137 CVE-2020-27619 CVE-2020-27781 CVE-2020-28196 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2020-8492 ----------------------------------------------------------------- The container ses/6/rook/ceph was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3048-1 Released: Tue Oct 27 16:04:52 2020 Summary: Recommended update for libsolv, libzypp, yaml-cpp, zypper Type: recommended Severity: moderate References: 1174918,1176192,1176435,1176712,1176740,1176902,1177238,935885 This update for libsolv, libzypp, yaml-cpp, zypper fixes the following issues: libzypp was updated to 17.25.1: - When kernel-rt has been installed, the purge-kernels service fails during boot. (bsc#1176902) - Use package name provides as group key in purge-kernel (bsc#1176740 bsc#1176192) kernel-default-base has new packaging, where the kernel uname -r does not reflect the full package version anymore. This patch adds additional logic to use the most generic/shortest edition each package provides with %{packagename}= to group the kernel packages instead of the rpm versions. This also changes how the keep-spec for specific versions is applied, instead of matching the package versions, each of the package name provides will be matched. - RepoInfo: Return the type of the local metadata cache as fallback (bsc#1176435) - VendorAttr: Fix broken 'suse,opensuse' equivalence handling. Enhance API and testcases. (bsc#1174918) - Update docs regarding 'opensuse' namepace matching. - Link against libzstd to close libsolvs open references (as we link statically) yaml-cpp: - The libyaml-cpp0_6 library package is added the to the Basesystem module, LTSS and ESPOS channels, and the INSTALLER channels, as a new libzypp dependency. No source changes were done to yaml-cpp. zypper was updated to 1.14.40: - info: Assume descriptions starting with '

' are richtext (bsc#935885) - help: prevent 'whatis' from writing to stderr (bsc#1176712) - wp: point out that command is aliased to a search command and searches case-insensitive (jsc#SLE-16271) libsolv was updated to 0.7.15 to fix: - make testcase_mangle_repo_names deal correctly with freed repos [bsc#1177238] - fix deduceq2addedmap clearing bits outside of the map - conda: feature depriorization first - conda: fix startswith implementation - move find_update_seeds() call in cleandeps calculation - set SOLVABLE_BUILDHOST in rpm and rpmmd parsers - new testcase_mangle_repo_names() function - new solv_fmemopen() function ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3264-1 Released: Tue Nov 10 09:50:29 2020 Summary: Security update for zeromq Type: security Severity: moderate References: 1176116,1176256,1176257,1176258,1176259,CVE-2020-15166 This update for zeromq fixes the following issues: - CVE-2020-15166: Fixed the possibility of unauthenticated clients causing a denial-of-service (bsc#1176116). - Fixed a heap overflow when receiving malformed ZMTP v1 packets (bsc#1176256) - Fixed a memory leak in client induced by malicious server(s) without CURVE/ZAP (bsc#1176257) - Fixed memory leak when processing PUB messages with metadata (bsc#1176259) - Fixed a stack overflow in PUB/XPUB subscription store (bsc#1176258) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3269-1 Released: Tue Nov 10 15:57:24 2020 Summary: Security update for python-waitress Type: security Severity: moderate References: 1160790,1161088,1161089,1161670,CVE-2019-16785,CVE-2019-16786,CVE-2019-16789,CVE-2019-16792 This update for python-waitress to 1.4.3 fixes the following security issues: - CVE-2019-16785: HTTP request smuggling through LF vs CRLF handling (bsc#1161088). - CVE-2019-16786: HTTP request smuggling through invalid Transfer-Encoding (bsc#1161089). - CVE-2019-16789: HTTP request smuggling through invalid whitespace characters (bsc#1160790). - CVE-2019-16792: HTTP request smuggling by sending the Content-Length header twice (bsc#1161670). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3285-1 Released: Wed Nov 11 11:22:14 2020 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1174918,1176192,1176435,1176712,1176740,1176902,1177238,935885 This update for libsolv, libzypp, zypper fixes the following issues: libzypp was updated to version 17.25.1: - Fix bsc#1176902: When kernel-rt has been installed, the purge-kernels service fails during boot. - Use package name provides as group key in purge-kernel (bsc#1176740 bsc#1176192) kernel-default-base has new packaging, where the kernel uname -r does not reflect the full package version anymore. This patch adds additional logic to use the most generic/shortest edition each package provides with %{packagename}= to group the kernel packages instead of the rpm versions. This also changes how the keep-spec for specific versions is applied, instead of matching the package versions, each of the package name provides will be matched. - RepoInfo: Return the type of the local metadata cache as fallback (bsc#1176435) - VendorAttr: Fix broken 'suse,opensuse' equivalence handling. Enhance API and testcases. (bsc#1174918) - Update docs regarding 'opensuse' namepace matching. - New solver testcase format. - Link against libzsd to close libsolvs open references (as we link statically) zypper was updated to version 1.14.40. - info: Assume descriptions starting with '

' are richtext (bsc#935885) - Use new testcase API in libzypp. - BuildRequires: libzypp-devel >= 17.25.0. - help: prevent 'whatis' from writing to stderr (bsc#1176712) - wp: point out that command is aliased to a search command and searches case-insensitive (jsc#SLE-16271) libsolv was updated to version 0.7.16: - do not ask the namespace callback for splitprovides when writing a testcase - fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes - improve choicerule generation so that package updates are prefered in more cases - make testcase_mangle_repo_names deal correctly with freed repos [bsc#1177238] - fix deduceq2addedmap clearing bits outside of the map - conda: feature depriorization first - conda: fix startswith implementation - move find_update_seeds() call in cleandeps calculation - set SOLVABLE_BUILDHOST in rpm and rpmmd parsers - new testcase_mangle_repo_names() function - new solv_fmemopen() function ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3289-1 Released: Wed Nov 11 12:25:19 2020 Summary: Recommended update for python-cheroot Type: recommended Severity: moderate References: 1176988 This update for python-cheroot fixes the following issue: - Ignore OpenSSL's 1.1+ Error 0 under any Python while wrapping a socket. (bsc#1176988) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3290-1 Released: Wed Nov 11 12:25:32 2020 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1174232 This update for findutils fixes the following issues: - Do not unconditionally use leaf optimization for NFS. (bsc#1174232) NFS st_nlink are not accurate on all implementations, leading to aborts() if that assumption is made. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3313-1 Released: Thu Nov 12 16:07:37 2020 Summary: Security update for openldap2 Type: security Severity: important References: 1178387,CVE-2020-25692 This update for openldap2 fixes the following issues: - CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules (bsc#1178387). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3377-1 Released: Thu Nov 19 09:29:32 2020 Summary: Security update for krb5 Type: security Severity: moderate References: 1178512,CVE-2020-28196 This update for krb5 fixes the following security issue: - CVE-2020-28196: Fixed an unbounded recursion via an ASN.1-encoded Kerberos message (bsc#1178512). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3381-1 Released: Thu Nov 19 10:53:38 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1177458,1177490,1177510 This update for systemd fixes the following issues: - build-sys: optionally disable support of journal over the network (bsc#1177458) - ask-password: prevent buffer overflow when reading from keyring (bsc#1177510) - mount: don't propagate errors from mount_setup_unit() further up - Rely on the new build option --disable-remote for journal_remote This allows to drop the workaround that consisted in cleaning journal-upload files and {sysusers.d,tmpfiles.d}/systemd-remote.conf manually when 'journal_remote' support was disabled. - Move journal-{remote,upload}.conf.5.gz man pages into systemd-journal_remote sub package - Make sure {sysusers.d,tmpfiles.d}/systemd-remote.conf are not shipped with --without=journal_remote (bsc#1177458) These files were incorrectly packaged in the main package when systemd-journal_remote was disabled. - Make use of %{_unitdir} and %{_sysusersdir} - Remove mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3462-1 Released: Fri Nov 20 13:14:35 2020 Summary: Recommended update for pam and sudo Type: recommended Severity: moderate References: 1174593,1177858,1178727 This update for pam and sudo fixes the following issue: pam: - pam_xauth: do not *free* a string which has been successfully passed to *putenv*. (bsc#1177858) - Initialize the local variable *daysleft* to avoid a misleading warning for password expire days. (bsc#1178727) - Run /usr/bin/xauth using the old user's and group's identifiers. (bsc#1174593) sudo: - Fix a problem with pam_xauth which checks effective and real uids to get the real identity of the user. (bsc#1174593) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3485-1 Released: Mon Nov 23 13:10:36 2020 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1123327,1173503,1175110,998893 This update for lvm2 fixes the following issues: - Fixed an issue when the hot spares in LVM not added automatically. (bsc#1175110) - Fixed an issue when lvm produces a large number of luns with error message 'Too many open files'. (bsc#1173503) - Fixes an issue when LVM initialization failed during reboot. (bsc#998893) - Fixed a misplaced parameter in the lvm configuration. (bsc#1123327) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3546-1 Released: Fri Nov 27 11:21:09 2020 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1172695 This update for gnutls fixes the following issue: - Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3560-1 Released: Mon Nov 30 12:21:34 2020 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1158499,1160158,1161198,1161203,1163569,1165281,1165534,1166848,1175847,1177479 This update for openssl-1_1 fixes the following issues: This update backports various bugfixes for FIPS: - Restore private key check in EC_KEY_check_key [bsc#1177479] - Add shared secret KAT to FIPS DH selftest [bsc#1175847] - Include ECDH/DH Requirements from SP800-56Arev3 [bsc#1175847] - Fix locking issue uncovered by python testsuite (bsc#1166848) - Fix the sequence of locking operations in FIPS mode [bsc#1165534] - Fix deadlock in FIPS rand code (bsc#1165281) - Fix wrong return values of FIPS DSA and ECDH selftests (bsc#1163569) - Fix FIPS DRBG without derivation function (bsc#1161198) - Allow md5_sha1 in FIPS mode to enable TLS 1.0 (bsc#1161203) - Obsolete libopenssl-1_0_0-hmac for a clean upgrade from SLE-12 (bsc#1158499) - Restore the EVP_PBE_scrypt() behavior from before the KDF patch by treating salt=NULL as salt='' (bsc#1160158) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3566-1 Released: Mon Nov 30 16:56:52 2020 Summary: Security update for python-setuptools Type: security Severity: important References: 1176262,CVE-2019-20916 This update for python-setuptools fixes the following issues: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3572-1 Released: Mon Nov 30 18:12:34 2020 Summary: Recommended update for lvm2 Type: recommended Severity: important References: 1177533 This update for lvm2 fixes the following issues: - Fixed an issue where /boot logical volume was accidentally unmounted (bsc#1177533) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3579-1 Released: Tue Dec 1 14:24:31 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: - Add support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3581-1 Released: Tue Dec 1 14:40:22 2020 Summary: Recommended update for libusb-1_0 Type: recommended Severity: moderate References: 1178376 This update for libusb-1_0 fixes the following issues: - Fixes a build failure for libusb for the inclusion of 'sys/time.h' on PowerPC. (bsc#1178376) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3593-1 Released: Wed Dec 2 10:33:49 2020 Summary: Security update for python3 Type: security Severity: important References: 1176262,1179193,CVE-2019-20916 This update for python3 fixes the following issues: Update to 3.6.12 (bsc#1179193), including: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3620-1 Released: Thu Dec 3 17:03:55 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issues: - Check if the password is part of the username. (jsc#SLE-16719, jsc#SLE-16720) - Check whether the password contains a substring of of the user's name of at least `` characters length in some form. This is enabled by the new parameter `usersubstr=` ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3640-1 Released: Mon Dec 7 13:24:41 2020 Summary: Recommended update for binutils Type: recommended Severity: important References: 1179036,1179341 This update for binutils fixes the following issues: Update binutils 2.35 branch to commit 1c5243df: * Fixes PR26520, aka [bsc#1179036], a problem in addr2line with certain DWARF variable descriptions. * Also fixes PR26711, PR26656, PR26655, PR26929, PR26808, PR25878, PR26740, PR26778, PR26763, PR26685, PR26699, PR26902, PR26869, PR26711 * The above includes fixes for dwo files produced by modern dwp, fixing several problems in the DWARF reader. Update binutils to 2.35.1 and rebased branch diff: * This is a point release over the previous 2.35 version, containing bug fixes, and as an exception to the usual rule, one new feature. The new feature is the support for a new directive in the assembler: '.nop'. This directive creates a single no-op instruction in whatever encoding is correct for the target architecture. Unlike the .space or .fill this is a real instruction, and it does affect the generation of DWARF line number tables, should they be enabled. This fixes an incompatibility introduced in the latest update that broke the install scripts of the Oracle server. [bsc#1179341] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3703-1 Released: Mon Dec 7 20:17:32 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1179431 This update for aaa_base fixes the following issue: - Avoid semicolon within (t)csh login script on S/390. (bsc#1179431) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3720-1 Released: Wed Dec 9 13:36:26 2020 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1179491,CVE-2020-1971 This update for openssl-1_1 fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3723-1 Released: Wed Dec 9 13:37:55 2020 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1177120,CVE-2020-26137 This update for python-urllib3 fixes the following issues: - CVE-2020-26137: Fixed a CRLF injection via HTTP request method (bsc#1177120). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3733-1 Released: Wed Dec 9 18:18:35 2020 Summary: Security update for curl Type: security Severity: moderate References: 1179398,1179399,1179593,CVE-2020-8284,CVE-2020-8285,CVE-2020-8286 This update for curl fixes the following issues: - CVE-2020-8286: Fixed improper OSCP verification in the client side (bsc#1179593). - CVE-2020-8285: Fixed a stack overflow due to FTP wildcard (bsc#1179399). - CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP (bsc#1179398). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3749-1 Released: Thu Dec 10 14:39:28 2020 Summary: Security update for gcc7 Type: security Severity: moderate References: 1150164,1161913,1167939,1172798,1178577,1178614,1178624,1178675,CVE-2020-13844 This update for gcc7 fixes the following issues: - CVE-2020-13844: Added mitigation for aarch64 Straight Line Speculation issue (bsc#1172798) - Enable fortran for the nvptx offload compiler. - Update README.First-for.SuSE.packagers - avoid assembler errors with AVX512 gather and scatter instructions when using -masm=intel. - Backport the aarch64 -moutline-atomics feature and accumulated fixes but not its default enabling. [jsc#SLE-12209, bsc#1167939] - Fixed 32bit libgnat.so link. [bsc#1178675] - Fixed memcpy miscompilation on aarch64. [bsc#1178624, bsc#1178577] - Fixed debug line info for try/catch. [bsc#1178614] - Remove -mbranch-protection=standard (aarch64 flag) when gcc7 is used to build gcc7 (ie when ada is enabled) - Fixed corruption of pass private ->aux via DF. [gcc#94148] - Fixed debug information issue with inlined functions and passed by reference arguments. [gcc#93888] - Fixed binutils release date detection issue. - Fixed register allocation issue with exception handling code on s390x. [bsc#1161913] - Fixed miscompilation of some atomic code on aarch64. [bsc#1150164] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3792-1 Released: Mon Dec 14 17:39:24 2020 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1145276 This update for gzip fixes the following issues: Update from version 1.9 to version 1.10 (jsc#ECO-2217, jsc#SLE-12974) - Enable `DFLTCC` (Deflate Conversion Call) compression for s390x for levels 1-6 to `CFLAGS`. (jsc#SLE-13775) Enable by adding `-DDFLTCC_LEVEL_MASK=0x7e` to `CFLAGS`. - Fix three data corruption issues. (bsc#1145276, jsc#SLE-5818, jsc#SLE-8914) - Add support for `DFLTCC` (hardware-accelerated deflation) for s390x arch. (jsc#SLE-5818, jsc#SLE-8914) Enable it using the `--enable-dfltcc` option. - Compressed gzip output no longer contains the current time as a timestamp when the input is not a regular file. Instead, the output contains a `null` (zero) timestamp. This makes gzip's behavior more reproducible when used as part of a pipeline. - A use of uninitialized memory on some malformed inputs has been fixed. - A few theoretical race conditions in signal handlers have been fixed. - Update gnulib for `libio.h` removal. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3921-1 Released: Tue Dec 22 15:19:17 2020 Summary: Recommended update for libpwquality Type: recommended Severity: low References: This update for libpwquality fixes the following issues: - Implement alignment with 'pam_cracklib'. (jsc#SLE-16720) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3930-1 Released: Wed Dec 23 18:19:39 2020 Summary: Security update for python3 Type: security Severity: important References: 1155094,1174091,1174571,1174701,1177211,1178009,1179193,1179630,CVE-2019-16935,CVE-2019-18348,CVE-2019-20907,CVE-2019-5010,CVE-2020-14422,CVE-2020-26116,CVE-2020-27619,CVE-2020-8492 This update for python3 fixes the following issues: - Fixed CVE-2020-27619 (bsc#1178009), where Lib/test/multibytecodec_support calls eval() on content retrieved via HTTP. - Change setuptools and pip version numbers according to new wheels - Handful of changes to make python36 compatible with SLE15 and SLE12 (jsc#ECO-2799, jsc#SLE-13738) - add triplets for mips-r6 and riscv - RISC-V needs CTYPES_PASS_BY_REF_HACK Update to 3.6.12 (bsc#1179193) * Ensure python3.dll is loaded from correct locations when Python is embedded * The __hash__() methods of ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 respectively. This resulted in always causing hash collisions. The fix uses hash() to generate hash values for the tuple of (address, mask length, network address). * Prevent http header injection by rejecting control characters in http.client.putrequest(???). * Unpickling invalid NEWOBJ_EX opcode with the C implementation raises now UnpicklingError instead of crashing. * Avoid infinite loop when reading specially crafted TAR files using the tarfile module - This release also fixes CVE-2020-26116 (bsc#1177211) and CVE-2019-20907 (bsc#1174091). Update to 3.6.11: - Disallow CR or LF in email.headerregistry. Address arguments to guard against header injection attacks. - Disallow control characters in hostnames in http.client, addressing CVE-2019-18348. Such potentially malicious header injection URLs now cause a InvalidURL to be raised. (bsc#1155094) - CVE-2020-8492: The AbstractBasicAuthHandler class of the urllib.request module uses an inefficient regular expression which can be exploited by an attacker to cause a denial of service. Fix the regex to prevent the catastrophic backtracking. Vulnerability reported by Ben Caller and Matt Schwager. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3946-1 Released: Tue Dec 29 17:39:54 2020 Summary: Recommended update for python3 Type: recommended Severity: important References: 1180377 This update for python3 fixes the following issues: - A previous update inadvertently removed the 'PyFPE_jbuf' symbol from Python3, which caused regressions in several applications. (bsc#1180377) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:24-1 Released: Tue Jan 5 11:02:26 2021 Summary: Security update for ceph Type: security Severity: moderate References: 1169134,1170487,1172546,1174591,1175061,1175240,1175585,1175781,1177843,1178837,1179139,1179452,1179802,1180118,1180155,CVE-2020-25660,CVE-2020-27781 This update for ceph fixes the following issues: - CVE-2020-25660: Bring back CEPHX_V2 authorizer challenges (bsc#1177843). - CVE-2020-27781: Fixed a privilege escalation via the ceph_volume_client Python interface (bsc#1179802 bsc#1180155). - Fixes an issue when check in legacy collection reaches end. (bsc#1179139) - Fixes an issue when storage service stops. (bsc#1178837) - Fix for failing test run due to missing module 'six'. (bsc#1179452) - Documented Prometheus' security model (bsc#1169134) - monclient: Fixed an issue where executing several ceph commands in a short amount of time led to a segmentation fault (bsc#1170487) - Fixed an issue, where it was not possible to edit an iSCSI logged-in client (bsc#1174591) - Fixed an issue, where OSDs could not get started after they failed (bsc#1175061) - Fixed an issue with the restful module, where it aborted on execution for POST calls (bsc#1175240) - Fixed a many-to-many issue in host-details Grafana dashboard (bsc#1175585) - Fixed collection_list ordering in os/bluestore (bsc#1172546) - Fixed help output of lvmcache (bsc#1175781) - Provide a different name for the fallback allocator in bluestore. (bsc#1180118) From sle-updates at lists.suse.com Fri Jan 8 07:16:21 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 8 Jan 2021 15:16:21 +0100 (CET) Subject: SUSE-RU-2021:0046-1: moderate: Recommended update for gnu-compilers-hpc Message-ID: <20210108141621.745C7FEDA@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnu-compilers-hpc ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0046-1 Rating: moderate References: #1174439 Affected Products: SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gnu-compilers-hpc fixes the following issues: - Add build support for gcc10 to HPC build. (bsc#1174439) - Fix version parsing for gcc10 and up. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-46=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-46=1 Package List: - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): gnu-compilers-hpc-1.4-5.9.8 gnu-compilers-hpc-devel-1.4-5.9.8 gnu-compilers-hpc-macros-devel-1.4-5.9.8 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): gnu-compilers-hpc-1.4-5.9.8 gnu-compilers-hpc-devel-1.4-5.9.8 gnu-compilers-hpc-macros-devel-1.4-5.9.8 References: https://bugzilla.suse.com/1174439 From sle-updates at lists.suse.com Fri Jan 8 07:21:31 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 8 Jan 2021 15:21:31 +0100 (CET) Subject: SUSE-CU-2021:20-1: Security update of suse/sle15 Message-ID: <20210108142131.BE773FEDA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:20-1 Container Tags : suse/sle15:15.3 , suse/sle15:15.3.13.2.50 Container Release : 13.2.50 Severity : important Type : security References : 1084671 1169006 1174942 1175514 1175623 1178346 1178554 1178823 1178825 1179398 1179399 1179491 1179593 1180138 CVE-2020-1971 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3721-1 Released: Wed Dec 9 13:36:46 2020 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1179491,CVE-2020-1971 This update for openssl-1_1 fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3735-1 Released: Wed Dec 9 18:19:24 2020 Summary: Security update for curl Type: security Severity: moderate References: 1179398,1179399,1179593,CVE-2020-8284,CVE-2020-8285,CVE-2020-8286 This update for curl fixes the following issues: - CVE-2020-8286: Fixed improper OSCP verification in the client side (bsc#1179593). - CVE-2020-8285: Fixed a stack overflow due to FTP wildcard (bsc#1179399). - CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP (bsc#1179398). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. From sle-updates at lists.suse.com Fri Jan 8 10:16:13 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 8 Jan 2021 18:16:13 +0100 (CET) Subject: SUSE-RU-2021:0049-1: moderate: Recommended update for yast2-cluster Message-ID: <20210108171613.40C44FEDA@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-cluster ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0049-1 Rating: moderate References: #1180424 Affected Products: SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-cluster fixes the following issues: - Add watchdog config to the default list. (bsc#1180424) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2021-49=1 Package List: - SUSE Linux Enterprise High Availability 12-SP4 (noarch): yast2-cluster-3.4.2-3.6.1 References: https://bugzilla.suse.com/1180424 From sle-updates at lists.suse.com Fri Jan 8 10:18:07 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 8 Jan 2021 18:18:07 +0100 (CET) Subject: SUSE-SU-2021:0048-1: moderate: Security update for python-defusedxml, python-freezegun, python-pkgconfig, python-python3-saml, python-xmlsec Message-ID: <20210108171807.13E98FEDA@maintenance.suse.de> SUSE Security Update: Security update for python-defusedxml, python-freezegun, python-pkgconfig, python-python3-saml, python-xmlsec ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0048-1 Rating: moderate References: #1019074 #1041090 #1177200 Cross-References: CVE-2017-11427 Affected Products: SUSE Enterprise Storage 6 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for python-defusedxml, python-freezegun, python-pkgconfig, python-python3-saml, python-xmlsec fixes the following issues: - Update to 0.6.0 - Increase test coverage. - Add badges to README. - Test on Python 3.7 stable and 3.8-dev - Drop support for Python 3.4 - No longer pass *html* argument to XMLParse. It has been deprecated and ignored for a long time. The DefusedXMLParser still takes a html argument. A deprecation warning is issued when the argument is False and a TypeError when it's True. - defusedxml now fails early when pyexpat stdlib module is not available or broken. - defusedxml.ElementTree.__all__ now lists ParseError as public attribute. - The defusedxml.ElementTree and defusedxml.cElementTree modules had a typo and used XMLParse instead of XMLParser as an alias for DefusedXMLParser. Both the old and fixed name are now available. - Remove superfluous devel dependency for noarch package - Update to 5.0 * Add compatibility with Python 3.6 * Drop support for Python 2.6, 3.1, 3.2, 3.3 * Fix lxml tests (XMLSyntaxError: Detected an entity reference loop) - Implement single-spec version. - Dummy changelog for bsc#1019074, FATE#322329 - Add dependency on the full python (which is not pulled by setuptools anymore). Use %{pythons} macro now. (bsc#1177200) - Upgrade to 0.3.12: * Refactor classes to functions * Ignore Selenium * Move to pytest * Conditionally patch time.clock (removed in 3.8) * Patch time.time_ns added in Python 3.7 - Do not require python2 module for building python3 module - Update to 0.3.11: * Performance improvements * Fix nesting time.time * Add nanosecond property - Remove superfluous devel dependency for noarch package - Add remove_dependency_on_mock.patch which removes dependency on python-mock for Python 3, where it is not required. - update to 0.3.10 * Performance improvements * Coroutine support - update to version 0.3.9 * If no time to be frozen, use current time * Fix uuid1 issues * Add support for python 3.6 update to version 0.3.8 * Improved unpatching when importing modules after freeze_time start() * Add manual increment via tick method * Fix bug with time.localtime not being reset. Closes #112. * Fix test to work when current timezone is GMT-14 or GMT+14. * Fixed #162 - allow decorating old-style classes. * Add support to PyMySQL * Assume the default time to freeze is "now". * Register fake types in PyMySQL conversions * Ignore threading and Queue modules. Closes #129. * Lock down coverage version since new coverage doesnt support py3.2 * Fix or py3 astimezone and not passing tz. Closes #138. * Add note about deafult arguments. Closes #140. * Add license info. Closes #120. - Update to 0.3.5 * No upstream changelog - Remove unneeded freeze_hideDeps.patch - Use download Url as source - Use tarball provided by pypi - update to 1.5.1 * Use poetry instead of setuptools directly * Fix #42: raise exception if package is missing * Fix version parsing for openssl-like version numbers, fixes #32 * Add boolean static keyword to output private libraries as well * Raise original OSError as well - Add missing test dependency pkgconfig Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-48=1 Package List: - SUSE Enterprise Storage 6 (aarch64 x86_64): python3-xmlsec-1.3.6-1.5.1 python3-xmlsec-debuginfo-1.3.6-1.5.1 - SUSE Enterprise Storage 6 (noarch): python3-defusedxml-0.6.0-1.5.1 python3-freezegun-0.3.12-1.5.1 python3-isodate-0.6.0-1.3.2 python3-pkgconfig-1.5.1-1.5.1 python3-python3-saml-1.9.0-1.5.2 References: https://www.suse.com/security/cve/CVE-2017-11427.html https://bugzilla.suse.com/1019074 https://bugzilla.suse.com/1041090 https://bugzilla.suse.com/1177200 From sle-updates at lists.suse.com Fri Jan 8 13:17:28 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 8 Jan 2021 21:17:28 +0100 (CET) Subject: SUSE-RU-2021:0051-1: moderate: Recommended update for yast2-cluster Message-ID: <20210108201728.BDB64FEDA@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-cluster ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0051-1 Rating: moderate References: #1180424 Affected Products: SUSE Linux Enterprise High Availability 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-cluster fixes the following issues: - Add watchdog config to the default list. (bsc#1180424) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2021-51=1 Package List: - SUSE Linux Enterprise High Availability 12-SP5 (noarch): yast2-cluster-3.4.2-3.3.1 References: https://bugzilla.suse.com/1180424 From sle-updates at lists.suse.com Fri Jan 8 13:18:27 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 8 Jan 2021 21:18:27 +0100 (CET) Subject: SUSE-RU-2021:0050-1: moderate: Recommended update for yast2-cluster Message-ID: <20210108201827.1F054FEDA@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-cluster ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0050-1 Rating: moderate References: #1180424 Affected Products: SUSE Linux Enterprise High Availability 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-cluster fixes the following issues: - Add watchdog config to the default list. (bsc#1180424) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2021-50=1 Package List: - SUSE Linux Enterprise High Availability 12-SP3 (noarch): yast2-cluster-3.4.2-2.12.1 References: https://bugzilla.suse.com/1180424 From sle-updates at lists.suse.com Fri Jan 8 19:16:18 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 9 Jan 2021 03:16:18 +0100 (CET) Subject: SUSE-RU-2021:0052-1: Recommended update for protobuf Message-ID: <20210109021618.A89D0FEDA@maintenance.suse.de> SUSE Recommended Update: Recommended update for protobuf ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0052-1 Rating: low References: #957472 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for protobuf fixes the following issues: - Disable google-apputils usage. They are only used for the testsuite. (bsc#957472) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-52=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libprotobuf-lite9-2.6.1-7.3.16 libprotobuf-lite9-debuginfo-2.6.1-7.3.16 libprotobuf9-2.6.1-7.3.16 libprotobuf9-debuginfo-2.6.1-7.3.16 libprotoc9-2.6.1-7.3.16 libprotoc9-debuginfo-2.6.1-7.3.16 protobuf-debugsource-2.6.1-7.3.16 protobuf-devel-2.6.1-7.3.16 protobuf-devel-debuginfo-2.6.1-7.3.16 References: https://bugzilla.suse.com/957472 From sle-updates at lists.suse.com Sat Jan 9 13:16:15 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 9 Jan 2021 21:16:15 +0100 (CET) Subject: SUSE-RU-2021:0013-1: moderate: Initial shipment of the sles-ltss-release, SLE_HPC-ESPOS-release, SLE_HPC-LTSS-release packages Message-ID: <20210109201615.EA945FF0B@maintenance.suse.de> SUSE Recommended Update: Initial shipment of the sles-ltss-release, SLE_HPC-ESPOS-release, SLE_HPC-LTSS-release packages ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0013-1 Rating: moderate References: #1179801 Affected Products: SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This patch ships: - The sles-ltss-release package to SUSE Linux Enterprise Server 15 SP1 customers, - The SLE_HPC-ESPOS-release package for SUSE HPC 15 SP1 ESPOS customers, - The SLE_HPC-LTSS-release package for SUSE HPC 15 SP1 LTSS customers. (bnc#1179801) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-13=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-13=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-13=1 Package List: - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): sles-ltss-release-15.1-4.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): SLE_HPC-LTSS-release-15.1-4.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): SLE_HPC-ESPOS-release-15.1-4.3.1 References: https://bugzilla.suse.com/1179801 From sle-updates at lists.suse.com Mon Jan 11 10:16:48 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Jan 2021 18:16:48 +0100 (CET) Subject: SUSE-RU-2021:0066-1: moderate: Recommended update for yast2-cluster Message-ID: <20210111171648.39C0BFEDA@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-cluster ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0066-1 Rating: moderate References: #1120815 #1151687 #1180424 Affected Products: SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for yast2-cluster fixes the following issues: - Add watchdog config to the default list. (bsc#1180424) - Update the open ports to support pacemaker-remote, booth, corosync-qnetd. (bsc#1151687) - Support use hostname in ring address. (bsc#1120815) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2021-66=1 Package List: - SUSE Linux Enterprise High Availability 15-SP1 (noarch): yast2-cluster-4.1.7-3.9.1 References: https://bugzilla.suse.com/1120815 https://bugzilla.suse.com/1151687 https://bugzilla.suse.com/1180424 From sle-updates at lists.suse.com Mon Jan 11 10:18:02 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Jan 2021 18:18:02 +0100 (CET) Subject: SUSE-SU-2021:0061-1: moderate: Security update for nodejs14 Message-ID: <20210111171802.10010F3D7@maintenance.suse.de> SUSE Security Update: Security update for nodejs14 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0061-1 Rating: moderate References: #1178882 #1180553 #1180554 Cross-References: CVE-2020-8265 CVE-2020-8277 CVE-2020-8287 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15-SP2 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for nodejs14 fixes the following issues: - New upstream LTS version 14.15.4: * CVE-2020-8265: use-after-free in TLSWrap (High) bug in TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits (bsc#1180553) * CVE-2020-8287: HTTP Request Smuggling allow two copies of a header field in a http request. For example, two Transfer-Encoding header fields. In this case Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling (https://cwe.mitre.org/data/definitions/444.html). (bsc#1180554) - New upstream LTS version 14.15.3: * deps: + upgrade npm to 6.14.9 + update acorn to v8.0.4 * http2: check write not scheduled in scope destructor * stream: fix regression on duplex end - New upstream LTS version 14.15.1: * deps: Denial of Service through DNS request (High). A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service by getting the application to resolve a DNS record with a larger number of responses (bsc#1178882, CVE-2020-8277) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP2: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP2-2021-61=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP2 (aarch64 ppc64le s390x x86_64): nodejs14-14.15.4-5.6.1 nodejs14-debuginfo-14.15.4-5.6.1 nodejs14-debugsource-14.15.4-5.6.1 nodejs14-devel-14.15.4-5.6.1 npm14-14.15.4-5.6.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP2 (noarch): nodejs14-docs-14.15.4-5.6.1 References: https://www.suse.com/security/cve/CVE-2020-8265.html https://www.suse.com/security/cve/CVE-2020-8277.html https://www.suse.com/security/cve/CVE-2020-8287.html https://bugzilla.suse.com/1178882 https://bugzilla.suse.com/1180553 https://bugzilla.suse.com/1180554 From sle-updates at lists.suse.com Mon Jan 11 10:19:19 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Jan 2021 18:19:19 +0100 (CET) Subject: SUSE-RU-2021:0058-1: moderate: Recommended update for ceph Message-ID: <20210111171919.08606FEDA@maintenance.suse.de> SUSE Recommended Update: Recommended update for ceph ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0058-1 Rating: moderate References: #1180509 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ceph fixes the following issues: ceph was updated to version 12.2.13-706-gff66d09906: + rgw: Replace COMPLETE_MULTIPART_MAX_LEN with configurable rgw_max_put_param_size (bsc#1180509) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-58=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-58=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-58=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-58=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-58=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-58=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-58=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-58=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-58=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-58=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-58=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2021-58=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-58=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): ceph-common-12.2.13+git.1609861337.ff66d09906-2.56.1 ceph-common-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 ceph-debugsource-12.2.13+git.1609861337.ff66d09906-2.56.1 libcephfs2-12.2.13+git.1609861337.ff66d09906-2.56.1 libcephfs2-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 librados2-12.2.13+git.1609861337.ff66d09906-2.56.1 librados2-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 libradosstriper1-12.2.13+git.1609861337.ff66d09906-2.56.1 libradosstriper1-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 librbd1-12.2.13+git.1609861337.ff66d09906-2.56.1 librbd1-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 librgw2-12.2.13+git.1609861337.ff66d09906-2.56.1 librgw2-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 python-cephfs-12.2.13+git.1609861337.ff66d09906-2.56.1 python-cephfs-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rados-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rados-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rbd-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rbd-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rgw-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rgw-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): ceph-common-12.2.13+git.1609861337.ff66d09906-2.56.1 ceph-common-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 ceph-debugsource-12.2.13+git.1609861337.ff66d09906-2.56.1 libcephfs2-12.2.13+git.1609861337.ff66d09906-2.56.1 libcephfs2-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 librados2-12.2.13+git.1609861337.ff66d09906-2.56.1 librados2-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 libradosstriper1-12.2.13+git.1609861337.ff66d09906-2.56.1 libradosstriper1-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 librbd1-12.2.13+git.1609861337.ff66d09906-2.56.1 librbd1-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 librgw2-12.2.13+git.1609861337.ff66d09906-2.56.1 librgw2-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 python-cephfs-12.2.13+git.1609861337.ff66d09906-2.56.1 python-cephfs-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rados-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rados-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rbd-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rbd-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rgw-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rgw-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 - SUSE OpenStack Cloud 9 (x86_64): ceph-common-12.2.13+git.1609861337.ff66d09906-2.56.1 ceph-common-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 ceph-debugsource-12.2.13+git.1609861337.ff66d09906-2.56.1 libcephfs2-12.2.13+git.1609861337.ff66d09906-2.56.1 libcephfs2-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 librados2-12.2.13+git.1609861337.ff66d09906-2.56.1 librados2-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 libradosstriper1-12.2.13+git.1609861337.ff66d09906-2.56.1 libradosstriper1-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 librbd1-12.2.13+git.1609861337.ff66d09906-2.56.1 librbd1-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 librgw2-12.2.13+git.1609861337.ff66d09906-2.56.1 librgw2-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 python-cephfs-12.2.13+git.1609861337.ff66d09906-2.56.1 python-cephfs-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rados-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rados-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rbd-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rbd-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rgw-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rgw-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 - SUSE OpenStack Cloud 8 (x86_64): ceph-common-12.2.13+git.1609861337.ff66d09906-2.56.1 ceph-common-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 ceph-debugsource-12.2.13+git.1609861337.ff66d09906-2.56.1 libcephfs2-12.2.13+git.1609861337.ff66d09906-2.56.1 libcephfs2-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 librados2-12.2.13+git.1609861337.ff66d09906-2.56.1 librados2-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 libradosstriper1-12.2.13+git.1609861337.ff66d09906-2.56.1 libradosstriper1-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 librbd1-12.2.13+git.1609861337.ff66d09906-2.56.1 librbd1-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 librgw2-12.2.13+git.1609861337.ff66d09906-2.56.1 librgw2-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 python-cephfs-12.2.13+git.1609861337.ff66d09906-2.56.1 python-cephfs-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rados-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rados-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rbd-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rbd-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rgw-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rgw-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): ceph-debugsource-12.2.13+git.1609861337.ff66d09906-2.56.1 libcephfs-devel-12.2.13+git.1609861337.ff66d09906-2.56.1 librados-devel-12.2.13+git.1609861337.ff66d09906-2.56.1 librados-devel-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 librbd-devel-12.2.13+git.1609861337.ff66d09906-2.56.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): ceph-common-12.2.13+git.1609861337.ff66d09906-2.56.1 ceph-common-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 ceph-debugsource-12.2.13+git.1609861337.ff66d09906-2.56.1 libcephfs2-12.2.13+git.1609861337.ff66d09906-2.56.1 libcephfs2-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 librados2-12.2.13+git.1609861337.ff66d09906-2.56.1 librados2-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 libradosstriper1-12.2.13+git.1609861337.ff66d09906-2.56.1 libradosstriper1-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 librbd1-12.2.13+git.1609861337.ff66d09906-2.56.1 librbd1-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 librgw2-12.2.13+git.1609861337.ff66d09906-2.56.1 librgw2-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 python-cephfs-12.2.13+git.1609861337.ff66d09906-2.56.1 python-cephfs-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rados-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rados-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rbd-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rbd-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rgw-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rgw-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): ceph-common-12.2.13+git.1609861337.ff66d09906-2.56.1 ceph-common-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 ceph-debugsource-12.2.13+git.1609861337.ff66d09906-2.56.1 libcephfs2-12.2.13+git.1609861337.ff66d09906-2.56.1 libcephfs2-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 librados2-12.2.13+git.1609861337.ff66d09906-2.56.1 librados2-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 libradosstriper1-12.2.13+git.1609861337.ff66d09906-2.56.1 libradosstriper1-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 librbd1-12.2.13+git.1609861337.ff66d09906-2.56.1 librbd1-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 librgw2-12.2.13+git.1609861337.ff66d09906-2.56.1 librgw2-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 python-cephfs-12.2.13+git.1609861337.ff66d09906-2.56.1 python-cephfs-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rados-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rados-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rbd-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rbd-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rgw-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rgw-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): ceph-common-12.2.13+git.1609861337.ff66d09906-2.56.1 ceph-common-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 ceph-debugsource-12.2.13+git.1609861337.ff66d09906-2.56.1 libcephfs2-12.2.13+git.1609861337.ff66d09906-2.56.1 libcephfs2-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 librados2-12.2.13+git.1609861337.ff66d09906-2.56.1 librados2-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 libradosstriper1-12.2.13+git.1609861337.ff66d09906-2.56.1 libradosstriper1-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 librbd1-12.2.13+git.1609861337.ff66d09906-2.56.1 librbd1-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 librgw2-12.2.13+git.1609861337.ff66d09906-2.56.1 librgw2-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 python-cephfs-12.2.13+git.1609861337.ff66d09906-2.56.1 python-cephfs-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rados-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rados-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rbd-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rbd-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rgw-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rgw-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): ceph-common-12.2.13+git.1609861337.ff66d09906-2.56.1 ceph-common-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 ceph-debugsource-12.2.13+git.1609861337.ff66d09906-2.56.1 libcephfs2-12.2.13+git.1609861337.ff66d09906-2.56.1 libcephfs2-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 librados2-12.2.13+git.1609861337.ff66d09906-2.56.1 librados2-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 libradosstriper1-12.2.13+git.1609861337.ff66d09906-2.56.1 libradosstriper1-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 librbd1-12.2.13+git.1609861337.ff66d09906-2.56.1 librbd1-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 librgw2-12.2.13+git.1609861337.ff66d09906-2.56.1 librgw2-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 python-cephfs-12.2.13+git.1609861337.ff66d09906-2.56.1 python-cephfs-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rados-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rados-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rbd-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rbd-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rgw-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rgw-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): ceph-common-12.2.13+git.1609861337.ff66d09906-2.56.1 ceph-common-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 ceph-debugsource-12.2.13+git.1609861337.ff66d09906-2.56.1 libcephfs2-12.2.13+git.1609861337.ff66d09906-2.56.1 libcephfs2-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 librados2-12.2.13+git.1609861337.ff66d09906-2.56.1 librados2-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 libradosstriper1-12.2.13+git.1609861337.ff66d09906-2.56.1 libradosstriper1-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 librbd1-12.2.13+git.1609861337.ff66d09906-2.56.1 librbd1-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 librgw2-12.2.13+git.1609861337.ff66d09906-2.56.1 librgw2-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 python-cephfs-12.2.13+git.1609861337.ff66d09906-2.56.1 python-cephfs-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rados-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rados-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rbd-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rbd-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rgw-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rgw-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): ceph-common-12.2.13+git.1609861337.ff66d09906-2.56.1 ceph-common-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 ceph-debugsource-12.2.13+git.1609861337.ff66d09906-2.56.1 libcephfs2-12.2.13+git.1609861337.ff66d09906-2.56.1 libcephfs2-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 librados2-12.2.13+git.1609861337.ff66d09906-2.56.1 librados2-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 libradosstriper1-12.2.13+git.1609861337.ff66d09906-2.56.1 libradosstriper1-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 librbd1-12.2.13+git.1609861337.ff66d09906-2.56.1 librbd1-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 librgw2-12.2.13+git.1609861337.ff66d09906-2.56.1 librgw2-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 python-cephfs-12.2.13+git.1609861337.ff66d09906-2.56.1 python-cephfs-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rados-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rados-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rbd-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rbd-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rgw-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rgw-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): ceph-12.2.13+git.1609861337.ff66d09906-2.56.1 ceph-base-12.2.13+git.1609861337.ff66d09906-2.56.1 ceph-base-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 ceph-common-12.2.13+git.1609861337.ff66d09906-2.56.1 ceph-common-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 ceph-debugsource-12.2.13+git.1609861337.ff66d09906-2.56.1 ceph-fuse-12.2.13+git.1609861337.ff66d09906-2.56.1 ceph-fuse-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 ceph-mds-12.2.13+git.1609861337.ff66d09906-2.56.1 ceph-mds-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 ceph-mgr-12.2.13+git.1609861337.ff66d09906-2.56.1 ceph-mgr-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 ceph-mon-12.2.13+git.1609861337.ff66d09906-2.56.1 ceph-mon-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 ceph-osd-12.2.13+git.1609861337.ff66d09906-2.56.1 ceph-osd-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 ceph-radosgw-12.2.13+git.1609861337.ff66d09906-2.56.1 ceph-radosgw-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 libcephfs2-12.2.13+git.1609861337.ff66d09906-2.56.1 libcephfs2-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 librados2-12.2.13+git.1609861337.ff66d09906-2.56.1 librados2-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 libradosstriper1-12.2.13+git.1609861337.ff66d09906-2.56.1 libradosstriper1-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 librbd1-12.2.13+git.1609861337.ff66d09906-2.56.1 librbd1-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 librgw2-12.2.13+git.1609861337.ff66d09906-2.56.1 librgw2-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 python-ceph-compat-12.2.13+git.1609861337.ff66d09906-2.56.1 python-cephfs-12.2.13+git.1609861337.ff66d09906-2.56.1 python-cephfs-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rados-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rados-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rbd-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rbd-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rgw-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rgw-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 python3-ceph-argparse-12.2.13+git.1609861337.ff66d09906-2.56.1 python3-cephfs-12.2.13+git.1609861337.ff66d09906-2.56.1 python3-cephfs-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 python3-rados-12.2.13+git.1609861337.ff66d09906-2.56.1 python3-rados-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 python3-rbd-12.2.13+git.1609861337.ff66d09906-2.56.1 python3-rbd-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 python3-rgw-12.2.13+git.1609861337.ff66d09906-2.56.1 python3-rgw-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 rbd-fuse-12.2.13+git.1609861337.ff66d09906-2.56.1 rbd-fuse-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 rbd-mirror-12.2.13+git.1609861337.ff66d09906-2.56.1 rbd-mirror-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 rbd-nbd-12.2.13+git.1609861337.ff66d09906-2.56.1 rbd-nbd-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 - HPE Helion Openstack 8 (x86_64): ceph-common-12.2.13+git.1609861337.ff66d09906-2.56.1 ceph-common-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 ceph-debugsource-12.2.13+git.1609861337.ff66d09906-2.56.1 libcephfs2-12.2.13+git.1609861337.ff66d09906-2.56.1 libcephfs2-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 librados2-12.2.13+git.1609861337.ff66d09906-2.56.1 librados2-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 libradosstriper1-12.2.13+git.1609861337.ff66d09906-2.56.1 libradosstriper1-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 librbd1-12.2.13+git.1609861337.ff66d09906-2.56.1 librbd1-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 librgw2-12.2.13+git.1609861337.ff66d09906-2.56.1 librgw2-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 python-cephfs-12.2.13+git.1609861337.ff66d09906-2.56.1 python-cephfs-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rados-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rados-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rbd-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rbd-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rgw-12.2.13+git.1609861337.ff66d09906-2.56.1 python-rgw-debuginfo-12.2.13+git.1609861337.ff66d09906-2.56.1 References: https://bugzilla.suse.com/1180509 From sle-updates at lists.suse.com Mon Jan 11 10:20:42 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Jan 2021 18:20:42 +0100 (CET) Subject: SUSE-SU-2021:0068-1: moderate: Security update for nodejs12 Message-ID: <20210111172042.0D38EFEDA@maintenance.suse.de> SUSE Security Update: Security update for nodejs12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0068-1 Rating: moderate References: #1179491 #1180553 #1180554 Cross-References: CVE-2020-1971 CVE-2020-8265 CVE-2020-8287 Affected Products: SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for nodejs12 fixes the following issues: - New upstream LTS version 12.20.1: * CVE-2020-8265: use-after-free in TLSWrap (High) bug in TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits (bsc#1180553) * CVE-2020-8287: HTTP Request Smuggling allow two copies of a header field in a http request. For example, two Transfer-Encoding header fields. In this case Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling (https://cwe.mitre.org/data/definitions/444.html). (bsc#1180554) * CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference (High) This is a vulnerability in OpenSSL which may be exploited through Node.js. (bsc#1179491) - New upstream LTS version 12.20.0: * deps: + update llhttp '2.1.2' -> '2.1.3' + update uv '1.39.0' -> '1.40.0' + update uvwasi '0.0.10' -> '0.0.11' * fs: add .ref() and .unref() methods to watcher classes * http: added scheduling option to http agent * module: + exports pattern support + named exports for CJS via static analysis * n-api: add more property defaults (gh#35214) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2021-68=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): nodejs12-12.20.1-1.26.1 nodejs12-debuginfo-12.20.1-1.26.1 nodejs12-debugsource-12.20.1-1.26.1 nodejs12-devel-12.20.1-1.26.1 npm12-12.20.1-1.26.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs12-docs-12.20.1-1.26.1 References: https://www.suse.com/security/cve/CVE-2020-1971.html https://www.suse.com/security/cve/CVE-2020-8265.html https://www.suse.com/security/cve/CVE-2020-8287.html https://bugzilla.suse.com/1179491 https://bugzilla.suse.com/1180553 https://bugzilla.suse.com/1180554 From sle-updates at lists.suse.com Mon Jan 11 10:21:52 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Jan 2021 18:21:52 +0100 (CET) Subject: SUSE-RU-2021:0064-1: moderate: Recommended update for release-notes-ses Message-ID: <20210111172152.80001FEDA@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-ses ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0064-1 Rating: moderate References: #1180157 Affected Products: SUSE Enterprise Storage 6 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for release-notes-ses fixes the following issues: - 6.0.20201217 (bsc#1180157) - Added note about removed standby-for options Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-64=1 Package List: - SUSE Enterprise Storage 6 (noarch): release-notes-ses-6.0.20201217-3.12.1 References: https://bugzilla.suse.com/1180157 From sle-updates at lists.suse.com Mon Jan 11 10:22:51 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Jan 2021 18:22:51 +0100 (CET) Subject: SUSE-RU-2021:0067-1: moderate: Recommended update for yast2-cluster Message-ID: <20210111172251.09D7FFEDA@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-cluster ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0067-1 Rating: moderate References: #1120815 #1151687 #1180424 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for yast2-cluster fixes the following issues: - Add watchdog config to the default list. (bsc#1180424) - Update the open ports to support pacemaker-remote, booth, corosync-qnetd. (bsc#1151687) - Support use hostname in ring address. (bsc#1120815) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2021-67=1 Package List: - SUSE Linux Enterprise High Availability 15 (noarch): yast2-cluster-4.0.13-3.15.1 References: https://bugzilla.suse.com/1120815 https://bugzilla.suse.com/1151687 https://bugzilla.suse.com/1180424 From sle-updates at lists.suse.com Mon Jan 11 10:24:03 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Jan 2021 18:24:03 +0100 (CET) Subject: SUSE-RU-2021:0063-1: moderate: Recommended update for yast2-cluster Message-ID: <20210111172403.6DDC5FEDA@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-cluster ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0063-1 Rating: moderate References: #1120815 #1151687 #1180424 Affected Products: SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for yast2-cluster fixes the following issues: - Add watchdog config to the default list. (bsc#1180424) - Update the open ports to support pacemaker-remote, booth, corosync-qnetd. (bsc#1151687) - Support use hostname in ring address. (bsc#1120815) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-63=1 Package List: - SUSE Linux Enterprise High Availability 15-SP2 (noarch): yast2-cluster-4.2.11-3.12.1 References: https://bugzilla.suse.com/1120815 https://bugzilla.suse.com/1151687 https://bugzilla.suse.com/1180424 From sle-updates at lists.suse.com Mon Jan 11 10:27:07 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Jan 2021 18:27:07 +0100 (CET) Subject: SUSE-SU-2021:0062-1: moderate: Security update for nodejs12 Message-ID: <20210111172707.9C563FEDA@maintenance.suse.de> SUSE Security Update: Security update for nodejs12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0062-1 Rating: moderate References: #1178882 #1179491 #1180553 #1180554 Cross-References: CVE-2020-1971 CVE-2020-8265 CVE-2020-8277 CVE-2020-8287 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15-SP2 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for nodejs12 fixes the following issues: - New upstream LTS version 12.20.1: * CVE-2020-8265: use-after-free in TLSWrap (High) bug in TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits (bsc#1180553) * CVE-2020-8287: HTTP Request Smuggling allow two copies of a header field in a http request. For example, two Transfer-Encoding header fields. In this case Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling (https://cwe.mitre.org/data/definitions/444.html). (bsc#1180554) * CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference (High) This is a vulnerability in OpenSSL which may be exploited through Node.js. (bsc#1179491) - New upstream LTS version 12.20.0: * deps: + update llhttp '2.1.2' -> '2.1.3' + update uv '1.39.0' -> '1.40.0' + update uvwasi '0.0.10' -> '0.0.11' * fs: add .ref() and .unref() methods to watcher classes * http: added scheduling option to http agent * module: + exports pattern support + named exports for CJS via static analysis * n-api: add more property defaults (gh#35214) - New upstream LTS version 12.19.1: * deps: Denial of Service through DNS request (High). A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service by getting the application to resolve a DNS record with a larger number of responses (bsc#1178882, CVE-2020-8277) - New upstream LTS version 12.19.0: * crypto: add randomInt function * deps: + upgrade to libuv 1.39.0 + deps: upgrade npm to 6.14.7 + deps: upgrade to libuv 1.38.1 * doc: deprecate process.umask() with no arguments * module: + package "imports" field + module: deprecate module.parent * n-api: create N-API version 7 * zlib: switch to lazy init for zlib streams Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP2: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP2-2021-62=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP2 (aarch64 ppc64le s390x x86_64): nodejs12-12.20.1-4.10.1 nodejs12-debuginfo-12.20.1-4.10.1 nodejs12-debugsource-12.20.1-4.10.1 nodejs12-devel-12.20.1-4.10.1 npm12-12.20.1-4.10.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP2 (noarch): nodejs12-docs-12.20.1-4.10.1 References: https://www.suse.com/security/cve/CVE-2020-1971.html https://www.suse.com/security/cve/CVE-2020-8265.html https://www.suse.com/security/cve/CVE-2020-8277.html https://www.suse.com/security/cve/CVE-2020-8287.html https://bugzilla.suse.com/1178882 https://bugzilla.suse.com/1179491 https://bugzilla.suse.com/1180553 https://bugzilla.suse.com/1180554 From sle-updates at lists.suse.com Mon Jan 11 10:28:31 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Jan 2021 18:28:31 +0100 (CET) Subject: SUSE-SU-2021:0060-1: moderate: Security update for nodejs10 Message-ID: <20210111172831.10D23FEDA@maintenance.suse.de> SUSE Security Update: Security update for nodejs10 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0060-1 Rating: moderate References: #1179491 #1180553 #1180554 Cross-References: CVE-2020-1971 CVE-2020-8265 CVE-2020-8287 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Web Scripting 15-SP2 SUSE Linux Enterprise Module for Web Scripting 15-SP1 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for nodejs10 fixes the following issues: - New upstream LTS version 10.23.1: * CVE-2020-8265: use-after-free in TLSWrap (High) bug in TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits (bsc#1180553) * CVE-2020-8287: HTTP Request Smuggling allow two copies of a header field in a http request. For example, two Transfer-Encoding header fields. In this case Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling (https://cwe.mitre.org/data/definitions/444.html). (bsc#1180554) * CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference (High) This is a vulnerability in OpenSSL which may be exploited through Node.js. (bsc#1179491) - New upstream LTS version 10.23.0: * deps: upgrade npm to 6.14.8 * n-api: + create N-API version 7 + expose napi_build_version variable Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-60=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-60=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP2: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP2-2021-60=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP1: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP1-2021-60=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-60=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-60=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): nodejs10-10.23.1-1.30.1 nodejs10-debuginfo-10.23.1-1.30.1 nodejs10-debugsource-10.23.1-1.30.1 nodejs10-devel-10.23.1-1.30.1 npm10-10.23.1-1.30.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): nodejs10-docs-10.23.1-1.30.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): nodejs10-10.23.1-1.30.1 nodejs10-debuginfo-10.23.1-1.30.1 nodejs10-debugsource-10.23.1-1.30.1 nodejs10-devel-10.23.1-1.30.1 npm10-10.23.1-1.30.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): nodejs10-docs-10.23.1-1.30.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP2 (aarch64 ppc64le s390x x86_64): nodejs10-10.23.1-1.30.1 nodejs10-debuginfo-10.23.1-1.30.1 nodejs10-debugsource-10.23.1-1.30.1 nodejs10-devel-10.23.1-1.30.1 npm10-10.23.1-1.30.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP2 (noarch): nodejs10-docs-10.23.1-1.30.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP1 (aarch64 ppc64le s390x x86_64): nodejs10-10.23.1-1.30.1 nodejs10-debuginfo-10.23.1-1.30.1 nodejs10-debugsource-10.23.1-1.30.1 nodejs10-devel-10.23.1-1.30.1 npm10-10.23.1-1.30.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP1 (noarch): nodejs10-docs-10.23.1-1.30.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): nodejs10-10.23.1-1.30.1 nodejs10-debuginfo-10.23.1-1.30.1 nodejs10-debugsource-10.23.1-1.30.1 nodejs10-devel-10.23.1-1.30.1 npm10-10.23.1-1.30.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): nodejs10-docs-10.23.1-1.30.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): nodejs10-10.23.1-1.30.1 nodejs10-debuginfo-10.23.1-1.30.1 nodejs10-debugsource-10.23.1-1.30.1 nodejs10-devel-10.23.1-1.30.1 npm10-10.23.1-1.30.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): nodejs10-docs-10.23.1-1.30.1 References: https://www.suse.com/security/cve/CVE-2020-1971.html https://www.suse.com/security/cve/CVE-2020-8265.html https://www.suse.com/security/cve/CVE-2020-8287.html https://bugzilla.suse.com/1179491 https://bugzilla.suse.com/1180553 https://bugzilla.suse.com/1180554 From sle-updates at lists.suse.com Mon Jan 11 10:29:41 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Jan 2021 18:29:41 +0100 (CET) Subject: SUSE-RU-2021:0065-1: Recommended update for hamcrest Message-ID: <20210111172941.1CF91FEDA@maintenance.suse.de> SUSE Recommended Update: Recommended update for hamcrest ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0065-1 Rating: low References: #1120493 #1179994 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for hamcrest fixes the following issues: - Make hamcrest build reproducibly. (bsc#1120493) - Fix typo in hamcrest-core description. (bsc#1179994) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-65=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch): hamcrest-core-1.3-12.6.1 References: https://bugzilla.suse.com/1120493 https://bugzilla.suse.com/1179994 From sle-updates at lists.suse.com Tue Jan 12 04:17:38 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Jan 2021 12:17:38 +0100 (CET) Subject: SUSE-SU-2021:0072-1: important: Security update for MozillaFirefox Message-ID: <20210112111738.AEEFAFCFA@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0072-1 Rating: important References: #1180623 Cross-References: CVE-2020-16044 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.6.1 ESR * Fixed: Critical security issue MFSA 2021-01 (bsc#1180623) * CVE-2020-16044 Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2021-72=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.6.1-3.125.1 MozillaFirefox-debuginfo-78.6.1-3.125.1 MozillaFirefox-debugsource-78.6.1-3.125.1 MozillaFirefox-devel-78.6.1-3.125.1 MozillaFirefox-translations-common-78.6.1-3.125.1 MozillaFirefox-translations-other-78.6.1-3.125.1 References: https://www.suse.com/security/cve/CVE-2020-16044.html https://bugzilla.suse.com/1180623 From sle-updates at lists.suse.com Tue Jan 12 04:18:40 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Jan 2021 12:18:40 +0100 (CET) Subject: SUSE-RU-2021:0070-1: moderate: Recommended update for rt-tests Message-ID: <20210112111841.0094BFCFA@maintenance.suse.de> SUSE Recommended Update: Recommended update for rt-tests ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0070-1 Rating: moderate References: SLE-12981 Affected Products: SUSE Linux Enterprise Module for Realtime 15-SP2 SUSE Linux Enterprise Module for Realtime 15-SP1 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: rt-tests was updated to fix the following issues: Update to upstream version 1.10 (SLE-12981): * rt-tests: queuelat: Remove get_cpuinfo_mhz.sh and old Makefile * rt-tests: determine_maximum_mpps.sh: Add a menu to get user settings. * rt-numa: Introduce NUMA helpers * cyclictest: Only report the first incident * Streamline usage and man page Changes from version 1.9: * signaltest: Only print from the first thread stats when quiet * rt-tests: cyclictest: Move ftrace helpers into rt-utils.[ch] * pi_stress: limit the number of inversion groups to the number of online cores * rt-tests: Install new man page get_cyclictest_snapshot.8 * rt-tests: Add a man page for get_cyclictest_snapshot * rt-tests: ptsematest.8: Update the ptsematest man page * rt-tests: improvements to the python style in get_cyclictest_snapshot * cyclictest: Fix setaffinity error on large NUMA machines Changes from version 1.8: * cyclictest: Make the affinity mask apply to the main thread too * Remove support for compiling without NUMA * cyclictest: Only run on runtime affinity and user supplied affinity * cyclictest: Only run on available cpus according to the affinity * cyclictest: Report all errors from pthread_setaffinity_np Changes from version 1.7: * Add get_cyclictest_snapshot to Makefile * Add the get_cyclictest_snapshot.py utility * determine_maximum_mpps.sh: Fix quoting and other shell issue * queuelat: get_cpuinfo_mhz.sh highest value * cyclicdeadline: Add a simple manpage for cyclicdeadline Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Realtime 15-SP2: zypper in -t patch SUSE-SLE-Module-RT-15-SP2-2021-70=1 - SUSE Linux Enterprise Module for Realtime 15-SP1: zypper in -t patch SUSE-SLE-Module-RT-15-SP1-2021-70=1 Package List: - SUSE Linux Enterprise Module for Realtime 15-SP2 (x86_64): rt-tests-1.10-3.6.1 rt-tests-debuginfo-1.10-3.6.1 rt-tests-debugsource-1.10-3.6.1 - SUSE Linux Enterprise Module for Realtime 15-SP1 (x86_64): rt-tests-1.10-3.6.1 rt-tests-debuginfo-1.10-3.6.1 rt-tests-debugsource-1.10-3.6.1 References: From sle-updates at lists.suse.com Tue Jan 12 04:19:35 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Jan 2021 12:19:35 +0100 (CET) Subject: SUSE-SU-2021:0071-1: important: Security update for MozillaFirefox Message-ID: <20210112111935.576CFFCFA@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0071-1 Rating: important References: #1180623 Cross-References: CVE-2020-16044 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.6.1 ESR * Fixed: Critical security issue MFSA 2021-01 (bsc#1180623) * CVE-2020-16044 Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-71=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.6.1-8.23.1 MozillaFirefox-debuginfo-78.6.1-8.23.1 MozillaFirefox-debugsource-78.6.1-8.23.1 MozillaFirefox-devel-78.6.1-8.23.1 MozillaFirefox-translations-common-78.6.1-8.23.1 MozillaFirefox-translations-other-78.6.1-8.23.1 References: https://www.suse.com/security/cve/CVE-2020-16044.html https://bugzilla.suse.com/1180623 From sle-updates at lists.suse.com Tue Jan 12 07:17:21 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Jan 2021 15:17:21 +0100 (CET) Subject: SUSE-RU-2021:0079-1: moderate: Recommended update for gcc7 Message-ID: <20210112141721.18944FCFA@maintenance.suse.de> SUSE Recommended Update: Recommended update for gcc7 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0079-1 Rating: moderate References: #1167939 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gcc7 fixes the following issues: - Amend the gcc7 aarch64 atomics for glibc namespace violation with getauxval. [bsc#1167939] Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-79=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2021-79=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-79=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2021-79=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): gcc7-ada-7.5.0+r278197-4.22.1 gcc7-ada-debuginfo-7.5.0+r278197-4.22.1 gcc7-debuginfo-7.5.0+r278197-4.22.1 gcc7-debugsource-7.5.0+r278197-4.22.1 gcc7-locale-7.5.0+r278197-4.22.1 gcc7-objc-7.5.0+r278197-4.22.1 gcc7-objc-debuginfo-7.5.0+r278197-4.22.1 libada7-7.5.0+r278197-4.22.1 libada7-debuginfo-7.5.0+r278197-4.22.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch): gcc7-info-7.5.0+r278197-4.22.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (x86_64): cross-nvptx-gcc7-7.5.0+r278197-4.22.1 cross-nvptx-newlib7-devel-7.5.0+r278197-4.22.1 gcc7-32bit-7.5.0+r278197-4.22.1 gcc7-c++-32bit-7.5.0+r278197-4.22.1 gcc7-fortran-32bit-7.5.0+r278197-4.22.1 libasan4-32bit-7.5.0+r278197-4.22.1 libasan4-32bit-debuginfo-7.5.0+r278197-4.22.1 libcilkrts5-32bit-7.5.0+r278197-4.22.1 libcilkrts5-32bit-debuginfo-7.5.0+r278197-4.22.1 libstdc++6-devel-gcc7-32bit-7.5.0+r278197-4.22.1 libubsan0-32bit-7.5.0+r278197-4.22.1 libubsan0-32bit-debuginfo-7.5.0+r278197-4.22.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): gcc7-ada-7.5.0+r278197-4.22.1 gcc7-ada-debuginfo-7.5.0+r278197-4.22.1 gcc7-debuginfo-7.5.0+r278197-4.22.1 gcc7-debugsource-7.5.0+r278197-4.22.1 gcc7-locale-7.5.0+r278197-4.22.1 gcc7-objc-7.5.0+r278197-4.22.1 gcc7-objc-debuginfo-7.5.0+r278197-4.22.1 libada7-7.5.0+r278197-4.22.1 libada7-debuginfo-7.5.0+r278197-4.22.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (noarch): gcc7-info-7.5.0+r278197-4.22.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (x86_64): cross-nvptx-gcc7-7.5.0+r278197-4.22.1 cross-nvptx-newlib7-devel-7.5.0+r278197-4.22.1 gcc7-32bit-7.5.0+r278197-4.22.1 gcc7-c++-32bit-7.5.0+r278197-4.22.1 gcc7-fortran-32bit-7.5.0+r278197-4.22.1 libasan4-32bit-7.5.0+r278197-4.22.1 libasan4-32bit-debuginfo-7.5.0+r278197-4.22.1 libcilkrts5-32bit-7.5.0+r278197-4.22.1 libcilkrts5-32bit-debuginfo-7.5.0+r278197-4.22.1 libstdc++6-devel-gcc7-32bit-7.5.0+r278197-4.22.1 libubsan0-32bit-7.5.0+r278197-4.22.1 libubsan0-32bit-debuginfo-7.5.0+r278197-4.22.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): cpp7-7.5.0+r278197-4.22.1 cpp7-debuginfo-7.5.0+r278197-4.22.1 gcc7-7.5.0+r278197-4.22.1 gcc7-c++-7.5.0+r278197-4.22.1 gcc7-c++-debuginfo-7.5.0+r278197-4.22.1 gcc7-debuginfo-7.5.0+r278197-4.22.1 gcc7-debugsource-7.5.0+r278197-4.22.1 gcc7-fortran-7.5.0+r278197-4.22.1 gcc7-fortran-debuginfo-7.5.0+r278197-4.22.1 libasan4-7.5.0+r278197-4.22.1 libasan4-debuginfo-7.5.0+r278197-4.22.1 libgfortran4-7.5.0+r278197-4.22.1 libgfortran4-debuginfo-7.5.0+r278197-4.22.1 libstdc++6-devel-gcc7-7.5.0+r278197-4.22.1 libubsan0-7.5.0+r278197-4.22.1 libubsan0-debuginfo-7.5.0+r278197-4.22.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libcilkrts5-7.5.0+r278197-4.22.1 libcilkrts5-debuginfo-7.5.0+r278197-4.22.1 libgfortran4-32bit-7.5.0+r278197-4.22.1 libgfortran4-32bit-debuginfo-7.5.0+r278197-4.22.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): cpp7-7.5.0+r278197-4.22.1 cpp7-debuginfo-7.5.0+r278197-4.22.1 gcc7-7.5.0+r278197-4.22.1 gcc7-c++-7.5.0+r278197-4.22.1 gcc7-c++-debuginfo-7.5.0+r278197-4.22.1 gcc7-debuginfo-7.5.0+r278197-4.22.1 gcc7-debugsource-7.5.0+r278197-4.22.1 gcc7-fortran-7.5.0+r278197-4.22.1 gcc7-fortran-debuginfo-7.5.0+r278197-4.22.1 libasan4-7.5.0+r278197-4.22.1 libasan4-debuginfo-7.5.0+r278197-4.22.1 libgfortran4-7.5.0+r278197-4.22.1 libgfortran4-debuginfo-7.5.0+r278197-4.22.1 libstdc++6-devel-gcc7-7.5.0+r278197-4.22.1 libubsan0-7.5.0+r278197-4.22.1 libubsan0-debuginfo-7.5.0+r278197-4.22.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libcilkrts5-7.5.0+r278197-4.22.1 libcilkrts5-debuginfo-7.5.0+r278197-4.22.1 libgfortran4-32bit-7.5.0+r278197-4.22.1 libgfortran4-32bit-debuginfo-7.5.0+r278197-4.22.1 References: https://bugzilla.suse.com/1167939 From sle-updates at lists.suse.com Tue Jan 12 07:18:26 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Jan 2021 15:18:26 +0100 (CET) Subject: SUSE-RU-2021:0077-1: Recommended update for SUSEConnect Message-ID: <20210112141826.7FF37FCFA@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSEConnect ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0077-1 Rating: low References: Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for SUSEConnect fixes the following issue: Update to version 0.3.29 - Replace the Ruby path with the native one during build phase. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-77=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-77=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-77=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-77=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-77=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-77=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-77=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-77=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-77=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2021-77=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-77=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): SUSEConnect-0.3.29-3.42.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): SUSEConnect-0.3.29-3.42.1 - SUSE OpenStack Cloud 9 (x86_64): SUSEConnect-0.3.29-3.42.1 - SUSE OpenStack Cloud 8 (x86_64): SUSEConnect-0.3.29-3.42.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): SUSEConnect-0.3.29-3.42.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): SUSEConnect-0.3.29-3.42.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): SUSEConnect-0.3.29-3.42.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): SUSEConnect-0.3.29-3.42.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): SUSEConnect-0.3.29-3.42.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): SUSEConnect-0.3.29-3.42.1 - HPE Helion Openstack 8 (x86_64): SUSEConnect-0.3.29-3.42.1 References: From sle-updates at lists.suse.com Tue Jan 12 07:19:22 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Jan 2021 15:19:22 +0100 (CET) Subject: SUSE-RU-2021:0073-1: Recommended update for SUSEConnect Message-ID: <20210112141922.A2D3CFCFA@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSEConnect ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0073-1 Rating: low References: Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for SUSEConnect fixes the following issue: Update to version 0.3.29 - Replace the Ruby path with the native one during build phase. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-73=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): SUSEConnect-0.3.29-3.6.1 References: From sle-updates at lists.suse.com Tue Jan 12 07:20:14 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Jan 2021 15:20:14 +0100 (CET) Subject: SUSE-SU-2021:14595-1: important: Security update for MozillaFirefox Message-ID: <20210112142014.99047FCFA@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14595-1 Rating: important References: #1180623 Cross-References: CVE-2020-16044 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.6.1 ESR * Fixed: Critical security issue MFSA 2021-01 (bsc#1180623) * CVE-2020-16044 Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-MozillaFirefox-14595=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-MozillaFirefox-14595=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (x86_64): MozillaFirefox-78.6.1-78.111.1 MozillaFirefox-translations-common-78.6.1-78.111.1 MozillaFirefox-translations-other-78.6.1-78.111.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64): MozillaFirefox-debuginfo-78.6.1-78.111.1 References: https://www.suse.com/security/cve/CVE-2020-16044.html https://bugzilla.suse.com/1180623 From sle-updates at lists.suse.com Tue Jan 12 07:21:12 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Jan 2021 15:21:12 +0100 (CET) Subject: SUSE-RU-2021:0074-1: Recommended update for SUSEConnect Message-ID: <20210112142112.777CBFCFA@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSEConnect ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0074-1 Rating: low References: Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for SUSEConnect fixes the following issue: Update to version 0.3.29 - Replace the Ruby path with the native one during build phase. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-74=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): SUSEConnect-0.3.29-3.9.1 References: From sle-updates at lists.suse.com Tue Jan 12 07:22:05 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Jan 2021 15:22:05 +0100 (CET) Subject: SUSE-RU-2021:0076-1: Recommended update for SUSEConnect Message-ID: <20210112142205.87AF0FCFA@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSEConnect ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0076-1 Rating: low References: Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for SUSEConnect fixes the following issue: Update to version 0.3.29 - Replace the Ruby path with the native one during build phase. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-76=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-76=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-76=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-76=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): SUSEConnect-0.3.29-3.34.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): SUSEConnect-0.3.29-3.34.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): SUSEConnect-0.3.29-3.34.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): SUSEConnect-0.3.29-3.34.1 References: From sle-updates at lists.suse.com Tue Jan 12 07:22:59 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Jan 2021 15:22:59 +0100 (CET) Subject: SUSE-RU-2021:0075-1: Recommended update for SUSEConnect Message-ID: <20210112142259.DF2D2FCFA@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSEConnect ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0075-1 Rating: low References: Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for SUSEConnect fixes the following issue: Update to version 0.3.29 - Replace the Ruby path with the native one during build phase. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2021-75=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2021-75=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2021-75=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-75=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): SUSEConnect-0.3.29-19.10.35.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): SUSEConnect-0.3.29-19.10.35.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): SUSEConnect-0.3.29-19.10.35.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): SUSEConnect-0.3.29-19.10.35.1 References: From sle-updates at lists.suse.com Tue Jan 12 10:17:01 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Jan 2021 18:17:01 +0100 (CET) Subject: SUSE-SU-2021:0080-1: important: Security update for MozillaFirefox Message-ID: <20210112171701.47EA0FCFA@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0080-1 Rating: important References: #1180623 Cross-References: CVE-2020-16044 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.6.1 ESR * Fixed: Critical security issue MFSA 2021-01 (bsc#1180623) * CVE-2020-16044 Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-80=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-80=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-80=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-80=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2021-80=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-80=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-80=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-80=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2021-80=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-80=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-80=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-80=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-80=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2021-80=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-80=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2021-80=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-80=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): MozillaFirefox-78.6.1-112.42.1 MozillaFirefox-debuginfo-78.6.1-112.42.1 MozillaFirefox-debugsource-78.6.1-112.42.1 MozillaFirefox-devel-78.6.1-112.42.1 MozillaFirefox-translations-common-78.6.1-112.42.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): MozillaFirefox-78.6.1-112.42.1 MozillaFirefox-debuginfo-78.6.1-112.42.1 MozillaFirefox-debugsource-78.6.1-112.42.1 MozillaFirefox-devel-78.6.1-112.42.1 MozillaFirefox-translations-common-78.6.1-112.42.1 - SUSE OpenStack Cloud 9 (x86_64): MozillaFirefox-78.6.1-112.42.1 MozillaFirefox-debuginfo-78.6.1-112.42.1 MozillaFirefox-debugsource-78.6.1-112.42.1 MozillaFirefox-devel-78.6.1-112.42.1 MozillaFirefox-translations-common-78.6.1-112.42.1 - SUSE OpenStack Cloud 8 (x86_64): MozillaFirefox-78.6.1-112.42.1 MozillaFirefox-debuginfo-78.6.1-112.42.1 MozillaFirefox-debugsource-78.6.1-112.42.1 MozillaFirefox-devel-78.6.1-112.42.1 MozillaFirefox-translations-common-78.6.1-112.42.1 - SUSE OpenStack Cloud 7 (s390x x86_64): MozillaFirefox-78.6.1-112.42.1 MozillaFirefox-debuginfo-78.6.1-112.42.1 MozillaFirefox-debugsource-78.6.1-112.42.1 MozillaFirefox-devel-78.6.1-112.42.1 MozillaFirefox-translations-common-78.6.1-112.42.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-78.6.1-112.42.1 MozillaFirefox-debugsource-78.6.1-112.42.1 MozillaFirefox-devel-78.6.1-112.42.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): MozillaFirefox-78.6.1-112.42.1 MozillaFirefox-debuginfo-78.6.1-112.42.1 MozillaFirefox-debugsource-78.6.1-112.42.1 MozillaFirefox-devel-78.6.1-112.42.1 MozillaFirefox-translations-common-78.6.1-112.42.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): MozillaFirefox-78.6.1-112.42.1 MozillaFirefox-debuginfo-78.6.1-112.42.1 MozillaFirefox-debugsource-78.6.1-112.42.1 MozillaFirefox-devel-78.6.1-112.42.1 MozillaFirefox-translations-common-78.6.1-112.42.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): MozillaFirefox-78.6.1-112.42.1 MozillaFirefox-debuginfo-78.6.1-112.42.1 MozillaFirefox-debugsource-78.6.1-112.42.1 MozillaFirefox-devel-78.6.1-112.42.1 MozillaFirefox-translations-common-78.6.1-112.42.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.6.1-112.42.1 MozillaFirefox-debuginfo-78.6.1-112.42.1 MozillaFirefox-debugsource-78.6.1-112.42.1 MozillaFirefox-devel-78.6.1-112.42.1 MozillaFirefox-translations-common-78.6.1-112.42.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.6.1-112.42.1 MozillaFirefox-debuginfo-78.6.1-112.42.1 MozillaFirefox-debugsource-78.6.1-112.42.1 MozillaFirefox-devel-78.6.1-112.42.1 MozillaFirefox-translations-common-78.6.1-112.42.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.6.1-112.42.1 MozillaFirefox-debuginfo-78.6.1-112.42.1 MozillaFirefox-debugsource-78.6.1-112.42.1 MozillaFirefox-devel-78.6.1-112.42.1 MozillaFirefox-translations-common-78.6.1-112.42.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): MozillaFirefox-78.6.1-112.42.1 MozillaFirefox-debuginfo-78.6.1-112.42.1 MozillaFirefox-debugsource-78.6.1-112.42.1 MozillaFirefox-devel-78.6.1-112.42.1 MozillaFirefox-translations-common-78.6.1-112.42.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): MozillaFirefox-78.6.1-112.42.1 MozillaFirefox-debuginfo-78.6.1-112.42.1 MozillaFirefox-debugsource-78.6.1-112.42.1 MozillaFirefox-devel-78.6.1-112.42.1 MozillaFirefox-translations-common-78.6.1-112.42.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): MozillaFirefox-78.6.1-112.42.1 MozillaFirefox-debuginfo-78.6.1-112.42.1 MozillaFirefox-debugsource-78.6.1-112.42.1 MozillaFirefox-devel-78.6.1-112.42.1 MozillaFirefox-translations-common-78.6.1-112.42.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): MozillaFirefox-78.6.1-112.42.1 MozillaFirefox-debuginfo-78.6.1-112.42.1 MozillaFirefox-debugsource-78.6.1-112.42.1 MozillaFirefox-devel-78.6.1-112.42.1 MozillaFirefox-translations-common-78.6.1-112.42.1 - HPE Helion Openstack 8 (x86_64): MozillaFirefox-78.6.1-112.42.1 MozillaFirefox-debuginfo-78.6.1-112.42.1 MozillaFirefox-debugsource-78.6.1-112.42.1 MozillaFirefox-devel-78.6.1-112.42.1 MozillaFirefox-translations-common-78.6.1-112.42.1 References: https://www.suse.com/security/cve/CVE-2020-16044.html https://bugzilla.suse.com/1180623 From sle-updates at lists.suse.com Tue Jan 12 10:18:07 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Jan 2021 18:18:07 +0100 (CET) Subject: SUSE-SU-2021:0081-1: moderate: Security update for ImageMagick Message-ID: <20210112171807.37C9CFCFA@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0081-1 Rating: moderate References: #1179103 Cross-References: CVE-2020-19667 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ImageMagick fixes the following issues: - CVE-2020-19667 [bsc#1179103]: Stack buffer overflow in XPM coder could result in a crash Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-81=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-81=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-7.0.7.34-10.6.13 ImageMagick-debugsource-7.0.7.34-10.6.13 perl-PerlMagick-7.0.7.34-10.6.13 perl-PerlMagick-debuginfo-7.0.7.34-10.6.13 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): ImageMagick-7.0.7.34-10.6.13 ImageMagick-config-7-SUSE-7.0.7.34-10.6.13 ImageMagick-config-7-upstream-7.0.7.34-10.6.13 ImageMagick-debuginfo-7.0.7.34-10.6.13 ImageMagick-debugsource-7.0.7.34-10.6.13 ImageMagick-devel-7.0.7.34-10.6.13 libMagick++-7_Q16HDRI4-7.0.7.34-10.6.13 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-10.6.13 libMagick++-devel-7.0.7.34-10.6.13 libMagickCore-7_Q16HDRI6-7.0.7.34-10.6.13 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-10.6.13 libMagickWand-7_Q16HDRI6-7.0.7.34-10.6.13 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-10.6.13 References: https://www.suse.com/security/cve/CVE-2020-19667.html https://bugzilla.suse.com/1179103 From sle-updates at lists.suse.com Tue Jan 12 10:19:06 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Jan 2021 18:19:06 +0100 (CET) Subject: SUSE-SU-2021:0082-1: moderate: Security update for nodejs10 Message-ID: <20210112171906.A82D1FCFA@maintenance.suse.de> SUSE Security Update: Security update for nodejs10 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0082-1 Rating: moderate References: #1179491 #1180553 #1180554 Cross-References: CVE-2020-1971 CVE-2020-8265 CVE-2020-8287 Affected Products: SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for nodejs10 fixes the following issues: - New upstream LTS version 10.23.1: * CVE-2020-8265: use-after-free in TLSWrap (High) bug in TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits (bsc#1180553) * CVE-2020-8287: HTTP Request Smuggling allow two copies of a header field in a http request. For example, two Transfer-Encoding header fields. In this case Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling (https://cwe.mitre.org/data/definitions/444.html). (bsc#1180554) * CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference (High) This is a vulnerability in OpenSSL which may be exploited through Node.js. (bsc#1179491) - New upstream LTS version 10.23.0: * deps: upgrade npm to 6.14.8 * n-api: + create N-API version 7 + expose napi_build_version variable Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2021-82=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): nodejs10-10.23.1-1.33.1 nodejs10-debuginfo-10.23.1-1.33.1 nodejs10-debugsource-10.23.1-1.33.1 nodejs10-devel-10.23.1-1.33.1 npm10-10.23.1-1.33.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs10-docs-10.23.1-1.33.1 References: https://www.suse.com/security/cve/CVE-2020-1971.html https://www.suse.com/security/cve/CVE-2020-8265.html https://www.suse.com/security/cve/CVE-2020-8287.html https://bugzilla.suse.com/1179491 https://bugzilla.suse.com/1180553 https://bugzilla.suse.com/1180554 From sle-updates at lists.suse.com Tue Jan 12 10:20:17 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Jan 2021 18:20:17 +0100 (CET) Subject: SUSE-SU-2021:0089-1: important: Security update for hawk2 Message-ID: <20210112172017.9D396FCFA@maintenance.suse.de> SUSE Security Update: Security update for hawk2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0089-1 Rating: important References: #1179998 Cross-References: CVE-2020-35458 Affected Products: SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for hawk2 fixes the following security issue: - CVE-2020-35458: Fixed an insufficient input handler that could have led to remote code execution (bsc#1179998). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2021-89=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2021-89=1 Package List: - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): hawk2-2.4.0+git.1607523195.05cd3222-3.21.1 hawk2-debuginfo-2.4.0+git.1607523195.05cd3222-3.21.1 hawk2-debugsource-2.4.0+git.1607523195.05cd3222-3.21.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): hawk2-2.4.0+git.1607523195.05cd3222-3.21.1 hawk2-debuginfo-2.4.0+git.1607523195.05cd3222-3.21.1 hawk2-debugsource-2.4.0+git.1607523195.05cd3222-3.21.1 References: https://www.suse.com/security/cve/CVE-2020-35458.html https://bugzilla.suse.com/1179998 From sle-updates at lists.suse.com Tue Jan 12 10:21:15 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Jan 2021 18:21:15 +0100 (CET) Subject: SUSE-SU-2021:0085-1: important: Security update for crmsh Message-ID: <20210112172115.23CBEFCFA@maintenance.suse.de> SUSE Security Update: Security update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0085-1 Rating: important References: #1179999 Cross-References: CVE-2020-35459 Affected Products: SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for crmsh fixes the following issue: - CVE-2020-35459: Fixed a privilege escalation in hawk_invoke (bsc#1179999). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2021-85=1 Package List: - SUSE Linux Enterprise High Availability 15-SP1 (noarch): crmsh-4.2.0+git.1607075079.a25648d8-3.51.1 crmsh-scripts-4.2.0+git.1607075079.a25648d8-3.51.1 References: https://www.suse.com/security/cve/CVE-2020-35459.html https://bugzilla.suse.com/1179999 From sle-updates at lists.suse.com Tue Jan 12 10:22:12 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Jan 2021 18:22:12 +0100 (CET) Subject: SUSE-SU-2021:0086-1: important: Security update for crmsh Message-ID: <20210112172212.E9AF8FCFA@maintenance.suse.de> SUSE Security Update: Security update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0086-1 Rating: important References: #1179999 Cross-References: CVE-2020-35459 Affected Products: SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for crmsh fixes the following issue: - CVE-2020-35459: Fixed a privilege escalation in hawk_invoke (bsc#1179999). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-86=1 Package List: - SUSE Linux Enterprise High Availability 15-SP2 (noarch): crmsh-4.2.0+git.1607075079.a25648d8-5.32.1 crmsh-scripts-4.2.0+git.1607075079.a25648d8-5.32.1 References: https://www.suse.com/security/cve/CVE-2020-35459.html https://bugzilla.suse.com/1179999 From sle-updates at lists.suse.com Tue Jan 12 10:23:12 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Jan 2021 18:23:12 +0100 (CET) Subject: SUSE-SU-2021:0088-1: important: Security update for hawk2 Message-ID: <20210112172312.A4AABFCFA@maintenance.suse.de> SUSE Security Update: Security update for hawk2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0088-1 Rating: important References: #1179998 Cross-References: CVE-2020-35458 Affected Products: SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for hawk2 fixes the following security issue: - CVE-2020-35458: Fixed an insufficient input handler that could have led to remote code execution (bsc#1179998). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-88=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2021-88=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2021-88=1 Package List: - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): hawk2-2.3.0+git.1603969748.10468582-3.18.1 hawk2-debuginfo-2.3.0+git.1603969748.10468582-3.18.1 hawk2-debugsource-2.3.0+git.1603969748.10468582-3.18.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): hawk2-2.3.0+git.1603969748.10468582-3.18.1 hawk2-debuginfo-2.3.0+git.1603969748.10468582-3.18.1 hawk2-debugsource-2.3.0+git.1603969748.10468582-3.18.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): hawk2-2.3.0+git.1603969748.10468582-3.18.1 hawk2-debuginfo-2.3.0+git.1603969748.10468582-3.18.1 hawk2-debugsource-2.3.0+git.1603969748.10468582-3.18.1 References: https://www.suse.com/security/cve/CVE-2020-35458.html https://bugzilla.suse.com/1179998 From sle-updates at lists.suse.com Tue Jan 12 10:24:15 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Jan 2021 18:24:15 +0100 (CET) Subject: SUSE-SU-2021:0084-1: important: Security update for crmsh Message-ID: <20210112172415.5E997FEDA@maintenance.suse.de> SUSE Security Update: Security update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0084-1 Rating: important References: #1179999 Cross-References: CVE-2020-35459 Affected Products: SUSE Linux Enterprise High Availability 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for crmsh fixes the following issue: - CVE-2020-35459: Fixed a privilege escalation in hawk_invoke (bsc#1179999). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2021-84=1 Package List: - SUSE Linux Enterprise High Availability 12-SP3 (noarch): crmsh-3.0.4+git.1607490926.e492f845-13.56.1 crmsh-scripts-3.0.4+git.1607490926.e492f845-13.56.1 References: https://www.suse.com/security/cve/CVE-2020-35459.html https://bugzilla.suse.com/1179999 From sle-updates at lists.suse.com Tue Jan 12 10:25:15 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Jan 2021 18:25:15 +0100 (CET) Subject: SUSE-SU-2021:0083-1: important: Security update for crmsh Message-ID: <20210112172515.E1880FEDA@maintenance.suse.de> SUSE Security Update: Security update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0083-1 Rating: important References: #1179999 Cross-References: CVE-2020-35459 Affected Products: SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for crmsh fixes the following issue: - CVE-2020-35459: Fixed a privilege escalation in hawk_invoke (bsc#1179999). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2021-83=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2021-83=1 Package List: - SUSE Linux Enterprise High Availability 12-SP5 (noarch): crmsh-4.1.0+git.1607482714.9633b80d-2.50.1 crmsh-scripts-4.1.0+git.1607482714.9633b80d-2.50.1 - SUSE Linux Enterprise High Availability 12-SP4 (noarch): crmsh-4.1.0+git.1607482714.9633b80d-2.50.1 crmsh-scripts-4.1.0+git.1607482714.9633b80d-2.50.1 References: https://www.suse.com/security/cve/CVE-2020-35459.html https://bugzilla.suse.com/1179999 From sle-updates at lists.suse.com Tue Jan 12 10:26:15 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Jan 2021 18:26:15 +0100 (CET) Subject: SUSE-SU-2021:0087-1: important: Security update for crmsh Message-ID: <20210112172615.C95CFFEDA@maintenance.suse.de> SUSE Security Update: Security update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0087-1 Rating: important References: #1179999 Cross-References: CVE-2020-35459 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for crmsh fixes the following issue: - CVE-2020-35459: Fixed a privilege escalation in hawk_invoke (bsc#1179999). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2021-87=1 Package List: - SUSE Linux Enterprise High Availability 15 (noarch): crmsh-4.2.0+git.1607075079.a25648d8-3.56.1 crmsh-scripts-4.2.0+git.1607075079.a25648d8-3.56.1 References: https://www.suse.com/security/cve/CVE-2020-35459.html https://bugzilla.suse.com/1179999 From sle-updates at lists.suse.com Tue Jan 12 10:27:15 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Jan 2021 18:27:15 +0100 (CET) Subject: SUSE-SU-2021:0090-1: important: Security update for hawk2 Message-ID: <20210112172715.C8460FEDA@maintenance.suse.de> SUSE Security Update: Security update for hawk2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0090-1 Rating: important References: #1179998 Cross-References: CVE-2020-35458 Affected Products: SUSE Linux Enterprise High Availability 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for hawk2 fixes the following security issue: - CVE-2020-35458: Fixed an insufficient input sanitation that could have led to remote code execution (bsc#1179998). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2021-90=1 Package List: - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): hawk2-2.4.0+git.1607523195.05cd3222-2.33.1 hawk2-debuginfo-2.4.0+git.1607523195.05cd3222-2.33.1 hawk2-debugsource-2.4.0+git.1607523195.05cd3222-2.33.1 References: https://www.suse.com/security/cve/CVE-2020-35458.html https://bugzilla.suse.com/1179998 From sle-updates at lists.suse.com Tue Jan 12 13:16:36 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Jan 2021 21:16:36 +0100 (CET) Subject: SUSE-RU-2021:0092-1: moderate: Recommended update for prometheus-ha_cluster_exporter Message-ID: <20210112201636.BDADBFCFA@maintenance.suse.de> SUSE Recommended Update: Recommended update for prometheus-ha_cluster_exporter ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0092-1 Rating: moderate References: TEAM-2169 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP1 SUSE Linux Enterprise Module for SAP Applications 15 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for prometheus-ha_cluster_exporter fixes the following issue: Update to version 1.2.1 - Remove Pacemaker dependency from systemd unit (jsc#TEAM-2169) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2021-92=1 - SUSE Linux Enterprise Module for SAP Applications 15: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-2021-92=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP1 (aarch64 ppc64le s390x x86_64): prometheus-ha_cluster_exporter-1.2.1+git.1606912430.4fceb77-1.12.1 - SUSE Linux Enterprise Module for SAP Applications 15 (aarch64 ppc64le s390x x86_64): prometheus-ha_cluster_exporter-1.2.1+git.1606912430.4fceb77-1.12.1 References: From sle-updates at lists.suse.com Tue Jan 12 13:17:27 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Jan 2021 21:17:27 +0100 (CET) Subject: SUSE-RU-2021:0091-1: moderate: Recommended update for prometheus-ha_cluster_exporter Message-ID: <20210112201727.6D030FCFA@maintenance.suse.de> SUSE Recommended Update: Recommended update for prometheus-ha_cluster_exporter ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0091-1 Rating: moderate References: TEAM-2169 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for prometheus-ha_cluster_exporter fixes the following issue: Update to version 1.2.1 - Remove Pacemaker dependency from systemd unit (jsc#TEAM-2169) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP5: zypper in -t patch SUSE-SLE-SAP-12-SP5-2021-91=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-91=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-91=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP5 (ppc64le x86_64): prometheus-ha_cluster_exporter-1.2.1+git.1606912430.4fceb77-4.12.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): prometheus-ha_cluster_exporter-1.2.1+git.1606912430.4fceb77-4.12.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): prometheus-ha_cluster_exporter-1.2.1+git.1606912430.4fceb77-4.12.1 References: From sle-updates at lists.suse.com Tue Jan 12 16:16:45 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Jan 2021 00:16:45 +0100 (CET) Subject: SUSE-RU-2021:0103-1: Recommended update for libqt5-qtwebengine Message-ID: <20210112231645.4EC62FCFA@maintenance.suse.de> SUSE Recommended Update: Recommended update for libqt5-qtwebengine ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0103-1 Rating: low References: #1043375 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libqt5-qtwebengine fixes the following issues: - Enable qtwebengine to support HTML5 video. (bsc#1043375) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-103=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-103=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (x86_64): libqt5-qtwebengine-debuginfo-5.6.2-2.10.273 libqt5-qtwebengine-debugsource-5.6.2-2.10.273 libqt5-qtwebengine-devel-5.6.2-2.10.273 - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): libqt5-qtwebengine-private-headers-devel-5.6.2-2.10.273 - SUSE Linux Enterprise Server 12-SP5 (x86_64): libqt5-qtwebengine-5.6.2-2.10.273 libqt5-qtwebengine-debuginfo-5.6.2-2.10.273 libqt5-qtwebengine-debugsource-5.6.2-2.10.273 References: https://bugzilla.suse.com/1043375 From sle-updates at lists.suse.com Tue Jan 12 16:17:48 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Jan 2021 00:17:48 +0100 (CET) Subject: SUSE-RU-2021:0105-1: Recommended update for postgresql12 Message-ID: <20210112231748.58CBEFCFA@maintenance.suse.de> SUSE Recommended Update: Recommended update for postgresql12 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0105-1 Rating: low References: #1178961 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for postgresql12 fixes the following issues: - Marked symlinks to pg_config and ecpg as ghost files, so that rpm doesn't complain when they are not there (bsc#1178961) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-105=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-105=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): libecpg6-12.5-8.13.1 libecpg6-debuginfo-12.5-8.13.1 postgresql12-contrib-12.5-8.13.1 postgresql12-contrib-debuginfo-12.5-8.13.1 postgresql12-debuginfo-12.5-8.13.1 postgresql12-debugsource-12.5-8.13.1 postgresql12-devel-12.5-8.13.1 postgresql12-devel-debuginfo-12.5-8.13.1 postgresql12-plperl-12.5-8.13.1 postgresql12-plperl-debuginfo-12.5-8.13.1 postgresql12-plpython-12.5-8.13.1 postgresql12-plpython-debuginfo-12.5-8.13.1 postgresql12-pltcl-12.5-8.13.1 postgresql12-pltcl-debuginfo-12.5-8.13.1 postgresql12-server-12.5-8.13.1 postgresql12-server-debuginfo-12.5-8.13.1 postgresql12-server-devel-12.5-8.13.1 postgresql12-server-devel-debuginfo-12.5-8.13.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): postgresql12-docs-12.5-8.13.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libpq5-12.5-8.13.1 libpq5-debuginfo-12.5-8.13.1 postgresql12-12.5-8.13.1 postgresql12-debuginfo-12.5-8.13.1 postgresql12-debugsource-12.5-8.13.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libpq5-32bit-12.5-8.13.1 libpq5-32bit-debuginfo-12.5-8.13.1 References: https://bugzilla.suse.com/1178961 From sle-updates at lists.suse.com Tue Jan 12 16:18:48 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Jan 2021 00:18:48 +0100 (CET) Subject: SUSE-RU-2021:0100-1: Recommended update for sle-ha-geo-manuals_en, sle-ha-install-quick_en Message-ID: <20210112231848.C7A49FCFA@maintenance.suse.de> SUSE Recommended Update: Recommended update for sle-ha-geo-manuals_en, sle-ha-install-quick_en ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0100-1 Rating: low References: #933411 Affected Products: SUSE Linux Enterprise High Availability GEO 12-SP2 SUSE Linux Enterprise High Availability 12-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sle-ha-geo-manuals_en, sle-ha-install-quick_en fixes the following issues: Changes in sle-ha-geo-manuals_en: - Update text and image files. Changes in sle-ha-install-quick_en: - Fix version string in .spec. - Update package. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability GEO 12-SP2: zypper in -t patch SUSE-SLE-HA-GEO-12-SP2-2021-100=1 - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2021-100=1 Package List: - SUSE Linux Enterprise High Availability GEO 12-SP2 (noarch): sle-ha-geo-manuals_en-12.2-16.3.321 sle-ha-geo-quick_en-pdf-12.2-16.3.321 - SUSE Linux Enterprise High Availability 12-SP2 (noarch): sle-ha-install-quick_en-12.2-12.3.321 References: https://bugzilla.suse.com/933411 From sle-updates at lists.suse.com Tue Jan 12 16:19:48 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Jan 2021 00:19:48 +0100 (CET) Subject: SUSE-SU-2021:0098-1: moderate: Security update for the Linux Kernel Message-ID: <20210112231948.1BAEDFCFA@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0098-1 Rating: moderate References: #1040855 #1044120 #1044767 #1050242 #1050536 #1050545 #1055117 #1056653 #1056657 #1056787 #1064802 #1065729 #1066129 #1094840 #1103990 #1103992 #1104389 #1104393 #1109695 #1109837 #1110096 #1111666 #1112178 #1112374 #1114648 #1115431 #1118657 #1122971 #1136460 #1136461 #1138374 #1139944 #1152457 #1158775 #1164780 #1171078 #1172538 #1172694 #1174784 #1174852 #1176558 #1176559 #1176956 #1177666 #1178270 #1178401 #1178590 #1178634 #1178762 #1179014 #1179015 #1179045 #1179082 #1179107 #1179141 #1179142 #1179204 #1179403 #1179406 #1179418 #1179419 #1179421 #1179429 #1179444 #1179520 #1179578 #1179601 #1179616 #1179663 #1179666 #1179670 #1179671 #1179672 #1179673 #1179711 #1179713 #1179714 #1179715 #1179716 #1179722 #1179723 #1179724 #1179745 #1179810 #1179888 #1179895 #1179896 #1179960 #1179963 #1180027 #1180028 #1180029 #1180030 #1180031 #1180032 #1180052 #1180086 #1180117 #1180258 #1180506 Cross-References: CVE-2018-20669 CVE-2019-20934 CVE-2020-0444 CVE-2020-0465 CVE-2020-0466 CVE-2020-15436 CVE-2020-27068 CVE-2020-27777 CVE-2020-27786 CVE-2020-27825 CVE-2020-29371 CVE-2020-29660 CVE-2020-29661 CVE-2020-4788 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves 14 vulnerabilities and has 86 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-20669: Fixed an improper check i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c (bsc#1122971). - CVE-2019-20934: Fixed a use-after-free in show_numa_stats() because NUMA fault statistics were inappropriately freed, aka CID-16d51a590a8c (bsc#1179663). - CVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027). - CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029). - CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031). - CVE-2020-4788: Fixed an issue with IBM Power9 processors could have allowed a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances (bsc#1177666). - CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141). - CVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086). - CVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107). - CVE-2020-27786: Fixed an out-of-bounds write in the MIDI implementation (bnc#1179601). - CVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960). - CVE-2020-29371: Fixed uninitialized memory leaks to userspace (bsc#1179429). - CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745). - CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745). The following non-security bugs were fixed: - ALSA: hda/ca0132 - Change Input Source enum strings (git-fixes). - ALSA: hda/ca0132 - Fix AE-5 rear headphone pincfg (git-fixes). - ALSA: hda/realtek - Add new codec supported for ALC897 (git-fixes). - ALSA: hda/realtek: Add mute LED quirk to yet another HP x360 model (git-fixes). - ALSA: hda/realtek: Add some Clove SSID in the ALC293(ALC1220) (git-fixes). - ALSA: hda/realtek: Enable headset of ASUS UX482EG & B9400CEA with ALC294 (git-fixes). - ALSA: hda: Fix regressions on clear and reconfig sysfs (git-fixes). - ALSA: usb-audio: US16x08: fix value count for level meters (git-fixes). - ASoC: arizona: Fix a wrong free in wm8997_probe (git-fixes). - ASoC: cx2072x: Fix doubly definitions of Playback and Capture streams (git-fixes). - ASoC: jz4740-i2s: add missed checks for clk_get() (git-fixes). - ASoC: pcm: DRAIN support reactivation (git-fixes). - ASoC: wm8998: Fix PM disable depth imbalance on error (git-fixes). - ASoC: wm_adsp: remove "ctl" from list on error in wm_adsp_create_control() (git-fixes). - ath10k: Fix an error handling path (git-fixes). - ath10k: Release some resources in an error handling path (git-fixes). - ath10k: Remove msdu from idr when management pkt send fails (git-fixes). - ath6kl: fix enum-conversion warning (git-fixes). - Avoid a GCC warning about "/*" within a comment. - Bluetooth: btusb: Fix detection of some fake CSR controllers with a bcdDevice val of 0x0134 (git-fixes). - Bluetooth: Fix null pointer dereference in hci_event_packet() (git-fixes). - Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt() (git-fixes). - bnxt_en: Fix race when modifying pause settings (bsc#1050242 ). - bnxt_en: Protect bnxt_set_eee() and bnxt_set_pauseparam() with mutex (bsc#1050242). - btmrvl: Fix firmware filename for sd8997 chipset (bsc#1172694). - btrfs: fix use-after-free on readahead extent after failure to create it (bsc#1179963). - btrfs: qgroup: do not commit transaction when we already hold the handle (bsc#1178634). - btrfs: remove a BUG_ON() from merge_reloc_roots() (bsc#1174784). - bus: fsl-mc: fix error return code in fsl_mc_object_allocate() (git-fixes). - can: mcp251x: add error check when wq alloc failed (git-fixes). - can: softing: softing_netdev_open(): fix error handling (git-fixes). - cifs: add NULL check for ses->tcon_ipc (bsc#1178270). - cifs: allow syscalls to be restarted in __smb_send_rqst() (bsc#1176956). - cifs: fix check of tcon dfs in smb1 (bsc#1178270). - cifs: fix potential use-after-free in cifs_echo_request() (bsc#1139944). - cirrus: cs89x0: remove set but not used variable 'lp' (git-fixes). - cirrus: cs89x0: use devm_platform_ioremap_resource() to simplify code (git-fixes). - coredump: fix core_pattern parse error (git-fixes). - cpufreq: highbank: Add missing MODULE_DEVICE_TABLE (git-fixes). - cpufreq: loongson1: Add missing MODULE_ALIAS (git-fixes). - cpufreq: scpi: Add missing MODULE_ALIAS (git-fixes). - cpufreq: st: Add missing MODULE_DEVICE_TABLE (git-fixes). - crypto: af_alg - avoid undefined behavior accessing salg_name (git-fixes). - crypto: omap-aes - Fix PM disable depth imbalance in omap_aes_probe (git-fixes). - crypto: qat - fix status check in qat_hal_put_rel_rd_xfer() (git-fixes). - crypto: talitos - Fix return type of current_desc_hdr() (git-fixes). - cw1200: fix missing destroy_workqueue() on error in cw1200_init_common (git-fixes). - cxgb4: Fix offset when clearing filter byte counters (bsc#1064802 bsc#1066129). - drivers: soc: ti: knav_qmss_queue: Fix error return code in knav_queue_probe (git-fixes). - drm/amd/display: remove useless if/else (git-fixes). - drm/amdgpu: fix build_coefficients() argument (git-fixes). - drm/dp_aux_dev: check aux_dev before use in drm_dp_aux_dev_get_by_minor() (git-fixes). - drm/gma500: fix double free of gma_connector (git-fixes). - drm/meson: dw-hdmi: Register a callback to disable the regulator (git-fixes). - drm/msm/dpu: Add newline to printks (git-fixes). - drm/msm/dsi_phy_10nm: implement PHY disabling (git-fixes). - drm/omap: dmm_tiler: fix return error code in omap_dmm_probe() (git-fixes). - drm/rockchip: Avoid uninitialized use of endpoint id in LVDS (git-fixes). - EDAC/i10nm: Use readl() to access MMIO registers (12sp5). - epoll: Keep a reference on files added to the check list (bsc#1180031). - ext4: correctly report "not supported" for {usr,grp}jquota when !CONFIG_QUOTA (bsc#1179672). - ext4: fix bogus warning in ext4_update_dx_flag() (bsc#1179716). - ext4: fix error handling code in add_new_gdb (bsc#1179722). - ext4: fix invalid inode checksum (bsc#1179723). - ext4: fix leaking sysfs kobject after failed mount (bsc#1179670). - ext4: limit entries returned when counting fsmap records (bsc#1179671). - ext4: unlock xattr_sem properly in ext4_inline_data_truncate() (bsc#1179673). - extcon: max77693: Fix modalias string (git-fixes). - fix regression in "epoll: Keep a reference on files added to the check list" (bsc#1180031, git-fixes). - forcedeth: use per cpu to collect xmit/recv statistics (git-fixes). - fs: Do not invalidate page buffers in block_write_full_page() (bsc#1179711). - genirq/irqdomain: Add an irq_create_mapping_affinity() function (bsc#1065729). - HID: Add another Primax PIXART OEM mouse quirk (git-fixes). - HID: Fix slab-out-of-bounds read in hid_field_extract (bsc#1180052). - HSI: omap_ssi: Do not jump to free ID in ssi_add_controller() (git-fixes). - i2c: qup: Fix error return code in qup_i2c_bam_schedule_desc() (git-fixes). - i40iw: Fix error handling in i40iw_manage_arp_cache() (bsc#1111666) - i40iw: fix null pointer dereference on a null wqe pointer (bsc#1111666) - i40iw: Report correct firmware version (bsc#1111666) - IB/cma: Fix ports memory leak in cma_configfs (bsc#1111666) - IB/hfi1: Call kobject_put() when kobject_init_and_add() fails (bsc#1111666) - IB/hfi1: Fix memory leaks in sysfs registration and unregistration (bsc#1111666) - IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode (bsc#1111666) - IB/mlx4: Add and improve logging (bsc#1111666) - IB/mlx4: Add support for MRA (bsc#1111666) - IB/mlx4: Adjust delayed work when a dup is observed (bsc#1111666) - IB/mlx4: Fix starvation in paravirt mux/demux (bsc#1111666) - IB/mlx4: Test return value of calls to ib_get_cached_pkey (bsc#1111666) - IB/mthca: fix return value of error branch in mthca_init_cq() (bsc#1111666) - IB/qib: Call kobject_put() when kobject_init_and_add() fails (bsc#1111666) - IB/rdmavt: Fix sizeof mismatch (bsc#1111666) - IB/srpt: Fix memory leak in srpt_add_one (bsc#1111666) - ibmvnic: add some debugs (bsc#1179896 ltc#190255). - ibmvnic: avoid memset null scrq msgs (bsc#1044767 ltc#155231 git-fixes). - ibmvnic: continue fatal error reset after passive init (bsc#1171078 ltc#184239 git-fixes). - ibmvnic: delay next reset if hard reset fails (bsc#1094840 ltc#167098 git-fixes). - ibmvnic: enhance resetting status check during module exit (bsc#1065729). - ibmvnic: fix call_netdevice_notifiers in do_reset (bsc#1115431 ltc#171853 git-fixes). - ibmvnic: fix NULL pointer dereference in reset_sub_crq_queues (bsc#1040855 ltc#155067 git-fixes). - ibmvnic: fix: NULL pointer dereference (bsc#1044767 ltc#155231 git-fixes). - ibmvnic: notify peers when failover and migration happen (bsc#1044120 ltc#155423 git-fixes). - ibmvnic: restore adapter state on failed reset (bsc#1152457 ltc#174432 git-fixes). - igc: Fix returning wrong statistics (bsc#1118657). - iio: adc: rockchip_saradc: fix missing clk_disable_unprepare() on error in rockchip_saradc_resume (git-fixes). - iio: buffer: Fix demux update (git-fixes). - iio:pressure:mpl3115: Force alignment of buffer (git-fixes). - inet_ecn: Fix endianness of checksum update when setting ECT(1) (git-fixes). - Input: ads7846 - fix integer overflow on Rt calculation (git-fixes). - Input: ads7846 - fix race that causes missing releases (git-fixes). - Input: ads7846 - fix unaligned access on 7845 (git-fixes). - Input: cyapa_gen6 - fix out-of-bounds stack access (git-fixes). - Input: i8042 - add ByteSpeed touchpad to noloop table (git-fixes). - Input: i8042 - add Entroware Proteus EL07R4 to nomux and reset lists (git-fixes). - Input: i8042 - fix error return code in i8042_setup_aux() (git-fixes). - Input: omap4-keypad - fix runtime PM error handling (git-fixes). - Input: trackpoint - add new trackpoint variant IDs (git-fixes). - Input: trackpoint - enable Synaptics trackpoints (git-fixes). - Input: xpad - support Ardwiino Controllers (git-fixes). - kABI fix for g2d (git-fixes). - kABI workaround for dsa/b53 changes (git-fixes). - kABI workaround for net/ipvlan changes (git-fixes). - kABI workaround for usermodehelper changes (bsc#1179406). - kABI: ath10k: move a new structure member to the end (git-fixes). - kABI: genirq: add back irq_create_mapping (bsc#1065729). - kernel-source.spec: Fix build with rpm 4.16 (boo#1179015). RPM_BUILD_ROOT is cleared before %%install. Do the unpack into RPM_BUILD_ROOT in %%install - kernel-{binary,source}.spec.in: do not create loop symlinks (bsc#1179082) - kernel/cpu: add arch override for clear_tasks_mm_cpumask() mm handling (bsc#1055117 ltc#159753 git-fixes bsc#1179888 ltc#190253). - kgdb: Fix spurious true from in_dbg_master() (git-fixes). - KVM: x86: reinstate vendor-agnostic check on SPEC_CTRL cpuid bits (bsc#1112178). - mac80211: do not set set TDLS STA bandwidth wider than possible (git-fixes). - mac80211: mesh: fix mesh_pathtbl_init() error path (git-fixes). - matroxfb: avoid -Warray-bounds warning (git-fixes). - md/raid5: fix oops during stripe resizing (git-fixes). - media: mtk-mdp: Fix a refcounting bug on error in init (git-fixes). - media: mtk-vcodec: add missing put_device() call in mtk_vcodec_release_dec_pm() (git-fixes). - media: s5p-g2d: Fix a memory leak in an error handling path in 'g2d_probe()' (git-fixes). - media: saa7146: fix array overflow in vidioc_s_audio() (git-fixes). - media: siano: fix memory leak of debugfs members in smsdvb_hotplug (git-fixes). - media: solo6x10: fix missing snd_card_free in error handling case (git-fixes). - media: uvcvideo: Set media controller entity functions (git-fixes). - media: uvcvideo: Silence shift-out-of-bounds warning (git-fixes). - media: v4l2-async: Fix trivial documentation typo (git-fixes). - memstick: fix a double-free bug in memstick_check (git-fixes). - memstick: r592: Fix error return in r592_probe() (git-fixes). - mfd: rt5033: Fix errorneous defines (git-fixes). - mlxsw: core: Fix memory leak on module removal (bsc#1112374). - mm,memory_failure: always pin the page in madvise_inject_error (bsc#1180258). - mm/userfaultfd: do not access vma->vm_mm after calling handle_userfault() (bsc#1179204). - Move upstreamed bt fixes into sorted section - mwifiex: fix mwifiex_shutdown_sw() causing sw reset failure (git-fixes). - net/smc: fix valid DMBE buffer sizes (git-fixes). - net/tls: Fix kmap usage (bsc#1109837). - net/tls: missing received data after fast remote close (bsc#1109837). - net/x25: prevent a couple of overflows (bsc#1178590). - net: aquantia: Fix aq_vec_isr_legacy() return value (git-fixes). - net: aquantia: fix LRO with FCS error (git-fixes). - net: DCB: Validate DCB_ATTR_DCB_BUFFER argument (bsc#1103990 ). - net: dsa: b53: Always use dev->vlan_enabled in b53_configure_vlan() (git-fixes). - net: dsa: b53: Ensure the default VID is untagged (git-fixes). - net: dsa: b53: Fix default VLAN ID (git-fixes). - net: dsa: b53: Properly account for VLAN filtering (git-fixes). - net: dsa: bcm_sf2: Do not assume DSA master supports WoL (git-fixes). - net: dsa: bcm_sf2: potential array overflow in bcm_sf2_sw_suspend() (git-fixes). - net: dsa: qca8k: remove leftover phy accessors (git-fixes). - net: ena: fix packet's addresses for rx_offset feature (bsc#1174852). - net: ena: handle bad request id in ena_netdev (git-fixes). - net: ethernet: ti: cpsw: clear all entries when delete vid (git-fixes). - net: ethernet: ti: cpsw: fix runtime_pm while add/kill vlan (git-fixes). - net: hisilicon: Fix signedness bug in hix5hd2_dev_probe() (git-fixes). - net: macb: add missing barriers when reading descriptors (git-fixes). - net: macb: fix dropped RX frames due to a race (git-fixes). - net: macb: fix error format in dev_err() (git-fixes). - net: macb: fix random memory corruption on RX with 64-bit DMA (git-fixes). - net: pasemi: fix an use-after-free in pasemi_mac_phy_init() (git-fixes). - net: qed: fix "maybe uninitialized" warning (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - net: qed: fix async event callbacks unregistering (bsc#1104393 bsc#1104389). - net: qede: fix PTP initialization on recovery (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - net: qede: fix use-after-free on recovery and AER handling (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - net: seeq: Fix the function used to release some memory in an error handling path (git-fixes). - net: sh_eth: fix a missing check of of_get_phy_mode (git-fixes). - net: sonic: replace dev_kfree_skb in sonic_send_packet (git-fixes). - net: sonic: return NETDEV_TX_OK if failed to map buffer (git-fixes). - net: stmmac: fix csr_clk can't be zero issue (git-fixes). - net: stmmac: Fix reception of Broadcom switches tags (git-fixes). - net: thunderx: use spin_lock_bh in nicvf_set_rx_mode_task() (bsc#1110096). - net:ethernet:aquantia: Extra spinlocks removed (git-fixes). - net_sched: fix a memory leak in atm_tc_init() (bsc#1056657 bsc#1056653 bsc#1056787). - nfc: s3fwrn5: Release the nfc firmware (git-fixes). - nfp: use correct define to return NONE fec (bsc#1109837). - NFS: fix nfs_path in case of a rename retry (git-fixes). - NFSD: Add missing NFSv2 .pc_func methods (git-fixes). - NFSv4.2: fix client's attribute cache management for copy_file_range (git-fixes). - NFSv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag (git-fixes). - ocfs2: fix unbalanced locking (bsc#1180506). - ocfs2: initialize ip_next_orphan (bsc#1179724). - orinoco: Move context allocation after processing the skb (git-fixes). - PCI: Fix pci_slot_release() NULL pointer dereference (git-fixes). - phy: Revert toggling reset changes (git-fixes). - pinctrl: falcon: add missing put_device() call in pinctrl_falcon_probe() (git-fixes). - platform/x86: dell-smbios-base: Fix error return code in dell_smbios_init (git-fixes). - platform/x86: mlx-platform: Fix item counter assignment for MSN2700, MSN24xx systems (git-fixes). - platform/x86: mlx-platform: remove an unused variable (git-fixes). - platform/x86: mlx-platform: Remove PSU EEPROM from default platform configuration (git-fixes). - platform/x86: mlx-platform: Remove PSU EEPROM from MSN274x platform configuration (git-fixes). - pNFS/flexfiles: Fix list corruption if the mirror count changes (git-fixes). - power: supply: bq24190_charger: fix reference leak (git-fixes). - powerpc/64: Set up a kernel stack for secondaries before cpu_restore() (bsc#1065729). - powerpc/64s/pseries: Fix hash tlbiel_all_isa300 for guest kernels (bsc#1179888 ltc#190253). - powerpc/64s: Fix hash ISA v3.0 TLBIEL instruction generation (bsc#1055117 ltc#159753 git-fixes bsc#1179888 ltc#190253). - powerpc/64s: Trim offlined CPUs from mm_cpumasks (bsc#1055117 ltc#159753 git-fixes bsc#1179888 ltc#190253). - powerpc/perf: Fix crash with is_sier_available when pmu is not set (bsc#1179578 ltc#189313). - powerpc/pseries/hibernation: remove redundant cacheinfo update (bsc#1138374 ltc#178199 git-fixes). - powerpc/pseries: Pass MSI affinity to irq_create_mapping() (bsc#1065729). - powerpc/smp: Add __init to init_big_cores() (bsc#1109695 ltc#171067 git-fixes). - powerpc/xmon: Change printk() to pr_cont() (bsc#1065729). - powerpc: Fix incorrect stw{, ux, u, x} instructions in __set_pte_at (bsc#1065729). - ppp: remove the PPPIOCDETACH ioctl (git-fixes). - pwm: lp3943: Dynamically allocate PWM chip base (git-fixes). - qed: fix error return code in qed_iwarp_ll2_start() (bsc#1050536 bsc#1050545). - qed: suppress "do not support RoCE & iWARP" flooding on HW init (bsc#1050536 bsc#1050545). - qed: suppress false-positives interrupt error messages on HW init (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - quota: clear padding in v2r1_mem2diskdqb() (bsc#1179714). - ravb: Fix use-after-free ravb_tstamp_skb (git-fixes). - RDMA/bnxt_re: Fix lifetimes in bnxt_re_task (bsc#1111666) - RDMA/bnxt_re: Fix sizeof mismatch for allocation of pbl_tbl. (bsc#1111666) - RDMA/cm: Add missing locking around id.state in cm_dup_req_handler (bsc#1111666) - RDMA/cm: Fix checking for allowed duplicate listens (bsc#1111666) - RDMA/cm: Remove a race freeing timewait_info (bsc#1111666) - RDMA/cm: Update num_paths in cma_resolve_iboe_route error flow (bsc#1111666) - RDMA/cma: Protect bind_list and listen_list while finding matching cm id (bsc#1111666) - RDMA/core: Fix race between destroy and release FD object (bsc#1111666) - RDMA/core: Prevent mixed use of FDs between shared ufiles (bsc#1111666) - RDMA/hns: Correct typo of hns_roce_create_cq() (bsc#1111666) - RDMA/hns: Set the unsupported wr opcode (bsc#1111666) - RDMA/ipoib: Fix ABBA deadlock with ipoib_reap_ah() (bsc#1111666) - RDMA/ipoib: Return void from ipoib_ib_dev_stop() (bsc#1111666) - RDMA/ipoib: Set rtnl_link_ops for ipoib interfaces (bsc#1111666) - RDMA/mad: Fix possible memory leak in ib_mad_post_receive_mads() (bsc#1111666) - RDMA/mlx4: Initialize ib_spec on the stack (bsc#1111666) - RDMA/mlx4: Read pkey table length instead of hardcoded value (bsc#1111666) - RDMA/mlx5: Set GRH fields in query QP on RoCE (bsc#1111666) - RDMA/mlx5: Verify that QP is created with RQ or SQ (bsc#1111666) - RDMA/pvrdma: Fix missing pci disable in pvrdma_pci_probe() (bsc#1111666) - RDMA/qedr: Endianness warnings cleanup (bsc#1111666) - RDMA/qedr: Fix doorbell setting (bsc#1111666) - RDMA/qedr: Fix KASAN: use-after-free in ucma_event_handler+0x532 (bsc#1050545). - RDMA/qedr: Fix memory leak in iWARP CM (bsc#1050545 ). - RDMA/qedr: Fix use of uninitialized field (bsc#1111666) - RDMA/qedr: SRQ's bug fixes (bsc#1111666) - RDMA/rxe: Drop pointless checks in rxe_init_ports (bsc#1111666) - RDMA/rxe: Fix memleak in rxe_mem_init_user (bsc#1111666) - RDMA/rxe: Fix the parent sysfs read when the interface has 15 chars (bsc#1111666) - RDMA/rxe: Prevent access to wr->next ptr afrer wr is posted to send queue (bsc#1111666) - RDMA/rxe: Remove unused rxe_mem_map_pages (bsc#1111666) - RDMA/rxe: Remove useless rxe_init_device_param assignments (bsc#1111666) - RDMA/rxe: Return void from rxe_init_port_param() (bsc#1111666) - RDMA/rxe: Return void from rxe_mem_init_dma() (bsc#1111666) - RDMA/rxe: Set default vendor ID (bsc#1111666) - RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices (bsc#1111666) - RDMA/rxe: Skip dgid check in loopback mode (bsc#1111666) - RDMA/srpt: Fix typo in srpt_unregister_mad_agent docstring (bsc#1111666) - reboot: fix overflow parsing reboot cpu number (bsc#1179421). - regmap: Remove duplicate `type` field from regmap `regcache_sync` trace event (git-fixes). - reiserfs: Fix oops during mount (bsc#1179715). - reiserfs: Initialize inode keys properly (bsc#1179713). - rtc: hym8563: enable wakeup when applicable (git-fixes). - s390/bpf: Fix multiple tail calls (git-fixes). - s390/cpuinfo: show processor physical address (git-fixes). - s390/cpum_sf.c: fix file permission for cpum_sfb_size (git-fixes). - s390/dasd: fix null pointer dereference for ERP requests (git-fixes). - s390/pci: fix CPU address in MSI for directed IRQ (git-fixes). - s390/qeth: fix af_iucv notification race (git-fixes). - s390/qeth: fix tear down of async TX buffers (git-fixes). - s390/qeth: make af_iucv TX notification call more robust (git-fixes). - s390/stp: add locking to sysfs functions (git-fixes). - s390/zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl (git-fixes). - scripts/lib/SUSE/MyBS.pm: properly close prjconf Macros: section - scsi: lpfc: Add FDMI Vendor MIB support (bsc#1164780). - scsi: lpfc: Convert abort handling to SLI-3 and SLI-4 handlers (bsc#1164780). - scsi: lpfc: Convert SCSI I/O completions to SLI-3 and SLI-4 handlers (bsc#1164780). - scsi: lpfc: Convert SCSI path to use common I/O submission path (bsc#1164780). - scsi: lpfc: Correct null ndlp reference on routine exit (bsc#1164780). - scsi: lpfc: Drop nodelist reference on error in lpfc_gen_req() (bsc#1164780). - scsi: lpfc: Enable common send_io interface for SCSI and NVMe (bsc#1164780). - scsi: lpfc: Enable common wqe_template support for both SCSI and NVMe (bsc#1164780). - scsi: lpfc: Enlarge max_sectors in scsi host templates (bsc#1164780). - scsi: lpfc: Extend the RDF FPIN Registration descriptor for additional events (bsc#1164780). - scsi: lpfc: Fix duplicate wq_create_version check (bsc#1164780). - scsi: lpfc: Fix fall-through warnings for Clang (bsc#1164780). - scsi: lpfc: Fix FLOGI/PLOGI receive race condition in pt2pt discovery (bsc#1164780). - scsi: lpfc: Fix invalid sleeping context in lpfc_sli4_nvmet_alloc() (bsc#1164780). - scsi: lpfc: Fix memory leak on lcb_context (bsc#1164780). - scsi: lpfc: Fix missing prototype for lpfc_nvmet_prep_abort_wqe() (bsc#1164780). - scsi: lpfc: Fix missing prototype warning for lpfc_fdmi_vendor_attr_mi() (bsc#1164780). - scsi: lpfc: Fix NPIV discovery and Fabric Node detection (bsc#1164780). - scsi: lpfc: Fix NPIV Fabric Node reference counting (bsc#1164780). - scsi: lpfc: Fix pointer defereference before it is null checked issue (bsc#1164780). - scsi: lpfc: Fix refcounting around SCSI and NVMe transport APIs (bsc#1164780). - scsi: lpfc: Fix removal of SCSI transport device get and put on dev structure (bsc#1164780). - scsi: lpfc: Fix scheduling call while in softirq context in lpfc_unreg_rpi (bsc#1164780). - scsi: lpfc: Fix set but not used warnings from Rework remote port lock handling (bsc#1164780). - scsi: lpfc: Fix set but unused variables in lpfc_dev_loss_tmo_handler() (bsc#1164780). - scsi: lpfc: Fix spelling mistake "Cant" -> "Can't" (bsc#1164780). - scsi: lpfc: Fix variable 'vport' set but not used in lpfc_sli4_abts_err_handler() (bsc#1164780). - scsi: lpfc: lpfc_attr: Demote kernel-doc format for redefined functions (bsc#1164780). - scsi: lpfc: lpfc_attr: Fix-up a bunch of kernel-doc misdemeanours (bsc#1164780). - scsi: lpfc: lpfc_debugfs: Fix a couple of function documentation issues (bsc#1164780). - scsi: lpfc: lpfc_scsi: Fix a whole host of kernel-doc issues (bsc#1164780). - scsi: lpfc: Refactor WQE structure definitions for common use (bsc#1164780). - scsi: lpfc: Reject CT request for MIB commands (bsc#1164780). - scsi: lpfc: Remove dead code on second !ndlp check (bsc#1164780). - scsi: lpfc: Remove ndlp when a PLOGI/ADISC/PRLI/REG_RPI ultimately fails (bsc#1164780). - scsi: lpfc: Remove set but not used 'qp' (bsc#1164780). - scsi: lpfc: Remove unneeded variable 'status' in lpfc_fcp_cpu_map_store() (bsc#1164780). - scsi: lpfc: Removed unused macros in lpfc_attr.c (bsc#1164780). - scsi: lpfc: Rework locations of ndlp reference taking (bsc#1164780). - scsi: lpfc: Rework remote port lock handling (bsc#1164780). - scsi: lpfc: Rework remote port ref counting and node freeing (bsc#1164780). - scsi: lpfc: Unsolicited ELS leaves node in incorrect state while dropping it (bsc#1164780). - scsi: lpfc: Update changed file copyrights for 2020 (bsc#1164780). - scsi: lpfc: Update lpfc version to 12.8.0.4 (bsc#1164780). - scsi: lpfc: Update lpfc version to 12.8.0.5 (bsc#1164780). - scsi: lpfc: Update lpfc version to 12.8.0.6 (bsc#1164780). - scsi: lpfc: Use generic power management (bsc#1164780). - scsi: qla2xxx: Change post del message from debug level to log level (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Convert to DEFINE_SHOW_ATTRIBUTE (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Do not check for fw_started while posting NVMe command (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Do not consume srb greedily (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Drop TARGET_SCF_LOOKUP_LUN_FROM_TAG (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix compilation issue in PPC systems (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix crash during driver load on big endian machines (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix device loss on 4G and older HBAs (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix flash update in 28XX adapters on big endian machines (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix FW initialization error on big endian machines (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix N2N and NVMe connect retry failure (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix return of uninitialized value in rval (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix the call trace for flush workqueue (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Handle aborts correctly for port undergoing deletion (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Handle incorrect entry_type entries (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: If fcport is undergoing deletion complete I/O with retry (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Initialize variable in qla8044_poll_reg() (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Limit interrupt vectors to number of CPUs (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Move sess cmd list/lock to driver (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Remove in_interrupt() from qla82xx-specific code (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Remove in_interrupt() from qla83xx-specific code (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: remove incorrect sparse #ifdef (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Remove trailing semicolon in macro definition (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Return EBUSY on fcport deletion (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Tear down session if FW say it is down (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Update version to 10.02.00.104-k (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Use constant when it is known (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: Remove unneeded break statements (bsc#1164780). - scsi: storvsc: Fix error return in storvsc_probe() (git-fixes). - scsi: target: tcm_qla2xxx: Remove BUG_ON(in_interrupt()) (bsc#1172538 bsc#1179142 bsc#1179810). - serial: 8250_omap: Avoid FIFO corruption caused by MDR1 access (git-fixes). - SMB3: Honor 'handletimeout' flag for multiuser mounts (bsc#1176558). - SMB3: Honor 'posix' flag for multiuser mounts (bsc#1176559). - SMB3: Honor lease disabling for multiuser mounts (git-fixes). - soc/tegra: fuse: Fix index bug in get_process_id (git-fixes). - soc: mediatek: Check if power domains can be powered on at boot time (git-fixes). - soc: qcom: smp2p: Safely acquire spinlock without IRQs (git-fixes). - soc: ti: Fix reference imbalance in knav_dma_probe (git-fixes). - soc: ti: knav_qmss: fix reference leak in knav_queue_probe (git-fixes). - spi: bcm63xx-hsspi: fix missing clk_disable_unprepare() on error in bcm63xx_hsspi_resume (git-fixes). - spi: davinci: Fix use-after-free on unbind (git-fixes). - spi: img-spfi: fix reference leak in img_spfi_resume (git-fixes). - spi: pic32: Do not leak DMA channels in probe error path (git-fixes). - spi: spi-mem: Fix passing zero to 'PTR_ERR' warning (git-fixes). - spi: spi-mem: fix reference leak in spi_mem_access_start (git-fixes). - spi: spi-ti-qspi: fix reference leak in ti_qspi_setup (git-fixes). - spi: tegra114: fix reference leak in tegra spi ops (git-fixes). - spi: tegra20-sflash: fix reference leak in tegra_sflash_resume (git-fixes). - spi: tegra20-slink: fix reference leak in slink ops of tegra20 (git-fixes). - splice: only read in as much information as there is pipe buffer space (bsc#1179520). - staging: comedi: mf6x4: Fix AI end-of-conversion detection (git-fixes). - staging: olpc_dcon: add a missing dependency (git-fixes). - staging: olpc_dcon: Do not call platform_device_unregister() in dcon_probe() (git-fixes). - sunrpc: fix copying of multiple pages in gss_read_proxy_verf() (bsc#1103992). - sunrpc: fixed rollback in rpc_gssd_dummy_populate() (git-fixes). - sunrpc: Properly set the @subbuf parameter of xdr_buf_subsegment() (git-fixes). - sunrpc: The RDMA back channel mustn't disappear while requests are outstanding (git-fixes). - svcrdma: fix bounce buffers for unaligned offsets and multiple pages (bsc#1103992). - svcrdma: Fix page leak in svc_rdma_recv_read_chunk() (bsc#1103992). - tcp: Set INET_ECN_xmit configuration in tcp_reinit_congestion_control (bsc#1109837). - timer: Fix wheel index calculation on last level (git fixes) - timer: Prevent base->clk from moving backward (git-fixes) - tracing: Fix out of bounds write in get_trace_buf (bsc#1179403). - tty: Fix ->pgrp locking in tiocspgrp() (git-fixes). - uapi/if_ether.h: move __UAPI_DEF_ETHHDR libc define (git-fixes). - uapi/if_ether.h: prevent redefinition of struct ethhdr (git-fixes). - usb: chipidea: ci_hdrc_imx: Pass DISABLE_DEVICE_STREAMING flag to imx6ul (git-fixes). - usb: ehci-omap: Fix PM disable depth umbalance in ehci_hcd_omap_probe (git-fixes). - usb: gadget: f_fs: Use local copy of descriptors for userspace copy (git-fixes). - usb: oxu210hp-hcd: Fix memory leak in oxu_create (git-fixes). - usb: serial: ch341: add new Product ID for CH341A (git-fixes). - usb: serial: ch341: sort device-id entries (git-fixes). - usb: serial: digi_acceleport: clean up modem-control handling (git-fixes). - usb: serial: digi_acceleport: clean up set_termios (git-fixes). - usb: serial: digi_acceleport: fix write-wakeup deadlocks (git-fixes). - usb: serial: digi_acceleport: remove in_interrupt() usage. - usb: serial: digi_acceleport: remove redundant assignment to pointer priv (git-fixes). - usb: serial: digi_acceleport: rename tty flag variable (git-fixes). - usb: serial: digi_acceleport: use irqsave() in USB's complete callback (git-fixes). - usb: serial: keyspan_pda: fix dropped unthrottle interrupts (git-fixes). - usb: serial: keyspan_pda: fix stalled writes (git-fixes). - usb: serial: keyspan_pda: fix tx-unthrottle use-after-free (git-fixes). - usb: serial: keyspan_pda: fix write deadlock (git-fixes). - usb: serial: keyspan_pda: fix write unthrottling (git-fixes). - usb: serial: keyspan_pda: fix write-wakeup use-after-free (git-fixes). - usb: serial: kl5kusb105: fix memleak on open (git-fixes). - usb: serial: mos7720: fix parallel-port state restore (git-fixes). - usb: serial: option: add Fibocom NL668 variants (git-fixes). - usb: serial: option: add interface-number sanity check to flag handling (git-fixes). - usb: serial: option: add support for Thales Cinterion EXS82 (git-fixes). - usb: serial: option: fix Quectel BG96 matching (git-fixes). - usbnet: ipheth: fix connectivity with iOS 14 (git-fixes). - usermodehelper: reset umask to default before executing user process (bsc#1179406). - wimax: fix duplicate initializer warning (git-fixes). - x86/apic: Fix integer overflow on 10 bit left shift of cpu_khz (bsc#1112178). - x86/insn-eval: Use new for_each_insn_prefix() macro to loop over prefixes bytes (bsc#1112178). - x86/mm/ident_map: Check for errors from ident_pud_init() (bsc#1112178). - x86/mm/mem_encrypt: Fix definition of PMD_FLAGS_DEC_WP (bsc#1112178). - x86/resctrl: Add necessary kernfs_put() calls to prevent refcount leak (bsc#1112178). - x86/resctrl: Fix AMD L3 QOS CDP enable/disable (bsc#1114648). - x86/resctrl: Fix incorrect local bandwidth when mba_sc is enabled (bsc#1112178). - x86/resctrl: Remove superfluous kernfs_get() calls to prevent refcount leak (bsc#1112178). - x86/resctrl: Remove unused struct mbm_state::chunks_bw (bsc#1112178). - x86/speculation: Fix prctl() when spectre_v2_user={seccomp,prctl},ibpb (bsc#1112178). - x86/tracing: Introduce a static key for exception tracing (bsc#1179895). - x86/traps: Simplify pagefault tracing logic (bsc#1179895). - x86/uprobes: Do not use prefixes.nbytes when looping over prefixes.bytes (bsc#1112178). - xfrm: Fix memleak on xfrm state destroy (bsc#1158775). - xprtrdma: fix incorrect header size calculations (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-98=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (x86_64): kernel-azure-4.12.14-16.41.1 kernel-azure-base-4.12.14-16.41.1 kernel-azure-base-debuginfo-4.12.14-16.41.1 kernel-azure-debuginfo-4.12.14-16.41.1 kernel-azure-debugsource-4.12.14-16.41.1 kernel-azure-devel-4.12.14-16.41.1 kernel-syms-azure-4.12.14-16.41.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): kernel-devel-azure-4.12.14-16.41.1 kernel-source-azure-4.12.14-16.41.1 References: https://www.suse.com/security/cve/CVE-2018-20669.html https://www.suse.com/security/cve/CVE-2019-20934.html https://www.suse.com/security/cve/CVE-2020-0444.html https://www.suse.com/security/cve/CVE-2020-0465.html https://www.suse.com/security/cve/CVE-2020-0466.html https://www.suse.com/security/cve/CVE-2020-15436.html https://www.suse.com/security/cve/CVE-2020-27068.html https://www.suse.com/security/cve/CVE-2020-27777.html https://www.suse.com/security/cve/CVE-2020-27786.html https://www.suse.com/security/cve/CVE-2020-27825.html https://www.suse.com/security/cve/CVE-2020-29371.html https://www.suse.com/security/cve/CVE-2020-29660.html https://www.suse.com/security/cve/CVE-2020-29661.html https://www.suse.com/security/cve/CVE-2020-4788.html https://bugzilla.suse.com/1040855 https://bugzilla.suse.com/1044120 https://bugzilla.suse.com/1044767 https://bugzilla.suse.com/1050242 https://bugzilla.suse.com/1050536 https://bugzilla.suse.com/1050545 https://bugzilla.suse.com/1055117 https://bugzilla.suse.com/1056653 https://bugzilla.suse.com/1056657 https://bugzilla.suse.com/1056787 https://bugzilla.suse.com/1064802 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1066129 https://bugzilla.suse.com/1094840 https://bugzilla.suse.com/1103990 https://bugzilla.suse.com/1103992 https://bugzilla.suse.com/1104389 https://bugzilla.suse.com/1104393 https://bugzilla.suse.com/1109695 https://bugzilla.suse.com/1109837 https://bugzilla.suse.com/1110096 https://bugzilla.suse.com/1111666 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1112374 https://bugzilla.suse.com/1114648 https://bugzilla.suse.com/1115431 https://bugzilla.suse.com/1118657 https://bugzilla.suse.com/1122971 https://bugzilla.suse.com/1136460 https://bugzilla.suse.com/1136461 https://bugzilla.suse.com/1138374 https://bugzilla.suse.com/1139944 https://bugzilla.suse.com/1152457 https://bugzilla.suse.com/1158775 https://bugzilla.suse.com/1164780 https://bugzilla.suse.com/1171078 https://bugzilla.suse.com/1172538 https://bugzilla.suse.com/1172694 https://bugzilla.suse.com/1174784 https://bugzilla.suse.com/1174852 https://bugzilla.suse.com/1176558 https://bugzilla.suse.com/1176559 https://bugzilla.suse.com/1176956 https://bugzilla.suse.com/1177666 https://bugzilla.suse.com/1178270 https://bugzilla.suse.com/1178401 https://bugzilla.suse.com/1178590 https://bugzilla.suse.com/1178634 https://bugzilla.suse.com/1178762 https://bugzilla.suse.com/1179014 https://bugzilla.suse.com/1179015 https://bugzilla.suse.com/1179045 https://bugzilla.suse.com/1179082 https://bugzilla.suse.com/1179107 https://bugzilla.suse.com/1179141 https://bugzilla.suse.com/1179142 https://bugzilla.suse.com/1179204 https://bugzilla.suse.com/1179403 https://bugzilla.suse.com/1179406 https://bugzilla.suse.com/1179418 https://bugzilla.suse.com/1179419 https://bugzilla.suse.com/1179421 https://bugzilla.suse.com/1179429 https://bugzilla.suse.com/1179444 https://bugzilla.suse.com/1179520 https://bugzilla.suse.com/1179578 https://bugzilla.suse.com/1179601 https://bugzilla.suse.com/1179616 https://bugzilla.suse.com/1179663 https://bugzilla.suse.com/1179666 https://bugzilla.suse.com/1179670 https://bugzilla.suse.com/1179671 https://bugzilla.suse.com/1179672 https://bugzilla.suse.com/1179673 https://bugzilla.suse.com/1179711 https://bugzilla.suse.com/1179713 https://bugzilla.suse.com/1179714 https://bugzilla.suse.com/1179715 https://bugzilla.suse.com/1179716 https://bugzilla.suse.com/1179722 https://bugzilla.suse.com/1179723 https://bugzilla.suse.com/1179724 https://bugzilla.suse.com/1179745 https://bugzilla.suse.com/1179810 https://bugzilla.suse.com/1179888 https://bugzilla.suse.com/1179895 https://bugzilla.suse.com/1179896 https://bugzilla.suse.com/1179960 https://bugzilla.suse.com/1179963 https://bugzilla.suse.com/1180027 https://bugzilla.suse.com/1180028 https://bugzilla.suse.com/1180029 https://bugzilla.suse.com/1180030 https://bugzilla.suse.com/1180031 https://bugzilla.suse.com/1180032 https://bugzilla.suse.com/1180052 https://bugzilla.suse.com/1180086 https://bugzilla.suse.com/1180117 https://bugzilla.suse.com/1180258 https://bugzilla.suse.com/1180506 From sle-updates at lists.suse.com Tue Jan 12 16:30:38 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Jan 2021 00:30:38 +0100 (CET) Subject: SUSE-SU-2021:0093-1: important: Security update for tcmu-runner Message-ID: <20210112233038.7C267FEDA@maintenance.suse.de> SUSE Security Update: Security update for tcmu-runner ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0093-1 Rating: important References: #1180676 Cross-References: CVE-2020-28374 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for tcmu-runner fixes the following issues: - CVE-2020-28374: Fixed a LIO security issue (bsc#1180676). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-93=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): libtcmu2-1.5.2-3.3.1 libtcmu2-debuginfo-1.5.2-3.3.1 tcmu-runner-1.5.2-3.3.1 tcmu-runner-debuginfo-1.5.2-3.3.1 tcmu-runner-debugsource-1.5.2-3.3.1 References: https://www.suse.com/security/cve/CVE-2020-28374.html https://bugzilla.suse.com/1180676 From sle-updates at lists.suse.com Tue Jan 12 16:31:33 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Jan 2021 00:31:33 +0100 (CET) Subject: SUSE-SU-2021:0097-1: moderate: Security update for the Linux Kernel Message-ID: <20210112233133.4DEDBFCFA@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0097-1 Rating: moderate References: #1040855 #1044120 #1044767 #1050242 #1050536 #1050545 #1055117 #1056653 #1056657 #1056787 #1064802 #1065729 #1066129 #1094840 #1103990 #1103992 #1104389 #1104393 #1109695 #1109837 #1110096 #1111666 #1112178 #1112374 #1115431 #1118657 #1122971 #1136460 #1136461 #1138374 #1139944 #1144912 #1152457 #1158775 #1164780 #1168952 #1171078 #1172145 #1172538 #1172694 #1173834 #1174784 #1174852 #1176558 #1176559 #1176956 #1177666 #1178270 #1178401 #1178590 #1178634 #1178762 #1179014 #1179015 #1179045 #1179082 #1179107 #1179141 #1179142 #1179204 #1179403 #1179406 #1179418 #1179419 #1179421 #1179429 #1179444 #1179520 #1179578 #1179601 #1179663 #1179670 #1179671 #1179672 #1179673 #1179711 #1179713 #1179714 #1179715 #1179716 #1179722 #1179723 #1179724 #1179745 #1179810 #1179888 #1179895 #1179896 #1179960 #1179963 #1180027 #1180029 #1180031 #1180052 #1180086 #1180117 #1180258 #1180506 Cross-References: CVE-2018-20669 CVE-2019-20934 CVE-2020-0444 CVE-2020-0465 CVE-2020-0466 CVE-2020-11668 CVE-2020-15436 CVE-2020-27068 CVE-2020-27777 CVE-2020-27786 CVE-2020-27825 CVE-2020-29371 CVE-2020-29660 CVE-2020-29661 CVE-2020-4788 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP1 ______________________________________________________________________________ An update that solves 15 vulnerabilities and has 83 fixes is now available. Description: The SUSE Linux Enterprise 15 SP1 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-20934: Fixed a use-after-free in show_numa_stats() because NUMA fault statistics were inappropriately freed, aka CID-16d51a590a8c (bsc#1179663). - CVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027). - CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029). - CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031). - CVE-2020-4788: Fixed an issue with IBM Power9 processors could have allowed a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances (bsc#1177666). - CVE-2020-11668: Fixed an out of bounds write to the heap in drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) caused by mishandling invalid descriptors (bsc#1168952). - CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141). - CVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086). - CVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107). - CVE-2020-27786: Fixed an out-of-bounds write in the MIDI implementation (bnc#1179601). - CVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960). - CVE-2020-29371: Fixed uninitialized memory leaks to userspace (bsc#1179429). - CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745). - CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745). The following non-security bugs were fixed: - ACPI: PNP: compare the string length in the matching_id() (git-fixes). - ACPICA: Disassembler: create buffer fields in ACPI_PARSE_LOAD_PASS1 (git-fixes). - ACPICA: Do not increment operation_region reference counts for field units (git-fixes). - ALSA: ca0106: fix error code handling (git-fixes). - ALSA: ctl: allow TLV read operation for callback type of element in locked case (git-fixes). - ALSA: hda - Fix silent audio output and corrupted input on MSI X570-A PRO (git-fixes). - ALSA: hda/ca0132 - Change Input Source enum strings (git-fixes). - ALSA: hda/ca0132 - Fix AE-5 rear headphone pincfg (git-fixes). - ALSA: hda/generic: Add option to enforce preferred_dacs pairs (git-fixes). - ALSA: hda/hdmi: always check pin power status in i915 pin fixup (git-fixes). - ALSA: hda/realtek - Add new codec supported for ALC897 (git-fixes). - ALSA: hda/realtek - Couldn't detect Mic if booting with headset plugged (git-fixes). - ALSA: hda/realtek - Enable headset mic of ASUS Q524UQK with ALC255 (git-fixes). - ALSA: hda/realtek: Add mute LED quirk to yet another HP x360 model (git-fixes). - ALSA: hda/realtek: Add some Clove SSID in the ALC293(ALC1220) (git-fixes). - ALSA: hda/realtek: Enable front panel headset LED on Lenovo ThinkStation P520 (git-fixes). - ALSA: hda/realtek: Enable headset of ASUS UX482EG & B9400CEA with ALC294 (git-fixes). - ALSA: hda: Add NVIDIA codec IDs 9a & 9d through a0 to patch table (git-fixes). - ALSA: hda: Fix potential race in unsol event handler (git-fixes). - ALSA: hda: Fix regressions on clear and reconfig sysfs (git-fixes). - ALSA: info: Drop WARN_ON() from buffer NULL sanity check (git-fixes). - ALSA: isa/wavefront: prevent out of bounds write in ioctl (git-fixes). - ALSA: line6: Perform sanity check for each URB creation (git-fixes). - ALSA: pcm: oss: Fix a few more UBSAN fixes (git-fixes). - ALSA: pcm: oss: Fix potential out-of-bounds shift (git-fixes). - ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw sanity check (git-fixes). - ALSA: timer: Limit max amount of slave instances (git-fixes). - ALSA: usb-audio: Add delay quirk for all Logitech USB devices (git-fixes). - ALSA: usb-audio: Add delay quirk for H570e USB headsets (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for MODX (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for Qu-16 (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for Zoom UAC-2 (git-fixes). - ALSA: usb-audio: add quirk for Denon DCD-1500RE (git-fixes). - ALSA: usb-audio: add quirk for Samsung USBC Headset (AKG) (git-fixes). - ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Alpha S (git-fixes). - ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Flight S (git-fixes). - ALSA: usb-audio: add usb vendor id as DSD-capable for Khadas devices (git-fixes). - ALSA: usb-audio: Disable sample read check if firmware does not give back (git-fixes). - ALSA: usb-audio: Fix control 'access overflow' errors from chmap (git-fixes). - ALSA: usb-audio: Fix OOB access of mixer element list (git-fixes). - ALSA: usb-audio: Fix potential out-of-bounds shift (git-fixes). - ALSA: usb-audio: Fix race against the error recovery URB submission (git-fixes). - ALSA: usb-audio: US16x08: fix value count for level meters (git-fixes). - ASoC: arizona: Fix a wrong free in wm8997_probe (git-fixes). - ASoC: cx2072x: Fix doubly definitions of Playback and Capture streams (git-fixes). - ASoC: fsl_asrc_dma: Fix dma_chan leak when config DMA channel failed (git-fixes). - ASoC: jz4740-i2s: add missed checks for clk_get() (git-fixes). - ASoC: pcm3168a: The codec does not support S32_LE (git-fixes). - ASoC: pcm: DRAIN support reactivation (git-fixes). - ASoC: rt5677: Mark reg RT5677_PWR_ANLG2 as volatile (git-fixes). - ASoC: sti: fix possible sleep-in-atomic (git-fixes). - ASoC: wm8904: fix regcache handling (git-fixes). - ASoC: wm8998: Fix PM disable depth imbalance on error (git-fixes). - ASoC: wm_adsp: Do not generate kcontrols without READ flags (git-fixes). - ASoC: wm_adsp: remove "ctl" from list on error in wm_adsp_create_control() (git-fixes). - ata/libata: Fix usage of page address by page_address in ata_scsi_mode_select_xlat function (git-fixes). - ath10k: Fix an error handling path (git-fixes). - ath10k: fix backtrace on coredump (git-fixes). - ath10k: fix get invalid tx rate for Mesh metric (git-fixes). - ath10k: fix offchannel tx failure when no ath10k_mac_tx_frm_has_freq (git-fixes). - ath10k: Release some resources in an error handling path (git-fixes). - ath10k: Remove msdu from idr when management pkt send fails (git-fixes). - ath6kl: fix enum-conversion warning (git-fixes). - ath9k_htc: Discard undersized packets (git-fixes). - ath9k_htc: Modify byte order for an error message (git-fixes). - ath9k_htc: Silence undersized packet warnings (git-fixes). - ath9k_htc: Use appropriate rs_datalen type (git-fixes). - backlight: lp855x: Ensure regulators are disabled on probe failure (git-fixes). - Bluetooth: add a mutex lock to avoid UAF in do_enale_set (git-fixes). - Bluetooth: btusb: Fix detection of some fake CSR controllers with a bcdDevice val of 0x0134 (git-fixes). - Bluetooth: Fix advertising duplicated flags (git-fixes). - Bluetooth: Fix null pointer dereference in hci_event_packet() (git-fixes). - Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt() (git-fixes). - bnxt_en: Fix race when modifying pause settings (bsc#1050242 ). - bnxt_en: Protect bnxt_set_eee() and bnxt_set_pauseparam() with mutex (bsc#1050242). - btmrvl: Fix firmware filename for sd8997 chipset (bsc#1172694). - btrfs: fix use-after-free on readahead extent after failure to create it (bsc#1179963). - btrfs: qgroup: do not commit transaction when we already hold the handle (bsc#1178634). - btrfs: remove a BUG_ON() from merge_reloc_roots() (bsc#1174784). - bus: fsl-mc: fix error return code in fsl_mc_object_allocate() (git-fixes). - can: mcp251x: add error check when wq alloc failed (git-fixes). - can: softing: softing_netdev_open(): fix error handling (git-fixes). - cfg80211: initialize rekey_data (git-fixes). - cfg80211: regulatory: Fix inconsistent format argument (git-fixes). - cifs: add NULL check for ses->tcon_ipc (bsc#1178270). - cifs: allow syscalls to be restarted in __smb_send_rqst() (bsc#1176956). - cifs: fix check of tcon dfs in smb1 (bsc#1178270). - cifs: fix potential use-after-free in cifs_echo_request() (bsc#1139944). - cirrus: cs89x0: remove set but not used variable 'lp' (git-fixes). - cirrus: cs89x0: use devm_platform_ioremap_resource() to simplify code (git-fixes). - clk: at91: usb: continue if clk_hw_round_rate() return zero (git-fixes). - clk: mvebu: a3700: fix the XTAL MODE pin to MPP1_9 (git-fixes). - clk: qcom: Allow constant ratio freq tables for rcg (git-fixes). - clk: qcom: msm8916: Fix the address location of pll->config_reg (git-fixes). - clk: s2mps11: Fix a resource leak in error handling paths in the probe function (git-fixes). - clk: samsung: exynos5433: Add IGNORE_UNUSED flag to sclk_i2s1 (git-fixes). - clk: sunxi-ng: Make sure divider tables have sentinel (git-fixes). - clk: tegra: Fix duplicated SE clock entry (git-fixes). - clk: tegra: Fix Tegra PMC clock out parents (git-fixes). - clk: ti: composite: fix memory leak (git-fixes). - clk: ti: dra7-atl-clock: Remove ti_clk_add_alias call (git-fixes). - clk: ti: Fix memleak in ti_fapll_synth_setup (git-fixes). - clocksource/drivers/asm9260: Add a check for of_clk_get (git-fixes). - coredump: fix core_pattern parse error (git-fixes). - cpufreq: highbank: Add missing MODULE_DEVICE_TABLE (git-fixes). - cpufreq: loongson1: Add missing MODULE_ALIAS (git-fixes). - cpufreq: scpi: Add missing MODULE_ALIAS (git-fixes). - cpufreq: st: Add missing MODULE_DEVICE_TABLE (git-fixes). - crypto: af_alg - avoid undefined behavior accessing salg_name (git-fixes). - crypto: omap-aes - Fix PM disable depth imbalance in omap_aes_probe (git-fixes). - crypto: qat - fix status check in qat_hal_put_rel_rd_xfer() (git-fixes). - crypto: talitos - Fix return type of current_desc_hdr() (git-fixes). - cw1200: fix missing destroy_workqueue() on error in cw1200_init_common (git-fixes). - cxgb4: Fix offset when clearing filter byte counters (bsc#1064802 bsc#1066129). - drivers: base: Fix NULL pointer exception in __platform_driver_probe() if a driver developer is foolish (git-fixes). - drivers: soc: ti: knav_qmss_queue: Fix error return code in knav_queue_probe (git-fixes). - drm/amd/display: remove useless if/else (git-fixes). - drm/amdgpu: fix build_coefficients() argument (git-fixes). - drm/dp_aux_dev: check aux_dev before use in drm_dp_aux_dev_get_by_minor() (git-fixes). - drm/gma500: fix double free of gma_connector (git-fixes). - drm/meson: dw-hdmi: Register a callback to disable the regulator (git-fixes). - drm/msm/dpu: Add newline to printks (git-fixes). - drm/msm/dsi_phy_10nm: implement PHY disabling (git-fixes). - drm/omap: dmm_tiler: fix return error code in omap_dmm_probe() (git-fixes). - drm/rockchip: Avoid uninitialized use of endpoint id in LVDS (git-fixes). - epoll: Keep a reference on files added to the check list (bsc#1180031). - ext4: correctly report "not supported" for {usr,grp}jquota when !CONFIG_QUOTA (bsc#1179672). - ext4: fix bogus warning in ext4_update_dx_flag() (bsc#1179716). - ext4: fix error handling code in add_new_gdb (bsc#1179722). - ext4: fix invalid inode checksum (bsc#1179723). - ext4: fix leaking sysfs kobject after failed mount (bsc#1179670). - ext4: limit entries returned when counting fsmap records (bsc#1179671). - ext4: unlock xattr_sem properly in ext4_inline_data_truncate() (bsc#1179673). - extcon: max77693: Fix modalias string (git-fixes). - firmware: qcom: scm: Ensure 'a0' status code is treated as signed (git-fixes). - fix regression in "epoll: Keep a reference on files added to the check list" (bsc#1180031, git-fixes). - forcedeth: use per cpu to collect xmit/recv statistics (git-fixes). - fs: Do not invalidate page buffers in block_write_full_page() (bsc#1179711). - geneve: change from tx_error to tx_dropped on missing metadata (git-fixes). - genirq/irqdomain: Add an irq_create_mapping_affinity() function (bsc#1065729). - gpio: arizona: handle pm_runtime_get_sync failure case (git-fixes). - gpio: gpio-grgpio: fix possible sleep-in-atomic-context bugs in grgpio_irq_map/unmap() (git-fixes). - gpio: max77620: Add missing dependency on GPIOLIB_IRQCHIP (git-fixes). - gpio: max77620: Fixup debounce delays (git-fixes). - gpio: max77620: Use correct unit for debounce times (git-fixes). - gpio: mpc8xxx: Add platform device to gpiochip->parent (git-fixes). - gpio: mvebu: fix potential user-after-free on probe (git-fixes). - gpiolib: acpi: Add honor_wakeup module-option + quirk mechanism (git-fixes). - gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2 10 BYT + AXP288 model (git-fixes). - gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2 10 CHT + AXP288 model (git-fixes). - gpiolib: acpi: Correct comment for HP x2 10 honor_wakeup quirk (git-fixes). - gpiolib: acpi: Rework honor_wakeup option into an ignore_wake option (git-fixes). - gpiolib: acpi: Turn dmi_system_id table into a generic quirk table (git-fixes). - gpiolib: fix up emulated open drain outputs (git-fixes). - HID: Add another Primax PIXART OEM mouse quirk (git-fixes). - HID: apple: Disable Fn-key key-re-mapping on clone keyboards (git-fixes). - HID: core: check whether Usage Page item is after Usage ID items (git-fixes). - HID: core: Correctly handle ReportSize being zero (git-fixes). - HID: cypress: Support Varmilo Keyboards' media hotkeys (git-fixes). - HID: Fix slab-out-of-bounds read in hid_field_extract (bsc#1180052). - HID: hid-sensor-hub: Fix issue with devices with no report ID (git-fixes). - HID: Improve Windows Precision Touchpad detection (git-fixes). - HID: intel-ish-hid: fix wrong error handling in ishtp_cl_alloc_tx_ring() (git-fixes). - HID: logitech-hidpp: Silence intermittent get_battery_capacity errors (git-fixes). - HSI: omap_ssi: Do not jump to free ID in ssi_add_controller() (git-fixes). - hwmon: (aspeed-pwm-tacho) Avoid possible buffer overflow (git-fixes). - hwmon: (jc42) Fix name to have no illegal characters (git-fixes). - i2c: algo: pca: Reapply i2c bus settings after reset (git-fixes). - i2c: i801: Fix resume bug (git-fixes). - i2c: piix4: Detect secondary SMBus controller on AMD AM4 chipsets (git-fixes). - i2c: pxa: clear all master action bits in i2c_pxa_stop_message() (git-fixes). - i2c: pxa: fix i2c_pxa_scream_blue_murder() debug output (git-fixes). - i2c: qup: Fix error return code in qup_i2c_bam_schedule_desc() (git-fixes). - i40iw: Fix error handling in i40iw_manage_arp_cache() (bsc#1111666) - i40iw: fix null pointer dereference on a null wqe pointer (bsc#1111666) - i40iw: Report correct firmware version (bsc#1111666) - IB/cma: Fix ports memory leak in cma_configfs (bsc#1111666) - IB/hfi1: Call kobject_put() when kobject_init_and_add() fails (bsc#1111666) - IB/hfi1: Fix memory leaks in sysfs registration and unregistration (bsc#1111666) - IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode (bsc#1111666) - IB/mlx4: Add and improve logging (bsc#1111666) - IB/mlx4: Add support for MRA (bsc#1111666) - IB/mlx4: Adjust delayed work when a dup is observed (bsc#1111666) - IB/mlx4: Fix starvation in paravirt mux/demux (bsc#1111666) - IB/mlx4: Test return value of calls to ib_get_cached_pkey (bsc#1111666) - IB/mthca: fix return value of error branch in mthca_init_cq() (bsc#1111666) - IB/qib: Call kobject_put() when kobject_init_and_add() fails (bsc#1111666) - IB/rdmavt: Fix sizeof mismatch (bsc#1111666) - IB/srpt: Fix memory leak in srpt_add_one (bsc#1111666) - ibmvnic: add some debugs (bsc#1179896 ltc#190255). - ibmvnic: avoid memset null scrq msgs (bsc#1044767 ltc#155231 git-fixes). - ibmvnic: continue fatal error reset after passive init (bsc#1171078 ltc#184239 git-fixes). - ibmvnic: delay next reset if hard reset fails (bsc#1094840 ltc#167098 git-fixes). - ibmvnic: enhance resetting status check during module exit (bsc#1065729). - ibmvnic: fix call_netdevice_notifiers in do_reset (bsc#1115431 ltc#171853 git-fixes). - ibmvnic: fix NULL pointer dereference in reset_sub_crq_queues (bsc#1040855 ltc#155067 git-fixes). - ibmvnic: fix: NULL pointer dereference (bsc#1044767 ltc#155231 git-fixes). - ibmvnic: notify peers when failover and migration happen (bsc#1044120 ltc#155423 git-fixes). - ibmvnic: restore adapter state on failed reset (bsc#1152457 ltc#174432 git-fixes). - igc: Fix returning wrong statistics (bsc#1118657). - iio: adc: max1027: Reset the device at probe time (git-fixes). - iio: adc: rockchip_saradc: fix missing clk_disable_unprepare() on error in rockchip_saradc_resume (git-fixes). - iio: bmp280: fix compensation of humidity (git-fixes). - iio: buffer: Fix demux update (git-fixes). - iio: dac: ad5592r: fix unbalanced mutex unlocks in ad5592r_read_raw() (git-fixes). - iio: fix center temperature of bmc150-accel-core (git-fixes). - iio: humidity: hdc100x: fix IIO_HUMIDITYRELATIVE channel reporting (git-fixes). - iio: light: bh1750: Resolve compiler warning and make code more readable (git-fixes). - iio: srf04: fix wrong limitation in distance measuring (git-fixes). - iio:imu:bmi160: Fix too large a buffer (git-fixes). - iio:pressure:mpl3115: Force alignment of buffer (git-fixes). - inet_ecn: Fix endianness of checksum update when setting ECT(1) (git-fixes). - Input: ads7846 - fix integer overflow on Rt calculation (git-fixes). - Input: ads7846 - fix race that causes missing releases (git-fixes). - Input: ads7846 - fix unaligned access on 7845 (git-fixes). - Input: atmel_mxt_ts - disable IRQ across suspend (git-fixes). - Input: cm109 - do not stomp on control URB (git-fixes). - Input: cros_ec_keyb - send 'scancodes' in addition to key events (git-fixes). - Input: cyapa_gen6 - fix out-of-bounds stack access (git-fixes). - Input: goodix - add upside-down quirk for Teclast X98 Pro tablet (git-fixes). - Input: i8042 - add Acer laptops to the i8042 reset list (git-fixes). - Input: i8042 - add ByteSpeed touchpad to noloop table (git-fixes). - Input: i8042 - add Entroware Proteus EL07R4 to nomux and reset lists (git-fixes). - Input: i8042 - allow insmod to succeed on devices without an i8042 controller (git-fixes). - Input: i8042 - fix error return code in i8042_setup_aux() (git-fixes). - Input: omap4-keypad - fix runtime PM error handling (git-fixes). - Input: synaptics - enable InterTouch for ThinkPad X1E 1st gen (git-fixes). - Input: trackpoint - add new trackpoint variant IDs (git-fixes). - Input: trackpoint - enable Synaptics trackpoints (git-fixes). - Input: xpad - support Ardwiino Controllers (git-fixes). - ipw2x00: Fix -Wcast-function-type (git-fixes). - irqchip/alpine-msi: Fix freeing of interrupts on allocation error path (git-fixes). - iwlwifi: mvm: fix kernel panic in case of assert during CSA (git-fixes). - iwlwifi: mvm: fix unaligned read of rx_pkt_status (git-fixes). - iwlwifi: pcie: limit memory read spin time (git-fixes). - kABI fix for g2d (git-fixes). - kABI workaround for dsa/b53 changes (git-fixes). - kABI workaround for HD-audio generic parser (git-fixes). - kABI workaround for net/ipvlan changes (git-fixes). - kABI workaround for usermodehelper changes (bsc#1179406). - kABI: ath10k: move a new structure member to the end (git-fixes). - kABI: genirq: add back irq_create_mapping (bsc#1065729). - kernel-source.spec: Fix build with rpm 4.16 (boo#1179015). RPM_BUILD_ROOT is cleared before %%install. Do the unpack into RPM_BUILD_ROOT in %%install - kernel-{binary,source}.spec.in: do not create loop symlinks (bsc#1179082) - kgdb: Fix spurious true from in_dbg_master() (git-fixes). - KVM: x86: reinstate vendor-agnostic check on SPEC_CTRL cpuid bits (bsc#1112178). - mac80211: allow rx of mesh eapol frames with default rx key (git-fixes). - mac80211: Check port authorization in the ieee80211_tx_dequeue() case (git-fixes). - mac80211: do not set set TDLS STA bandwidth wider than possible (git-fixes). - mac80211: fix authentication with iwlwifi/mvm (git-fixes). - mac80211: fix use of skb payload instead of header (git-fixes). - mac80211: mesh: fix mesh_pathtbl_init() error path (git-fixes). - matroxfb: avoid -Warray-bounds warning (git-fixes). - md/raid5: fix oops during stripe resizing (git-fixes). - media: am437x-vpfe: Setting STD to current value is not an error (git-fixes). - media: cec-funcs.h: add status_req checks (git-fixes). - media: cx88: Fix some error handling path in 'cx8800_initdev()' (git-fixes). - media: gspca: Fix memory leak in probe (git-fixes). - media: i2c: mt9v032: fix enum mbus codes and frame sizes (git-fixes). - media: i2c: ov2659: Fix missing 720p register config (git-fixes). - media: i2c: ov2659: fix s_stream return value (git-fixes). - media: msi2500: assign SPI bus number dynamically (git-fixes). - media: mtk-mdp: Fix a refcounting bug on error in init (git-fixes). - media: mtk-vcodec: add missing put_device() call in mtk_vcodec_release_dec_pm() (git-fixes). - media: platform: add missing put_device() call in mtk_jpeg_probe() and mtk_jpeg_remove() (git-patches). - media: pvrusb2: Fix oops on tear-down when radio support is not present (git-fixes). - media: s5p-g2d: Fix a memory leak in an error handling path in 'g2d_probe()' (git-fixes). - media: saa7146: fix array overflow in vidioc_s_audio() (git-fixes). - media: si470x-i2c: add missed operations in remove (git-fixes). - media: siano: fix memory leak of debugfs members in smsdvb_hotplug (git-fixes). - media: solo6x10: fix missing snd_card_free in error handling case (git-fixes). - media: sti: bdisp: fix a possible sleep-in-atomic-context bug in bdisp_device_run() (git-fixes). - media: sunxi-cir: ensure IR is handled when it is continuous (git-fixes). - media: ti-vpe: vpe: ensure buffers are cleaned up properly in abort cases (git-fixes). - media: ti-vpe: vpe: fix a v4l2-compliance failure about frame sequence number (git-fixes). - media: ti-vpe: vpe: fix a v4l2-compliance failure about invalid sizeimage (git-fixes). - media: ti-vpe: vpe: fix a v4l2-compliance failure causing a kernel panic (git-fixes). - media: ti-vpe: vpe: fix a v4l2-compliance warning about invalid pixel format (git-fixes). - media: ti-vpe: vpe: Make sure YUYV is set as default format (git-fixes). - media: uvcvideo: Set media controller entity functions (git-fixes). - media: uvcvideo: Silence shift-out-of-bounds warning (git-fixes). - media: v4l2-async: Fix trivial documentation typo (git-fixes). - media: v4l2-core: fix touch support in v4l_g_fmt (git-fixes). - media: v4l2-device.h: Explicitly compare grp{id,mask} to zero in v4l2_device macros (git-fixes). - mei: bus: do not clean driver pointer (git-fixes). - mei: protect mei_cl_mtu from null dereference (git-fixes). - memstick: fix a double-free bug in memstick_check (git-fixes). - memstick: r592: Fix error return in r592_probe() (git-fixes). - mfd: rt5033: Fix errorneous defines (git-fixes). - mfd: wm8994: Fix driver operation if loaded as modules (git-fixes). - mlxsw: core: Fix memory leak on module removal (bsc#1112374). - mm,memory_failure: always pin the page in madvise_inject_error (bsc#1180258). - mm/userfaultfd: do not access vma->vm_mm after calling handle_userfault() (bsc#1179204). - Move upstreamed bt fixes into sorted section - mwifiex: fix mwifiex_shutdown_sw() causing sw reset failure (git-fixes). - net/smc: fix valid DMBE buffer sizes (git-fixes). - net/tls: Fix kmap usage (bsc#1109837). - net/tls: missing received data after fast remote close (bsc#1109837). - net/x25: prevent a couple of overflows (bsc#1178590). - net: aquantia: Fix aq_vec_isr_legacy() return value (git-fixes). - net: aquantia: fix LRO with FCS error (git-fixes). - net: DCB: Validate DCB_ATTR_DCB_BUFFER argument (bsc#1103990 ). - net: dsa: b53: Always use dev->vlan_enabled in b53_configure_vlan() (git-fixes). - net: dsa: b53: Ensure the default VID is untagged (git-fixes). - net: dsa: b53: Fix default VLAN ID (git-fixes). - net: dsa: b53: Properly account for VLAN filtering (git-fixes). - net: dsa: bcm_sf2: Do not assume DSA master supports WoL (git-fixes). - net: dsa: bcm_sf2: potential array overflow in bcm_sf2_sw_suspend() (git-fixes). - net: dsa: qca8k: remove leftover phy accessors (git-fixes). - net: ena: fix packet's addresses for rx_offset feature (bsc#1174852). - net: ena: handle bad request id in ena_netdev (git-fixes). - net: ethernet: ti: cpsw: clear all entries when delete vid (git-fixes). - net: ethernet: ti: cpsw: fix runtime_pm while add/kill vlan (git-fixes). - net: hisilicon: Fix signedness bug in hix5hd2_dev_probe() (git-fixes). - net: macb: add missing barriers when reading descriptors (git-fixes). - net: macb: fix dropped RX frames due to a race (git-fixes). - net: macb: fix error format in dev_err() (git-fixes). - net: macb: fix random memory corruption on RX with 64-bit DMA (git-fixes). - net: pasemi: fix an use-after-free in pasemi_mac_phy_init() (git-fixes). - net: phy: Avoid multiple suspends (git-fixes). - net: qed: fix "maybe uninitialized" warning (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - net: qed: fix async event callbacks unregistering (bsc#1104393 bsc#1104389). - net: qede: fix PTP initialization on recovery (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - net: qede: fix use-after-free on recovery and AER handling (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - net: seeq: Fix the function used to release some memory in an error handling path (git-fixes). - net: sh_eth: fix a missing check of of_get_phy_mode (git-fixes). - net: sonic: replace dev_kfree_skb in sonic_send_packet (git-fixes). - net: sonic: return NETDEV_TX_OK if failed to map buffer (git-fixes). - net: stmmac: fix csr_clk can't be zero issue (git-fixes). - net: stmmac: Fix reception of Broadcom switches tags (git-fixes). - net: thunderx: use spin_lock_bh in nicvf_set_rx_mode_task() (bsc#1110096). - net: usb: sr9800: fix uninitialized local variable (git-fixes). - net:ethernet:aquantia: Extra spinlocks removed (git-fixes). - net_sched: fix a memory leak in atm_tc_init() (bsc#1056657 bsc#1056653 bsc#1056787). - nfc: s3fwrn5: add missing release on skb in s3fwrn5_recv_frame (git-fixes). - nfc: s3fwrn5: Release the nfc firmware (git-fixes). - nfc: st95hf: Fix memleak in st95hf_in_send_cmd (git-fixes). - nfp: use correct define to return NONE fec (bsc#1109837). - NFS: fix nfs_path in case of a rename retry (git-fixes). - NFSD: Add missing NFSv2 .pc_func methods (git-fixes). - NFSv4.2: fix client's attribute cache management for copy_file_range (git-fixes). - NFSv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag (git-fixes). - ocfs2: fix unbalanced locking (bsc#1180506). - ocfs2: initialize ip_next_orphan (bsc#1179724). - orinoco: Move context allocation after processing the skb (git-fixes). - parport: load lowlevel driver if ports not found (git-fixes). - PCI/ASPM: Allow ASPM on links to PCIe-to-PCI/PCI-X Bridges (git-fixes). - PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge (git-fixes). - PCI: Do not disable decoding when mmio_always_on is set (git-fixes). - PCI: Fix pci_slot_release() NULL pointer dereference (git-fixes). - phy: Revert toggling reset changes (git-fixes). - pinctrl: amd: fix __iomem annotation in amd_gpio_irq_handler() (git-fixes). - pinctrl: amd: fix npins for uart0 in kerncz_groups (git-fixes). - pinctrl: amd: remove debounce filter setting in IRQ type setting (git-fixes). - pinctrl: baytrail: Avoid clearing debounce value when turning it off (git-fixes). - pinctrl: falcon: add missing put_device() call in pinctrl_falcon_probe() (git-fixes). - pinctrl: merrifield: Set default bias in case no particular value given (git-fixes). - pinctrl: sh-pfc: sh7734: Fix duplicate TCLK1_B (git-fixes). - platform/x86: acer-wmi: add automatic keyboard background light toggle key as KEY_LIGHTS_TOGGLE (git-fixes). - platform/x86: dell-smbios-base: Fix error return code in dell_smbios_init (git-fixes). - platform/x86: mlx-platform: Fix item counter assignment for MSN2700, MSN24xx systems (git-fixes). - platform/x86: mlx-platform: remove an unused variable (git-fixes). - platform/x86: mlx-platform: Remove PSU EEPROM from default platform configuration (git-fixes). - platform/x86: mlx-platform: Remove PSU EEPROM from MSN274x platform configuration (git-fixes). - PM / hibernate: memory_bm_find_bit(): Tighten node optimisation (git-fixes). - PM: ACPI: Output correct message on target power state (git-fixes). - PM: hibernate: Freeze kernel threads in software_resume() (git-fixes). - PM: hibernate: remove the bogus call to get_gendisk() in software_resume() (git-fixes). - pNFS/flexfiles: Fix list corruption if the mirror count changes (git-fixes). - power: supply: bq24190_charger: fix reference leak (git-fixes). - power: supply: bq27xxx_battery: Silence deferred-probe error (git-fixes). - powerpc/64: Set up a kernel stack for secondaries before cpu_restore() (bsc#1065729). - powerpc/64s/pseries: Fix hash tlbiel_all_isa300 for guest kernels (bsc#1179888 ltc#190253). - powerpc/64s: Fix hash ISA v3.0 TLBIEL instruction generation (bsc#1055117 ltc#159753 git-fixes bsc#1179888 ltc#190253). - powerpc/pci: Fix broken INTx configuration via OF (bsc#1172145 ltc#184630). - powerpc/pci: Remove legacy debug code (bsc#1172145 ltc#184630 git-fixes). - powerpc/pci: Remove LSI mappings on device teardown (bsc#1172145 ltc#184630). - powerpc/pci: Use of_irq_parse_and_map_pci() helper (bsc#1172145 ltc#184630). - powerpc/perf: Fix crash with is_sier_available when pmu is not set (bsc#1179578 ltc#189313). - powerpc/pseries/hibernation: remove redundant cacheinfo update (bsc#1138374 ltc#178199 git-fixes). - powerpc/pseries: Pass MSI affinity to irq_create_mapping() (bsc#1065729). - powerpc/smp: Add __init to init_big_cores() (bsc#1109695 ltc#171067 git-fixes). - powerpc/xmon: Change printk() to pr_cont() (bsc#1065729). - powerpc: Convert to using %pOF instead of full_name (bsc#1172145 ltc#184630). - powerpc: Fix incorrect stw{, ux, u, x} instructions in __set_pte_at (bsc#1065729). - ppp: remove the PPPIOCDETACH ioctl (git-fixes). - pwm: lp3943: Dynamically allocate PWM chip base (git-fixes). - qed: fix error return code in qed_iwarp_ll2_start() (bsc#1050536 bsc#1050545). - qed: suppress "do not support RoCE & iWARP" flooding on HW init (bsc#1050536 bsc#1050545). - qed: suppress false-positives interrupt error messages on HW init (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - quota: clear padding in v2r1_mem2diskdqb() (bsc#1179714). - radeon: insert 10ms sleep in dce5_crtc_load_lut (git-fixes). - ravb: Fix use-after-free ravb_tstamp_skb (git-fixes). - RDMA/bnxt_re: Fix lifetimes in bnxt_re_task (bsc#1111666) - RDMA/bnxt_re: Fix sizeof mismatch for allocation of pbl_tbl. (bsc#1111666) - RDMA/cm: Add missing locking around id.state in cm_dup_req_handler (bsc#1111666) - RDMA/cm: Fix checking for allowed duplicate listens (bsc#1111666) - RDMA/cm: Remove a race freeing timewait_info (bsc#1111666) - RDMA/cm: Update num_paths in cma_resolve_iboe_route error flow (bsc#1111666) - RDMA/cma: Protect bind_list and listen_list while finding matching cm id (bsc#1111666) - RDMA/core: Fix race between destroy and release FD object (bsc#1111666) - RDMA/core: Prevent mixed use of FDs between shared ufiles (bsc#1111666) - RDMA/hns: Correct typo of hns_roce_create_cq() (bsc#1111666) - RDMA/hns: Set the unsupported wr opcode (bsc#1111666) - RDMA/ipoib: Fix ABBA deadlock with ipoib_reap_ah() (bsc#1111666) - RDMA/ipoib: Return void from ipoib_ib_dev_stop() (bsc#1111666) - RDMA/ipoib: Set rtnl_link_ops for ipoib interfaces (bsc#1111666) - RDMA/mad: Fix possible memory leak in ib_mad_post_receive_mads() (bsc#1111666) - RDMA/mlx4: Initialize ib_spec on the stack (bsc#1111666) - RDMA/mlx4: Read pkey table length instead of hardcoded value (bsc#1111666) - RDMA/mlx5: Set GRH fields in query QP on RoCE (bsc#1111666) - RDMA/mlx5: Verify that QP is created with RQ or SQ (bsc#1111666) - RDMA/pvrdma: Fix missing pci disable in pvrdma_pci_probe() (bsc#1111666) - RDMA/qedr: Endianness warnings cleanup (bsc#1111666) - RDMA/qedr: Fix doorbell setting (bsc#1111666) - RDMA/qedr: Fix KASAN: use-after-free in ucma_event_handler+0x532 (bsc#1050545). - RDMA/qedr: Fix memory leak in iWARP CM (bsc#1050545 ). - RDMA/qedr: Fix use of uninitialized field (bsc#1111666) - RDMA/qedr: SRQ's bug fixes (bsc#1111666) - RDMA/rxe: Drop pointless checks in rxe_init_ports (bsc#1111666) - RDMA/rxe: Fix memleak in rxe_mem_init_user (bsc#1111666) - RDMA/rxe: Fix the parent sysfs read when the interface has 15 chars (bsc#1111666) - RDMA/rxe: Prevent access to wr->next ptr afrer wr is posted to send queue (bsc#1111666) - RDMA/rxe: Remove unused rxe_mem_map_pages (bsc#1111666) - RDMA/rxe: Remove useless rxe_init_device_param assignments (bsc#1111666) - RDMA/rxe: Return void from rxe_init_port_param() (bsc#1111666) - RDMA/rxe: Return void from rxe_mem_init_dma() (bsc#1111666) - RDMA/rxe: Set default vendor ID (bsc#1111666) - RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices (bsc#1111666) - RDMA/rxe: Skip dgid check in loopback mode (bsc#1111666) - RDMA/srpt: Fix typo in srpt_unregister_mad_agent docstring (bsc#1111666) - reboot: fix overflow parsing reboot cpu number (bsc#1179421). - regmap: debugfs: check count when read regmap file (git-fixes). - regmap: dev_get_regmap_match(): fix string comparison (git-fixes). - regmap: Remove duplicate `type` field from regmap `regcache_sync` trace event (git-fixes). - regulator: max8907: Fix the usage of uninitialized variable in max8907_regulator_probe() (git-fixes). - regulator: pfuze100-regulator: Variable "val" in pfuze100_regulator_probe() could be uninitialized (git-fixes). - regulator: ti-abb: Fix timeout in ti_abb_wait_txdone/ti_abb_clear_all_txdone (git-fixes). - reiserfs: Fix oops during mount (bsc#1179715). - reiserfs: Initialize inode keys properly (bsc#1179713). - remoteproc: Fix wrong rvring index computation (git-fixes). - rfkill: Fix incorrect check to avoid NULL pointer dereference (git-fixes). - rtc: 88pm860x: fix possible race condition (git-fixes). - rtc: hym8563: enable wakeup when applicable (git-fixes). - rtl8xxxu: fix RTL8723BU connection failure issue after warm reboot (git-fixes). - rtlwifi: fix memory leak in rtl92c_set_fw_rsvdpagepkt() (git-fixes). - s390/bpf: Fix multiple tail calls (git-fixes). - s390/cpuinfo: show processor physical address (git-fixes). - s390/cpum_sf.c: fix file permission for cpum_sfb_size (git-fixes). - s390/dasd: fix hanging device offline processing (bsc#1144912). - s390/dasd: fix null pointer dereference for ERP requests (git-fixes). - s390/pci: fix CPU address in MSI for directed IRQ (git-fixes). - s390/qeth: fix af_iucv notification race (git-fixes). - s390/qeth: fix tear down of async TX buffers (git-fixes). - s390/qeth: make af_iucv TX notification call more robust (git-fixes). - s390/stp: add locking to sysfs functions (git-fixes). - s390/zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl (git-fixes). - scripts/lib/SUSE/MyBS.pm: properly close prjconf Macros: section - scsi: lpfc: Add FDMI Vendor MIB support (bsc#1164780). - scsi: lpfc: Convert abort handling to SLI-3 and SLI-4 handlers (bsc#1164780). - scsi: lpfc: Convert SCSI I/O completions to SLI-3 and SLI-4 handlers (bsc#1164780). - scsi: lpfc: Convert SCSI path to use common I/O submission path (bsc#1164780). - scsi: lpfc: Correct null ndlp reference on routine exit (bsc#1164780). - scsi: lpfc: Drop nodelist reference on error in lpfc_gen_req() (bsc#1164780). - scsi: lpfc: Enable common send_io interface for SCSI and NVMe (bsc#1164780). - scsi: lpfc: Enable common wqe_template support for both SCSI and NVMe (bsc#1164780). - scsi: lpfc: Enlarge max_sectors in scsi host templates (bsc#1164780). - scsi: lpfc: Extend the RDF FPIN Registration descriptor for additional events (bsc#1164780). - scsi: lpfc: Fix duplicate wq_create_version check (bsc#1164780). - scsi: lpfc: Fix fall-through warnings for Clang (bsc#1164780). - scsi: lpfc: Fix FLOGI/PLOGI receive race condition in pt2pt discovery (bsc#1164780). - scsi: lpfc: Fix invalid sleeping context in lpfc_sli4_nvmet_alloc() (bsc#1164780). - scsi: lpfc: Fix memory leak on lcb_context (bsc#1164780). - scsi: lpfc: Fix missing prototype for lpfc_nvmet_prep_abort_wqe() (bsc#1164780). - scsi: lpfc: Fix missing prototype warning for lpfc_fdmi_vendor_attr_mi() (bsc#1164780). - scsi: lpfc: Fix NPIV discovery and Fabric Node detection (bsc#1164780). - scsi: lpfc: Fix NPIV Fabric Node reference counting (bsc#1164780). - scsi: lpfc: Fix pointer defereference before it is null checked issue (bsc#1164780). - scsi: lpfc: Fix refcounting around SCSI and NVMe transport APIs (bsc#1164780). - scsi: lpfc: Fix removal of SCSI transport device get and put on dev structure (bsc#1164780). - scsi: lpfc: Fix scheduling call while in softirq context in lpfc_unreg_rpi (bsc#1164780). - scsi: lpfc: Fix set but not used warnings from Rework remote port lock handling (bsc#1164780). - scsi: lpfc: Fix set but unused variables in lpfc_dev_loss_tmo_handler() (bsc#1164780). - scsi: lpfc: Fix spelling mistake "Cant" -> "Can't" (bsc#1164780). - scsi: lpfc: Fix variable 'vport' set but not used in lpfc_sli4_abts_err_handler() (bsc#1164780). - scsi: lpfc: lpfc_attr: Demote kernel-doc format for redefined functions (bsc#1164780). - scsi: lpfc: lpfc_attr: Fix-up a bunch of kernel-doc misdemeanours (bsc#1164780). - scsi: lpfc: lpfc_debugfs: Fix a couple of function documentation issues (bsc#1164780). - scsi: lpfc: lpfc_scsi: Fix a whole host of kernel-doc issues (bsc#1164780). - scsi: lpfc: Refactor WQE structure definitions for common use (bsc#1164780). - scsi: lpfc: Reject CT request for MIB commands (bsc#1164780). - scsi: lpfc: Remove dead code on second !ndlp check (bsc#1164780). - scsi: lpfc: Remove ndlp when a PLOGI/ADISC/PRLI/REG_RPI ultimately fails (bsc#1164780). - scsi: lpfc: Remove set but not used 'qp' (bsc#1164780). - scsi: lpfc: Remove unneeded variable 'status' in lpfc_fcp_cpu_map_store() (bsc#1164780). - scsi: lpfc: Removed unused macros in lpfc_attr.c (bsc#1164780). - scsi: lpfc: Rework locations of ndlp reference taking (bsc#1164780). - scsi: lpfc: Rework remote port lock handling (bsc#1164780). - scsi: lpfc: Rework remote port ref counting and node freeing (bsc#1164780). - scsi: lpfc: Unsolicited ELS leaves node in incorrect state while dropping it (bsc#1164780). - scsi: lpfc: Update changed file copyrights for 2020 (bsc#1164780). - scsi: lpfc: Update lpfc version to 12.8.0.4 (bsc#1164780). - scsi: lpfc: Update lpfc version to 12.8.0.5 (bsc#1164780). - scsi: lpfc: Update lpfc version to 12.8.0.6 (bsc#1164780). - scsi: lpfc: Use generic power management (bsc#1164780). - scsi: qla2xxx: Change post del message from debug level to log level (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Convert to DEFINE_SHOW_ATTRIBUTE (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Do not check for fw_started while posting NVMe command (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Do not consume srb greedily (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Drop TARGET_SCF_LOOKUP_LUN_FROM_TAG (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix compilation issue in PPC systems (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix crash during driver load on big endian machines (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix device loss on 4G and older HBAs (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix flash update in 28XX adapters on big endian machines (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix FW initialization error on big endian machines (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix N2N and NVMe connect retry failure (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix return of uninitialized value in rval (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix the call trace for flush workqueue (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Handle aborts correctly for port undergoing deletion (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Handle incorrect entry_type entries (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: If fcport is undergoing deletion complete I/O with retry (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Initialize variable in qla8044_poll_reg() (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Limit interrupt vectors to number of CPUs (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Move sess cmd list/lock to driver (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Remove in_interrupt() from qla82xx-specific code (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Remove in_interrupt() from qla83xx-specific code (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: remove incorrect sparse #ifdef (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Remove trailing semicolon in macro definition (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Return EBUSY on fcport deletion (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Tear down session if FW say it is down (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Update version to 10.02.00.104-k (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Use constant when it is known (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: Remove unneeded break statements (bsc#1164780). - scsi: storvsc: Fix error return in storvsc_probe() (git-fixes). - scsi: target: tcm_qla2xxx: Remove BUG_ON(in_interrupt()) (bsc#1172538 bsc#1179142 bsc#1179810). - serial: 8250_omap: Avoid FIFO corruption caused by MDR1 access (git-fixes). - serial: 8250_pci: Add Realtek 816a and 816b (git-fixes). - serial: amba-pl011: Make sure we initialize the port.lock spinlock (git-fixes). - serial: ar933x_uart: set UART_CS_{RX,TX}_READY_ORIDE (git-fixes). - serial: txx9: add missing platform_driver_unregister() on error in serial_txx9_init (git-fixes). - serial_core: Check for port state when tty is in error state (git-fixes). - SMB3: Honor 'handletimeout' flag for multiuser mounts (bsc#1176558). - SMB3: Honor 'posix' flag for multiuser mounts (bsc#1176559). - SMB3: Honor lease disabling for multiuser mounts (git-fixes). - soc/tegra: fuse: Fix index bug in get_process_id (git-fixes). - soc: imx: gpc: fix power up sequencing (git-fixes). - soc: mediatek: Check if power domains can be powered on at boot time (git-fixes). - soc: qcom: smp2p: Safely acquire spinlock without IRQs (git-fixes). - soc: ti: Fix reference imbalance in knav_dma_probe (git-fixes). - soc: ti: knav_qmss: fix reference leak in knav_queue_probe (git-fixes). - spi: Add call to spi_slave_abort() function when spidev driver is released (git-fixes). - spi: bcm63xx-hsspi: fix missing clk_disable_unprepare() on error in bcm63xx_hsspi_resume (git-fixes). - spi: davinci: Fix use-after-free on unbind (git-fixes). - spi: dw: Enable interrupts in accordance with DMA xfer mode (git-fixes). - spi: dw: Fix Rx-only DMA transfers (git-fixes). - spi: dw: Return any value retrieved from the dma_transfer callback (git-fixes). - spi: Fix memory leak on splited transfers (git-fixes). - spi: img-spfi: fix potential double release (git-fixes). - spi: img-spfi: fix reference leak in img_spfi_resume (git-fixes). - spi: pic32: Do not leak DMA channels in probe error path (git-fixes). - spi: pxa2xx: Add missed security checks (git-fixes). - spi: spi-cavium-thunderx: Add missing pci_release_regions() (git-fixes). - spi: spi-loopback-test: Fix out-of-bounds read (git-fixes). - spi: spi-mem: Fix passing zero to 'PTR_ERR' warning (git-fixes). - spi: spi-mem: fix reference leak in spi_mem_access_start (git-fixes). - spi: spi-ti-qspi: fix reference leak in ti_qspi_setup (git-fixes). - spi: spidev: fix a potential use-after-free in spidev_release() (git-fixes). - spi: st-ssc4: add missed pm_runtime_disable (git-fixes). - spi: st-ssc4: Fix unbalanced pm_runtime_disable() in probe error path (git-fixes). - spi: tegra114: fix reference leak in tegra spi ops (git-fixes). - spi: tegra20-sflash: fix reference leak in tegra_sflash_resume (git-fixes). - spi: tegra20-slink: add missed clk_unprepare (git-fixes). - spi: tegra20-slink: fix reference leak in slink ops of tegra20 (git-fixes). - splice: only read in as much information as there is pipe buffer space (bsc#1179520). - staging: comedi: check validity of wMaxPacketSize of usb endpoints found (git-fixes). - staging: comedi: gsc_hpdi: check dma_alloc_coherent() return value (git-fixes). - staging: comedi: mf6x4: Fix AI end-of-conversion detection (git-fixes). - staging: olpc_dcon: add a missing dependency (git-fixes). - staging: olpc_dcon: Do not call platform_device_unregister() in dcon_probe() (git-fixes). - staging: rtl8188eu: Add device code for TP-Link TL-WN727N v5.21 (git-fixes). - staging: rtl8188eu: Add device id for MERCUSYS MW150US v2 (git-fixes). - staging: rtl8188eu: fix possible null dereference (git-fixes). - staging: rtl8192u: fix multiple memory leaks on error path (git-fixes). - staging: vt6656: set usb_set_intfdata on driver fail (git-fixes). - staging: wlan-ng: fix out of bounds read in prism2sta_probe_usb() (git-fixes). - staging: wlan-ng: properly check endpoint types (git-fixes). - sunrpc: fix copying of multiple pages in gss_read_proxy_verf() (bsc#1103992). - sunrpc: fixed rollback in rpc_gssd_dummy_populate() (git-fixes). - sunrpc: Properly set the @subbuf parameter of xdr_buf_subsegment() (git-fixes). - sunrpc: The RDMA back channel mustn't disappear while requests are outstanding (git-fixes). - svcrdma: fix bounce buffers for unaligned offsets and multiple pages (bsc#1103992). - svcrdma: Fix page leak in svc_rdma_recv_read_chunk() (bsc#1103992). - tcp: Set INET_ECN_xmit configuration in tcp_reinit_congestion_control (bsc#1109837). - thunderbolt: Use 32-bit writes when writing ring producer/consumer (git-fixes). - timer: Fix wheel index calculation on last level (git fixes) - timer: Prevent base->clk from moving backward (git-fixes) - tracing: Fix out of bounds write in get_trace_buf (bsc#1179403). - tty: always relink the port (git-fixes). - tty: Fix ->pgrp locking in tiocspgrp() (git-fixes). - tty: link tty and port before configuring it as console (git-fixes). - tty: synclink_gt: Adjust indentation in several functions (git-fixes). - tty: synclinkmp: Adjust indentation in several functions (git-fixes). - tty:serial:mvebu-uart:fix a wrong return (git-fixes). - uapi/if_ether.h: move __UAPI_DEF_ETHHDR libc define (git-fixes). - uapi/if_ether.h: prevent redefinition of struct ethhdr (git-fixes). - usb: add RESET_RESUME quirk for Snapscan 1212 (git-fixes). - usb: chipidea: ci_hdrc_imx: Pass DISABLE_DEVICE_STREAMING flag to imx6ul (git-fixes). - usb: dummy-hcd: Fix uninitialized array use in init() (git-fixes). - usb: dwc2: Fix IN FIFO allocation (git-fixes). - usb: dwc3: remove the call trace of USBx_GFLADJ (git-fixes). - usb: ehci-omap: Fix PM disable depth umbalance in ehci_hcd_omap_probe (git-fixes). - usb: Fix: Do not skip endpoint descriptors with maxpacket=0 (git-fixes). - usb: fsl: Check memory resource before releasing it (git-fixes). - usb: gadget: composite: Fix possible double free memory bug (git-fixes). - usb: gadget: configfs: fix concurrent issue between composite APIs (git-fixes). - usb: gadget: configfs: Fix missing spin_lock_init() (git-fixes). - usb: gadget: f_acm: add support for SuperSpeed Plus (git-fixes). - usb: gadget: f_fs: Use local copy of descriptors for userspace copy (git-fixes). - usb: gadget: f_midi: setup SuperSpeed Plus descriptors (git-fixes). - usb: gadget: f_rndis: fix bitrate for SuperSpeed and above (git-fixes). - usb: gadget: ffs: ffs_aio_cancel(): Save/restore IRQ flags (git-fixes). - usb: gadget: fix wrong endpoint desc (git-fixes). - usb: gadget: goku_udc: fix potential crashes in probe (git-fixes). - usb: gadget: net2280: fix memory leak on probe error handling paths (git-fixes). - usb: gadget: serial: fix Tx stall after buffer overflow (git-fixes). - usb: gadget: udc: fix possible sleep-in-atomic-context bugs in gr_probe() (git-fixes). - usb: gadget: udc: gr_udc: fix memleak on error handling path in gr_ep_init() (git-fixes). - usb: hso: Fix debug compile warning on sparc32 (git-fixes). - usb: ldusb: use unsigned size format specifiers (git-fixes). - usb: musb: omap2430: Get rid of musb .set_vbus for omap2430 glue (git-fixes). - usb: oxu210hp-hcd: Fix memory leak in oxu_create (git-fixes). - usb: serial: ch341: add new Product ID for CH341A (git-fixes). - usb: serial: ch341: sort device-id entries (git-fixes). - usb: serial: digi_acceleport: clean up modem-control handling (git-fixes). - usb: serial: digi_acceleport: clean up set_termios (git-fixes). - usb: serial: digi_acceleport: fix write-wakeup deadlocks (git-fixes). - usb: serial: digi_acceleport: remove in_interrupt() usage. - usb: serial: digi_acceleport: remove redundant assignment to pointer priv (git-fixes). - usb: serial: digi_acceleport: rename tty flag variable (git-fixes). - usb: serial: digi_acceleport: use irqsave() in USB's complete callback (git-fixes). - usb: serial: keyspan_pda: fix dropped unthrottle interrupts (git-fixes). - usb: serial: keyspan_pda: fix stalled writes (git-fixes). - usb: serial: keyspan_pda: fix tx-unthrottle use-after-free (git-fixes). - usb: serial: keyspan_pda: fix write deadlock (git-fixes). - usb: serial: keyspan_pda: fix write unthrottling (git-fixes). - usb: serial: keyspan_pda: fix write-wakeup use-after-free (git-fixes). - usb: serial: kl5kusb105: fix memleak on open (git-fixes). - usb: serial: mos7720: fix parallel-port state restore (git-fixes). - usb: serial: option: add Fibocom NL668 variants (git-fixes). - usb: serial: option: add interface-number sanity check to flag handling (git-fixes). - usb: serial: option: add support for Thales Cinterion EXS82 (git-fixes). - usb: serial: option: fix Quectel BG96 matching (git-fixes). - usb: Skip endpoints with 0 maxpacket length (git-fixes). - usb: UAS: introduce a quirk to set no_write_same (git-fixes). - usb: usbfs: Suppress problematic bind and unbind uevents (git-fixes). - usblp: poison URBs upon disconnect (git-fixes). - usbnet: ipheth: fix connectivity with iOS 14 (git-fixes). - usermodehelper: reset umask to default before executing user process (bsc#1179406). - video: fbdev: neofb: fix memory leak in neo_scan_monitor() (git-fixes). - vt: do not hardcode the mem allocation upper bound (git-fixes). - vt: Reject zero-sized screen buffer size (git-fixes). - watchdog: coh901327: add COMMON_CLK dependency (git-fixes). - watchdog: da9062: do not ping the hw during stop() (git-fixes). - watchdog: da9062: No need to ping manually before setting timeout (git-fixes). - watchdog: qcom: Avoid context switch in restart handler (git-fixes). - watchdog: sirfsoc: Add missing dependency on HAS_IOMEM (git-fixes). - wimax: fix duplicate initializer warning (git-fixes). - wireless: Use linux/stddef.h instead of stddef.h (git-fixes). - wireless: Use offsetof instead of custom macro (git-fixes). - x86/apic: Fix integer overflow on 10 bit left shift of cpu_khz (bsc#1112178). - x86/insn-eval: Use new for_each_insn_prefix() macro to loop over prefixes bytes (bsc#1112178). - x86/mm/ident_map: Check for errors from ident_pud_init() (bsc#1112178). - x86/mm/mem_encrypt: Fix definition of PMD_FLAGS_DEC_WP (bsc#1112178). - x86/resctrl: Add necessary kernfs_put() calls to prevent refcount leak (bsc#1112178). - x86/resctrl: Fix incorrect local bandwidth when mba_sc is enabled (bsc#1112178). - x86/resctrl: Remove superfluous kernfs_get() calls to prevent refcount leak (bsc#1112178). - x86/resctrl: Remove unused struct mbm_state::chunks_bw (bsc#1112178). - x86/speculation: Fix prctl() when spectre_v2_user={seccomp,prctl},ibpb (bsc#1112178). - x86/tracing: Introduce a static key for exception tracing (bsc#1179895). - x86/traps: Simplify pagefault tracing logic (bsc#1179895). - x86/uprobes: Do not use prefixes.nbytes when looping over prefixes.bytes (bsc#1112178). - xfrm: Fix memleak on xfrm state destroy (bsc#1158775). - xhci: Give USB2 ports time to enter U3 in bus suspend (git-fixes). - xprtrdma: fix incorrect header size calculations (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2021-97=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): kernel-devel-azure-4.12.14-8.58.1 kernel-source-azure-4.12.14-8.58.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (x86_64): kernel-azure-4.12.14-8.58.1 kernel-azure-base-4.12.14-8.58.1 kernel-azure-base-debuginfo-4.12.14-8.58.1 kernel-azure-debuginfo-4.12.14-8.58.1 kernel-azure-devel-4.12.14-8.58.1 kernel-syms-azure-4.12.14-8.58.1 References: https://www.suse.com/security/cve/CVE-2018-20669.html https://www.suse.com/security/cve/CVE-2019-20934.html https://www.suse.com/security/cve/CVE-2020-0444.html https://www.suse.com/security/cve/CVE-2020-0465.html https://www.suse.com/security/cve/CVE-2020-0466.html https://www.suse.com/security/cve/CVE-2020-11668.html https://www.suse.com/security/cve/CVE-2020-15436.html https://www.suse.com/security/cve/CVE-2020-27068.html https://www.suse.com/security/cve/CVE-2020-27777.html https://www.suse.com/security/cve/CVE-2020-27786.html https://www.suse.com/security/cve/CVE-2020-27825.html https://www.suse.com/security/cve/CVE-2020-29371.html https://www.suse.com/security/cve/CVE-2020-29660.html https://www.suse.com/security/cve/CVE-2020-29661.html https://www.suse.com/security/cve/CVE-2020-4788.html https://bugzilla.suse.com/1040855 https://bugzilla.suse.com/1044120 https://bugzilla.suse.com/1044767 https://bugzilla.suse.com/1050242 https://bugzilla.suse.com/1050536 https://bugzilla.suse.com/1050545 https://bugzilla.suse.com/1055117 https://bugzilla.suse.com/1056653 https://bugzilla.suse.com/1056657 https://bugzilla.suse.com/1056787 https://bugzilla.suse.com/1064802 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1066129 https://bugzilla.suse.com/1094840 https://bugzilla.suse.com/1103990 https://bugzilla.suse.com/1103992 https://bugzilla.suse.com/1104389 https://bugzilla.suse.com/1104393 https://bugzilla.suse.com/1109695 https://bugzilla.suse.com/1109837 https://bugzilla.suse.com/1110096 https://bugzilla.suse.com/1111666 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1112374 https://bugzilla.suse.com/1115431 https://bugzilla.suse.com/1118657 https://bugzilla.suse.com/1122971 https://bugzilla.suse.com/1136460 https://bugzilla.suse.com/1136461 https://bugzilla.suse.com/1138374 https://bugzilla.suse.com/1139944 https://bugzilla.suse.com/1144912 https://bugzilla.suse.com/1152457 https://bugzilla.suse.com/1158775 https://bugzilla.suse.com/1164780 https://bugzilla.suse.com/1168952 https://bugzilla.suse.com/1171078 https://bugzilla.suse.com/1172145 https://bugzilla.suse.com/1172538 https://bugzilla.suse.com/1172694 https://bugzilla.suse.com/1173834 https://bugzilla.suse.com/1174784 https://bugzilla.suse.com/1174852 https://bugzilla.suse.com/1176558 https://bugzilla.suse.com/1176559 https://bugzilla.suse.com/1176956 https://bugzilla.suse.com/1177666 https://bugzilla.suse.com/1178270 https://bugzilla.suse.com/1178401 https://bugzilla.suse.com/1178590 https://bugzilla.suse.com/1178634 https://bugzilla.suse.com/1178762 https://bugzilla.suse.com/1179014 https://bugzilla.suse.com/1179015 https://bugzilla.suse.com/1179045 https://bugzilla.suse.com/1179082 https://bugzilla.suse.com/1179107 https://bugzilla.suse.com/1179141 https://bugzilla.suse.com/1179142 https://bugzilla.suse.com/1179204 https://bugzilla.suse.com/1179403 https://bugzilla.suse.com/1179406 https://bugzilla.suse.com/1179418 https://bugzilla.suse.com/1179419 https://bugzilla.suse.com/1179421 https://bugzilla.suse.com/1179429 https://bugzilla.suse.com/1179444 https://bugzilla.suse.com/1179520 https://bugzilla.suse.com/1179578 https://bugzilla.suse.com/1179601 https://bugzilla.suse.com/1179663 https://bugzilla.suse.com/1179670 https://bugzilla.suse.com/1179671 https://bugzilla.suse.com/1179672 https://bugzilla.suse.com/1179673 https://bugzilla.suse.com/1179711 https://bugzilla.suse.com/1179713 https://bugzilla.suse.com/1179714 https://bugzilla.suse.com/1179715 https://bugzilla.suse.com/1179716 https://bugzilla.suse.com/1179722 https://bugzilla.suse.com/1179723 https://bugzilla.suse.com/1179724 https://bugzilla.suse.com/1179745 https://bugzilla.suse.com/1179810 https://bugzilla.suse.com/1179888 https://bugzilla.suse.com/1179895 https://bugzilla.suse.com/1179896 https://bugzilla.suse.com/1179960 https://bugzilla.suse.com/1179963 https://bugzilla.suse.com/1180027 https://bugzilla.suse.com/1180029 https://bugzilla.suse.com/1180031 https://bugzilla.suse.com/1180052 https://bugzilla.suse.com/1180086 https://bugzilla.suse.com/1180117 https://bugzilla.suse.com/1180258 https://bugzilla.suse.com/1180506 From sle-updates at lists.suse.com Tue Jan 12 16:42:23 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Jan 2021 00:42:23 +0100 (CET) Subject: SUSE-SU-2021:0096-1: moderate: Security update for the Linux Kernel Message-ID: <20210112234223.67B8FFCFA@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0096-1 Rating: moderate References: #1040855 #1044120 #1044767 #1055117 #1065729 #1094840 #1109695 #1115431 #1138374 #1139944 #1149032 #1152457 #1152472 #1152489 #1155518 #1156315 #1156395 #1158775 #1161099 #1165933 #1168952 #1171000 #1171078 #1171688 #1172145 #1172733 #1174486 #1175079 #1175480 #1175995 #1176396 #1176942 #1176956 #1177326 #1177500 #1177666 #1177679 #1177733 #1178049 #1178203 #1178270 #1178590 #1178612 #1178634 #1178660 #1178756 #1178780 #1179204 #1179434 #1179435 #1179519 #1179575 #1179578 #1179601 #1179604 #1179639 #1179652 #1179656 #1179670 #1179671 #1179672 #1179673 #1179675 #1179676 #1179677 #1179678 #1179679 #1179680 #1179681 #1179682 #1179683 #1179684 #1179685 #1179687 #1179688 #1179689 #1179690 #1179703 #1179704 #1179707 #1179709 #1179710 #1179711 #1179712 #1179713 #1179714 #1179715 #1179716 #1179745 #1179763 #1179888 #1179892 #1179896 #1179960 #1179963 #1180027 #1180029 #1180031 #1180052 #1180056 #1180086 #1180117 #1180258 #1180261 #1180506 Cross-References: CVE-2020-0444 CVE-2020-0465 CVE-2020-0466 CVE-2020-11668 CVE-2020-27068 CVE-2020-27786 CVE-2020-27825 CVE-2020-27830 CVE-2020-29370 CVE-2020-29373 CVE-2020-29660 CVE-2020-29661 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP2 ______________________________________________________________________________ An update that solves 12 vulnerabilities and has 93 fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027). - CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029). - CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031). - CVE-2020-11668: Fixed the mishandling of invalid descriptors in the Xirlink camera USB driver (bnc#1168952). - CVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086). - CVE-2020-27786: Fixed an out-of-bounds write in the MIDI implementation (bnc#1179601). - CVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960). - CVE-2020-27830: Fixed a null pointer dereference in speakup (bsc#1179656). - CVE-2020-29370: Fixed a race condition in kmem_cache_alloc_bulk (bnc#1179435). - CVE-2020-29373: Fixed an unsafe handling of the root directory during path lookups in fs/io_uring.c (bnc#1179434). - CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745). - CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745). The following non-security bugs were fixed: - ACPI: APEI: Kick the memory_failure() queue for synchronous errors (jsc#SLE-16610). - ACPI: PNP: compare the string length in the matching_id() (git-fixes). - ALSA/hda: apply jack fixup for the Acer Veriton N4640G/N6640G/N2510G (git-fixes). - ALSA: core: memalloc: add page alignment for iram (git-fixes). - ALSA: hda/ca0132 - Change Input Source enum strings (git-fixes). - ALSA: hda/ca0132 - Fix AE-5 rear headphone pincfg (git-fixes). - ALSA: hda/generic: Add option to enforce preferred_dacs pairs (git-fixes). - ALSA: hda/hdmi: always print pin NIDs as hexadecimal (git-fixes). - ALSA: hda/hdmi: packet buffer index must be set before reading value (git-fixes). - ALSA: hda/proc - print DP-MST connections (git-fixes). - ALSA: hda/realtek - Add new codec supported for ALC897 (git-fixes). - ALSA: hda/realtek - Add supported for more Lenovo ALC285 Headset Button (git-fixes). - ALSA: hda/realtek - Enable headset mic of ASUS Q524UQK with ALC255 (git-fixes). - ALSA: hda/realtek - Enable headset mic of ASUS X430UN with ALC256 (git-fixes). - ALSA: hda/realtek - Fixed Dell AIO wrong sound tone (git-fixes). - ALSA: hda/realtek: Add mute LED quirk to yet another HP x360 model (git-fixes). - ALSA: hda/realtek: Add quirk for MSI-GP73 (git-fixes). - ALSA: hda/realtek: Apply jack fixup for Quanta NL3 (git-fixes). - ALSA: hda/realtek: Enable headset of ASUS UX482EG & B9400CEA with ALC294 (git-fixes). - ALSA: hda/realtek: Fix bass speaker DAC assignment on Asus Zephyrus G14 (git-fixes). - ALSA: hda/realtek: make bass spk volume adjustable on a yoga laptop (git-fixes). - ALSA: hda: Fix regressions on clear and reconfig sysfs (git-fixes). - ALSA: pcm: oss: Fix a few more UBSAN fixes (git-fixes). - ALSA: pcm: oss: Fix potential out-of-bounds shift (git-fixes). - ALSA: rawmidi: Access runtime->avail always in spinlock (git-fixes). - ALSA: seq: remove useless function (git-fixes). - ALSA: usb-audio: Add generic implicit fb parsing (bsc#1178203). - ALSA: usb-audio: Add hw constraint for implicit fb sync (bsc#1178203). - ALSA: usb-audio: Add implicit fb support for Steinberg UR22 (git-fixes). - ALSA: usb-audio: Add implicit_fb module option (bsc#1178203). - ALSA: usb-audio: Add quirk for Pioneer DJ DDJ-SR2 (git-fixes). - ALSA: usb-audio: Add snd_usb_get_endpoint() helper (bsc#1178203). - ALSA: usb-audio: Add snd_usb_get_host_interface() helper (bsc#1178203). - ALSA: usb-audio: Add support for Pioneer DJ DDJ-RR controller (git-fixes). - ALSA: usb-audio: Add VID to support native DSD reproduction on FiiO devices (git-fixes). - ALSA: usb-audio: Always set up the parameters after resume (bsc#1178203). - ALSA: usb-audio: Avoid doubly initialization for implicit fb (bsc#1178203). - ALSA: usb-audio: Check implicit feedback EP generically for UAC2 (bsc#1178203). - ALSA: usb-audio: Check valid altsetting at parsing rates for UAC2/3 (bsc#1178203). - ALSA: usb-audio: Constify audioformat pointer references (bsc#1178203). - ALSA: usb-audio: Convert to the common vmalloc memalloc (bsc#1178203). - ALSA: usb-audio: Correct wrongly matching entries with audio class (bsc#1178203). - ALSA: usb-audio: Create endpoint objects at parsing phase (bsc#1178203). - ALSA: usb-audio: Disable sample read check if firmware does not give back (git-fixes). - ALSA: usb-audio: Do not call usb_set_interface() at trigger callback (bsc#1178203). - ALSA: usb-audio: Do not set altsetting before initializing sample rate (bsc#1178203). - ALSA: usb-audio: Drop debug.h (bsc#1178203). - ALSA: usb-audio: Drop keep_interface flag again (bsc#1178203). - ALSA: usb-audio: Drop unneeded snd_usb_substream fields (bsc#1178203). - ALSA: usb-audio: Factor out the implicit feedback quirk code (bsc#1178203). - ALSA: usb-audio: Fix control 'access overflow' errors from chmap (git-fixes). - ALSA: usb-audio: Fix EP matching for continuous rates (bsc#1178203). - ALSA: usb-audio: Fix MOTU M-Series quirks (bsc#1178203). - ALSA: usb-audio: Fix possible stall of implicit fb packet ring-buffer (bsc#1178203). - ALSA: usb-audio: Fix potential out-of-bounds shift (git-fixes). - ALSA: usb-audio: Fix quirks for other BOSS devices (bsc#1178203). - ALSA: usb-audio: Handle discrete rates properly in hw constraints (bsc#1178203). - ALSA: usb-audio: Improve some debug prints (bsc#1178203). - ALSA: usb-audio: Move device rename and profile quirks to an internal table (bsc#1178203). - ALSA: usb-audio: Move snd_usb_autoresume() call out of setup_hw_info() (bsc#1178203). - ALSA: usb-audio: Pass snd_usb_audio object to quirk functions (bsc#1178203). - ALSA: usb-audio: Properly match with audio interface class (bsc#1178203). - ALSA: usb-audio: Quirk for BOSS GT-001 (bsc#1178203). - ALSA: usb-audio: Refactor endpoint management (bsc#1178203). - ALSA: usb-audio: Refactoring endpoint URB deactivation (bsc#1178203). - ALSA: usb-audio: Replace slave/master terms (bsc#1178203). - ALSA: usb-audio: Set and clear sync EP link properly (bsc#1178203). - ALSA: usb-audio: Set callbacks via snd_usb_endpoint_set_callback() (bsc#1178203). - ALSA: usb-audio: Show sync endpoint information in proc outputs (bsc#1178203). - ALSA: usb-audio: Simplify hw_params rules (bsc#1178203). - ALSA: usb-audio: Simplify quirk entries with a macro (bsc#1178203). - ALSA: usb-audio: Simplify rate_min/max and rates set up (bsc#1178203). - ALSA: usb-audio: Simplify snd_usb_init_pitch() arguments (bsc#1178203). - ALSA: usb-audio: Simplify snd_usb_init_sample_rate() arguments (bsc#1178203). - ALSA: usb-audio: Stop both endpoints properly at error (bsc#1178203). - ALSA: usb-audio: Support PCM sync_stop (bsc#1178203). - ALSA: usb-audio: Track implicit fb sync endpoint in audioformat list (bsc#1178203). - ALSA: usb-audio: Unify the code for the next packet size calculation (bsc#1178203). - ALSA: usb-audio: US16x08: fix value count for level meters (git-fixes). - ALSA: usb-audio: Use ALC1220-VB-DT mapping for ASUS ROG Strix TRX40 mobo (bsc#1178203). - ALSA: usb-audio: Use atomic_t for endpoint use_count (bsc#1178203). - ALSA: usb-audio: Use managed buffer allocation (bsc#1178203). - ALSA: usb-audio: Use unsigned char for iface and altsettings fields (bsc#1178203). - ALSA: usb-audio: workaround for iface reset issue (bsc#1178203). - arm64: acpi: Make apei_claim_sea() synchronise with APEI's irq work (jsc#SLE-16610). - ASoC: amd: change clk_get() to devm_clk_get() and add missed checks (git-fixes). - ASoC: arizona: Fix a wrong free in wm8997_probe (git-fixes). - ASoC: cx2072x: Fix doubly definitions of Playback and Capture streams (git-fixes). - ASoC: Intel: bytcr_rt5640: Fix HP Pavilion x2 Detachable quirks (git-fixes). - ASoC: jz4740-i2s: add missed checks for clk_get() (git-fixes). - ASoC: meson: fix COMPILE_TEST error (git-fixes). - ASoC: pcm: DRAIN support reactivation (git-fixes). - ASoC: SOF: control: fix size checks for ext_bytes control .get() (git-fixes). - ASoC: sun4i-i2s: Fix lrck_period computation for I2S justified mode (git-fixes). - ASoC: tegra20-spdif: remove "default m" (git-fixes). - ASoC: ti: davinci-mcasp: remove always zero of davinci_mcasp_get_dt_params (git-fixes). - ASoC: wm8998: Fix PM disable depth imbalance on error (git-fixes). - ASoC: wm_adsp: fix error return code in wm_adsp_load() (git-fixes). - ASoC: wm_adsp: remove "ctl" from list on error in wm_adsp_create_control() (git-fixes). - ath10k: Fix an error handling path (git-fixes). - ath10k: Release some resources in an error handling path (git-fixes). - ath6kl: fix enum-conversion warning (git-fixes). - batman-adv: Consider fragmentation for needed_headroom (git-fixes). - batman-adv: Do not always reallocate the fragmentation skb head (git-fixes). - batman-adv: Reserve needed_*room for fragments (git-fixes). - blk-mq: Remove 'running from the wrong CPU' warning (bsc#1174486). - block: return status code in blk_mq_end_request() (bsc#1171000, bsc#1165933). - Bluetooth: btmtksdio: Add the missed release_firmware() in mtk_setup_firmware() (git-fixes). - Bluetooth: btusb: Add the missed release_firmware() in btusb_mtk_setup_firmware() (git-fixes). - Bluetooth: Fix null pointer dereference in hci_event_packet() (git-fixes). - Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt() (git-fixes). - Bluetooth: hci_h5: fix memory leak in h5_close (git-fixes). - btrfs: add missing check for nocow and compression inode flags (bsc#1178780). - btrfs: allow btrfs_truncate_block() to fallback to nocow for data space reservation (bsc#1161099). - btrfs: fix readahead hang and use-after-free after removing a device (bsc#1179963). - btrfs: fix use-after-free on readahead extent after failure to create it (bsc#1179963). - btrfs: qgroup: do not commit transaction when we already hold the handle (bsc#1178634). - btrfs: qgroup: do not try to wait flushing if we're already holding a transaction (bsc#1179575). - bus: fsl-mc: fix error return code in fsl_mc_object_allocate() (git-fixes). - can: c_can: c_can_power_up(): fix error handling (git-fixes). - can: sja1000: sja1000_err(): do not count arbitration lose as an error (git-fixes). - can: softing: softing_netdev_open(): fix error handling (git-fixes). - can: sun4i_can: sun4i_can_err(): do not count arbitration lose as an error (git-fixes). - cfg80211: initialize rekey_data (git-fixes). - cifs: add NULL check for ses->tcon_ipc (bsc#1178270). - cifs: allow syscalls to be restarted in __smb_send_rqst() (bsc#1176956). - cifs: do not share tcons with DFS (bsc#1178270). - cifs: document and cleanup dfs mount (bsc#1178270). - cifs: ensure correct super block for DFS reconnect (bsc#1178270). - cifs: Fix an error pointer dereference in cifs_mount() (bsc#1178270). - cifs: fix check of tcon dfs in smb1 (bsc#1178270). - cifs: fix DFS mount with cifsacl/modefromsid (bsc#1178270). - cifs: fix double free error on share and prefix (bsc#1178270). - cifs: fix leaked reference on requeued write (bsc#1178270). - cifs: fix potential use-after-free in cifs_echo_request() (bsc#1139944). - cifs: fix uninitialised lease_key in open_shroot() (bsc#1178270). - cifs: get rid of unused parameter in reconn_setup_dfs_targets() (bsc#1178270). - cifs: handle empty list of targets in cifs_reconnect() (bsc#1178270). - cifs: handle hostnames that resolve to same ip in failover (bsc#1178270). - cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1178270). - cifs: merge __{cifs,smb2}_reconnect[_tcon]() into cifs_tree_connect() (bsc#1178270). - cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#1178270). - cifs: reduce number of referral requests in DFS link lookups (bsc#1178270). - cifs: rename reconn_inval_dfs_target() (bsc#1178270). - cifs: set up next DFS target before generic_ip_connect() (bsc#1178270). - clk: at91: sam9x60: remove atmel,osc-bypass support (git-fixes). - clk: ingenic: Fix divider calculation with div tables (git-fixes). - clk: mediatek: Make mtk_clk_register_mux() a static function (git-fixes). - clk: mvebu: a3700: fix the XTAL MODE pin to MPP1_9 (git-fixes). - clk: renesas: r9a06g032: Drop __packed for portability (git-fixes). - clk: s2mps11: Fix a resource leak in error handling paths in the probe function (git-fixes). - clk: sunxi-ng: Make sure divider tables have sentinel (git-fixes). - clk: tegra: Do not return 0 on failure (git-fixes). - clk: tegra: Fix duplicated SE clock entry (git-fixes). - clk: ti: Fix memleak in ti_fapll_synth_setup (git-fixes). - clocksource/drivers/arm_arch_timer: Correct fault programming of CNTKCTL_EL1.EVNTI (git-fixes). - clocksource/drivers/arm_arch_timer: Use stable count reader in erratum sne (git-fixes). - clocksource/drivers/cadence_ttc: Fix memory leak in ttc_setup_clockevent() (git-fixes). - clocksource/drivers/orion: Add missing clk_disable_unprepare() on error path (git-fixes). - compiler_attributes.h: Add 'fallthrough' pseudo keyword for switch/case use (bsc#1178203). - coredump: fix core_pattern parse error (git-fixes). - cpufreq: ap806: Add missing MODULE_DEVICE_TABLE (git-fixes). - cpufreq: highbank: Add missing MODULE_DEVICE_TABLE (git-fixes). - cpufreq: loongson1: Add missing MODULE_ALIAS (git-fixes). - cpufreq: mediatek: Add missing MODULE_DEVICE_TABLE (git-fixes). - cpufreq: scpi: Add missing MODULE_ALIAS (git-fixes). - cpufreq: st: Add missing MODULE_DEVICE_TABLE (git-fixes). - cpufreq: vexpress-spc: Add missing MODULE_ALIAS (git-fixes). - crypto: af_alg - avoid undefined behavior accessing salg_name (git-fixes). - crypto: atmel-i2c - select CONFIG_BITREVERSE (git-fixes). - crypto: crypto4xx - Replace bitwise OR with logical OR in crypto4xx_build_pd (git-fixes). - crypto: ecdh - avoid unaligned accesses in ecdh_set_secret() (git-fixes). - crypto: inside-secure - Fix sizeof() mismatch (git-fixes). - crypto: omap-aes - Fix PM disable depth imbalance in omap_aes_probe (git-fixes). - crypto: qat - fix status check in qat_hal_put_rel_rd_xfer() (git-fixes). - crypto: sun4i-ss - add the A33 variant of SS (git-fixes). - crypto: talitos - Endianess in current_desc_hdr() (git-fixes). - crypto: talitos - Fix return type of current_desc_hdr() (git-fixes). - cw1200: fix missing destroy_workqueue() on error in cw1200_init_common (git-fixes). - dmaengine: mv_xor_v2: Fix error return code in mv_xor_v2_probe() (git-fixes). - drivers: soc: ti: knav_qmss_queue: Fix error return code in knav_queue_probe (git-fixes). - drm/amd/display: Fix wrong return value in dm_update_plane_state() (bsc#1152489) - drm/amdgpu: pass NULL pointer instead of 0 (bsc#1152489) - drm/crc-debugfs: Fix memleak in crc_control_write (bsc#1152472) - drm/gma500: fix error check (bsc#1152472) - drm/i915/gem: Avoid implicit vmap for highmem on x86-32 (bsc#1152489) - drm/i915: Fix sha_text population code (bsc#1152489) - drm/imx: tve remove extraneous type qualifier (bsc#1152489) - drm/mediatek: Add exception handing in mtk_drm_probe() if component (bsc#1152472) - drm/mediatek: Add missing put_device() call in (bsc#1152472) - drm/mediatek: Add missing put_device() call in mtk_drm_kms_init() (bsc#1152472) - drm/msm: Avoid div-by-zero in dpu_crtc_atomic_check() (bsc#1152489) - drm/msm: Drop debug print in _dpu_crtc_setup_lm_bounds() (bsc#1152489) - drm/panfrost: Ensure GPU quirks are always initialised (bsc#1152489) - drm/panfrost: increase readl_relaxed_poll_timeout values (bsc#1152472) - drm/radeon: Prefer lower feedback dividers (bsc#1152489) - drm/sun4i: sun8i-csc: Secondary CSC register correction (bsc#1152489) - drm/vc4/vc4_hdmi: fill ASoC card owner (bsc#1152489) - drm/vc4: crtc: Rework a bit the CRTC state code (bsc#1152472) - drm/vc4: hdmi: Avoid sleeping in atomic context (bsc#1152489) - drm/vkms: fix xrgb on compute crc (bsc#1152472) - drm: mxsfb: check framebuffer pitch (bsc#1152472) - drm: mxsfb: Remove fbdev leftovers (bsc#1152472) - drm: panel: Fix bpc for OrtusTech COM43H4M85ULC panel (bsc#1152489) - drm: panel: Fix bus format for OrtusTech COM43H4M85ULC panel (bsc#1152472) - drm: rcar-du: Put reference to VSP device (bsc#1152489) - EDAC/amd64: Do not load on family 0x15, model 0x13 (bsc#1179763). - EDAC/i10nm: Use readl() to access MMIO registers (bsc#1152489). - EDAC/mce_amd: Use struct cpuinfo_x86.cpu_die_id for AMD NodeId (bsc#1152489). - epoll: Keep a reference on files added to the check list (bsc#1180031). - ethtool: fix error handling in ethtool_phys_id (git-fixes). - ext4: correctly report "not supported" for {usr,grp}jquota when !CONFIG_QUOTA (bsc#1179672). - ext4: fix bogus warning in ext4_update_dx_flag() (bsc#1179716). - ext4: fix leaking sysfs kobject after failed mount (bsc#1179670). - ext4: limit entries returned when counting fsmap records (bsc#1179671). - ext4: unlock xattr_sem properly in ext4_inline_data_truncate() (bsc#1179673). - extcon: max77693: Fix modalias string (git-fixes). - fail_function: Remove a redundant mutex unlock (bsc#1149032). - fbcon: Remove the superfluous break (bsc#1152472) - firmware: arm_sdei: Document the motivation behind these set_fs() calls (jsc#SLE-16610). - fix regression in "epoll: Keep a reference on files added to the check list" (bsc#1180031, git-fixes). - fs/minix: check return value of sb_getblk() (bsc#1179676). - fs/minix: do not allow getting deleted inodes (bsc#1179677). - fs/minix: fix block limit check for V1 filesystems (bsc#1179680). - fs/minix: reject too-large maximum file size (bsc#1179678). - fs/minix: remove expected error message in block_to_path() (bsc#1179681). - fs/minix: set s_maxbytes correctly (bsc#1179679). - fs/ufs: avoid potential u32 multiplication overflow (bsc#1179682). - fs: Do not invalidate page buffers in block_write_full_page() (bsc#1179711). - ftrace: Fix updating FTRACE_FL_TRAMP (git-fixes). - geneve: pull IP header before ECN decapsulation (git-fixes). - genirq/irqdomain: Add an irq_create_mapping_affinity() function (bsc#1065729). - genirq/matrix: Deal with the sillyness of for_each_cpu() on UP (bsc#1156315). - gpio: mvebu: fix potential user-after-free on probe (git-fixes). - gpio: mvebu: update Armada XP per-CPU comment (git-fixes). - HID: add HID_QUIRK_INCREMENT_USAGE_ON_DUPLICATE for Gamevice devices (git-fixes). - HID: Add Logitech Dinovo Edge battery quirk (git-fixes). - HID: add support for Sega Saturn (git-fixes). - HID: cypress: Support Varmilo Keyboards' media hotkeys (git-fixes). - HID: hid-sensor-hub: Fix issue with devices with no report ID (git-fixes). - HID: i2c-hid: add Vero K147 to descriptor override (git-fixes). - HID: ite: Replace ABS_MISC 120/121 events with touchpad on/off keypresses (git-fixes). - HID: logitech-hidpp: Add HIDPP_CONSUMER_VENDOR_KEYS quirk for the Dinovo Edge (git-fixes). - HID: uclogic: Add ID for Trust Flex Design Tablet (git-fixes). - HMAT: Register memory-side cache after parsing (bsc#1178660). - HMAT: Skip publishing target info for nodes with no online memory (bsc#1178660). - HSI: omap_ssi: Do not jump to free ID in ssi_add_controller() (git-fixes). - i2c: qup: Fix error return code in qup_i2c_bam_schedule_desc() (git-fixes). - IB/isert: Fix unaligned immediate-data handling (bsc#1152489) - IB/mlx4: Add and improve logging (bsc#1152489) - IB/mlx4: Add support for MRA (bsc#1152489) - IB/mlx4: Adjust delayed work when a dup is observed (bsc#1152489) - IB/mlx4: Fix starvation in paravirt mux/demux (bsc#1152489) - IB/mthca: fix return value of error branch in mthca_init_cq() (bsc#1152489) - IB/rdmavt: Fix sizeof mismatch (bsc#1152489) - IB/srpt: Fix memory leak in srpt_add_one (bsc#1152489) - IB/uverbs: Set IOVA on IB MR in uverbs layer (bsc#1152489) - ibmvnic: add some debugs (bsc#1179896 ltc#190255). - ibmvnic: avoid memset null scrq msgs (bsc#1044767 ltc#155231 git-fixes). - ibmvnic: continue fatal error reset after passive init (bsc#1171078 ltc#184239 git-fixes). - ibmvnic: delay next reset if hard reset fails (bsc#1094840 ltc#167098 git-fixes). - ibmvnic: enhance resetting status check during module exit (bsc#1065729). - ibmvnic: fix call_netdevice_notifiers in do_reset (bsc#1115431 ltc#171853 git-fixes). - ibmvnic: fix NULL pointer dereference in reset_sub_crq_queues (bsc#1040855 ltc#155067 git-fixes). - ibmvnic: fix: NULL pointer dereference (bsc#1044767 ltc#155231 git-fixes). - ibmvnic: notify peers when failover and migration happen (bsc#1044120 ltc#155423 git-fixes). - ibmvnic: restore adapter state on failed reset (bsc#1152457 ltc#174432 git-fixes). - iio: adc: rockchip_saradc: fix missing clk_disable_unprepare() on error in rockchip_saradc_resume (git-fixes). - iio: buffer: Fix demux update (git-fixes). - iio:adc:ti-ads124s08: Fix alignment and data leak issues (git-fixes). - iio:adc:ti-ads124s08: Fix buffer being too long (git-fixes). - iio:imu:bmi160: Fix too large a buffer (git-fixes). - iio:light:rpr0521: Fix timestamp alignment and prevent data leak (git-fixes). - iio:light:st_uvis25: Fix timestamp alignment and prevent data leak (git-fixes). - iio:magnetometer:mag3110: Fix alignment and data leak issues (git-fixes). - iio:pressure:mpl3115: Force alignment of buffer (git-fixes). - inet_ecn: Fix endianness of checksum update when setting ECT(1) (git-fixes). - Input: ads7846 - fix integer overflow on Rt calculation (git-fixes). - Input: ads7846 - fix race that causes missing releases (git-fixes). - Input: ads7846 - fix unaligned access on 7845 (git-fixes). - Input: cm109 - do not stomp on control URB (git-fixes). - Input: cros_ec_keyb - send 'scancodes' in addition to key events (git-fixes). - Input: cyapa_gen6 - fix out-of-bounds stack access (git-fixes). - Input: goodix - add upside-down quirk for Teclast X98 Pro tablet (git-fixes). - Input: i8042 - add Acer laptops to the i8042 reset list (git-fixes). - Input: i8042 - add ByteSpeed touchpad to noloop table (git-fixes). - Input: i8042 - allow insmod to succeed on devices without an i8042 controller (git-fixes). - Input: i8042 - fix error return code in i8042_setup_aux() (git-fixes). - Input: omap4-keypad - fix runtime PM error handling (git-fixes). - Input: xpad - support Ardwiino Controllers (git-fixes). - iomap: Clear page error before beginning a write (bsc#1179683). - iomap: Mark read blocks uptodate in write_begin (bsc#1179684). - iomap: Set all uptodate bits for an Uptodate page (bsc#1179685). - iommu/amd: Set DTE[IntTabLen] to represent 512 IRTEs (bsc#1179652). - iwlwifi: mvm: fix kernel panic in case of assert during CSA (git-fixes). - iwlwifi: mvm: hook up missing RX handlers (git-fixes). - iwlwifi: pcie: add one missing entry for AX210 (git-fixes). - iwlwifi: pcie: limit memory read spin time (git-fixes). - jbd2: fix up sparse warnings in checkpoint code (bsc#1179707). - kABI workaround for HD-audio generic parser (git-fixes). - kABI workaround for USB audio driver (bsc#1178203). - kABI: genirq: add back irq_create_mapping (bsc#1065729). - kernel/cpu: add arch override for clear_tasks_mm_cpumask() mm handling (bsc#1055117 ltc#159753 git-fixes bsc#1179888 ltc#190253). - KVM: PPC: Book3S HV: XIVE: Fix possible oops when accessing ESB page (bsc#1156395). - lan743x: fix for potential NULL pointer dereference with bare card (git-fixes). - libfs: fix error cast of negative value in simple_attr_write() (bsc#1179709). - locking/percpu-rwsem: Use this_cpu_{inc,dec}() for read_count (bsc#1149032). - mac80211: do not set set TDLS STA bandwidth wider than possible (git-fixes). - mac80211: mesh: fix mesh_pathtbl_init() error path (git-fixes). - media: gspca: Fix memory leak in probe (git-fixes). - media: imx214: Fix stop streaming (git-fixes). - media: ipu3-cio2: Make the field on subdev format V4L2_FIELD_NONE (git-fixes). - media: ipu3-cio2: Remove traces of returned buffers (git-fixes). - media: ipu3-cio2: Return actual subdev format (git-fixes). - media: ipu3-cio2: Serialise access to pad format (git-fixes). - media: ipu3-cio2: Validate mbus format in setting subdev format (git-fixes). - media: max2175: fix max2175_set_csm_mode() error code (git-fixes). - media: msi2500: assign SPI bus number dynamically (git-fixes). - media: mtk-vcodec: add missing put_device() call in mtk_vcodec_init_dec_pm() (git-fixes). - media: mtk-vcodec: add missing put_device() call in mtk_vcodec_init_enc_pm() (git-fixes). - media: mtk-vcodec: add missing put_device() call in mtk_vcodec_release_dec_pm() (git-fixes). - media: saa7146: fix array overflow in vidioc_s_audio() (git-fixes). - media: siano: fix memory leak of debugfs members in smsdvb_hotplug (git-fixes). - media: solo6x10: fix missing snd_card_free in error handling case (git-fixes). - media: sunxi-cir: ensure IR is handled when it is continuous (git-fixes). - media: tm6000: Fix sizeof() mismatches (git-fixes). - media: uvcvideo: Accept invalid bFormatIndex and bFrameIndex values (bsc#1180117). - memstick: fix a double-free bug in memstick_check (git-fixes). - memstick: r592: Fix error return in r592_probe() (git-fixes). - mfd: rt5033: Fix errorneous defines (git-fixes). - mm,memory_failure: always pin the page in madvise_inject_error (bsc#1180258). - mm/error_inject: Fix allow_error_inject function signatures (bsc#1179710). - mm/memory-failure: Add memory_failure_queue_kick() (jsc#SLE-16610). - mm/memory_hotplug: shrink zones when offlining memory (bsc#1177679). - mm/userfaultfd: do not access vma->vm_mm after calling handle_userfault() (bsc#1179204). - mm: memcg: fix memcg reclaim soft lockup (VM Functionality, bsc#1180056). - mmc: block: Fixup condition for CMD13 polling for RPMB requests (git-fixes). - mmc: pxamci: Fix error return code in pxamci_probe (git-fixes). - mtd: rawnand: gpmi: fix reference count leak in gpmi ops (git-fixes). - mtd: rawnand: gpmi: Fix the random DMA timeout issue (git-fixes). - mtd: rawnand: meson: Fix a resource leak in init (git-fixes). - mtd: rawnand: meson: fix meson_nfc_dma_buffer_release() arguments (git-fixes). - mtd: rawnand: qcom: Fix DMA sync on FLASH_STATUS register read (git-fixes). - mtd: spinand: Fix OOB read (git-fixes). - mwifiex: fix mwifiex_shutdown_sw() causing sw reset failure (git-fixes). - net/x25: prevent a couple of overflows (bsc#1178590). - net: sctp: Rename fallthrough label to unhandled (bsc#1178203). - nfc: s3fwrn5: Release the nfc firmware (git-fixes). - nvme-fabrics: allow to queue requests for live queues (git-fixes). - nvme-fabrics: do not check state NVME_CTRL_NEW for request acceptance (bsc#1179519). - nvme-fc: avoid calling _nvme_fc_abort_outstanding_ios from interrupt context (bsc#1177326). - nvme-fc: cancel async events before freeing event struct (git-fixes). - nvme-fc: eliminate terminate_io use by nvme_fc_error_recovery (bsc#1177326). - nvme-fc: fix error loop in create_hw_io_queues (git-fixes). - nvme-fc: fix io timeout to abort I/O (bsc#1177326). - nvme-fc: remove err_work work item (bsc#1177326). - nvme-fc: remove nvme_fc_terminate_io() (bsc#1177326). - nvme-fc: shorten reconnect delay if possible for FC (git-fixes). - nvme-fc: track error_recovery while connecting (bsc#1177326). - nvme-fc: wait for queues to freeze before calling (git-fixes). - nvme-multipath: fix deadlock between ana_work and scan_work (git-fixes). - nvme-multipath: fix deadlock due to head->lock (git-fixes). - nvme-pci: properly print controller address (git-fixes). - nvme-rdma: avoid race between time out and tear down (bsc#1179519). - nvme-rdma: avoid repeated request completion (bsc#1179519). - nvme-rdma: cancel async events before freeing event struct (git-fixes). - nvme-rdma: fix controller reset hang during traffic (bsc#1179519). - nvme-rdma: fix reset hang if controller died in the middle of a reset (bsc#1179519). - nvme-rdma: fix timeout handler (bsc#1179519). - nvme-rdma: handle unexpected nvme completion data length (bsc#1178612). - nvme-rdma: serialize controller teardown sequences (bsc#1179519). - nvme-tcp: avoid race between time out and tear down (bsc#1179519). - nvme-tcp: avoid repeated request completion (bsc#1179519). - nvme-tcp: avoid scheduling io_work if we are already polling (bsc#1179519). - nvme-tcp: break from io_work loop if recv failed (bsc#1179519). - nvme-tcp: cancel async events before freeing event struct (git-fixes). - nvme-tcp: do not poll a non-live queue (bsc#1179519). - nvme-tcp: fix controller reset hang during traffic (bsc#1179519). - nvme-tcp: fix possible crash in recv error flow (bsc#1179519). - nvme-tcp: fix possible leakage during error flow (git-fixes). - nvme-tcp: fix reset hang if controller died in the middle of a reset (bsc#1179519). - nvme-tcp: fix timeout handler (bsc#1179519). - nvme-tcp: have queue prod/cons send list become a llist (bsc#1179519). - nvme-tcp: leverage request plugging (bsc#1179519). - nvme-tcp: move send failure to nvme_tcp_try_send (bsc#1179519). - nvme-tcp: optimize network stack with setting msg flags (bsc#1179519). - nvme-tcp: optimize queue io_cpu assignment for multiple queue (git-fixes). - nvme-tcp: serialize controller teardown sequences (bsc#1179519). - nvme-tcp: set MSG_SENDPAGE_NOTLAST with MSG_MORE when we have (bsc#1179519). - nvme-tcp: try to send request in queue_rq context (bsc#1179519). - nvme-tcp: use bh_lock in data_ready (bsc#1179519). - nvme: do not protect ns mutation with ns->head->lock (git-fixes). - nvme: have nvme_wait_freeze_timeout return if it timed out (bsc#1179519). - nvme: introduce nvme_sync_io_queues (bsc#1179519). - nvme: Revert: Fix controller creation races with teardown (git-fixes). - nvmet-fc: fix missing check for no hostport struct (bsc#1176942). - nvmet-tcp: fix maxh2cdata icresp parameter (bsc#1179892). - ocfs2: fix unbalanced locking (bsc#1180506). - orinoco: Move context allocation after processing the skb (git-fixes). - PCI: brcmstb: Initialize "tmp" before use (git-fixes). - PCI: Fix overflow in command-line resource alignment requests (git-fixes). - PCI: Fix pci_slot_release() NULL pointer dereference (git-fixes). - PCI: iproc: Fix out-of-bound array accesses (git-fixes). - pinctrl: amd: remove debounce filter setting in IRQ type setting (git-fixes). - pinctrl: aspeed: Fix GPIO requests on pass-through banks (git-fixes). - pinctrl: baytrail: Avoid clearing debounce value when turning it off (git-fixes). - pinctrl: falcon: add missing put_device() call in pinctrl_falcon_probe() (git-fixes). - pinctrl: merrifield: Set default bias in case no particular value given (git-fixes). - platform/chrome: cros_ec_spi: Do not overwrite spi::mode (git-fixes). - platform/x86: acer-wmi: add automatic keyboard background light toggle key as KEY_LIGHTS_TOGGLE (git-fixes). - platform/x86: dell-smbios-base: Fix error return code in dell_smbios_init (git-fixes). - platform/x86: intel-vbtn: Allow switch events on Acer Switch Alpha 12 (git-fixes). - platform/x86: intel-vbtn: Support for tablet mode on HP Pavilion 13 x360 PC (git-fixes). - platform/x86: mlx-platform: Fix item counter assignment for MSN2700, MSN24xx systems (git-fixes). - platform/x86: mlx-platform: remove an unused variable (git-fixes). - platform/x86: mlx-platform: Remove PSU EEPROM from default platform configuration (git-fixes). - platform/x86: mlx-platform: Remove PSU EEPROM from MSN274x platform configuration (git-fixes). - platform/x86: thinkpad_acpi: Add BAT1 is primary battery quirk for Thinkpad Yoga 11e 4th gen (git-fixes). - platform/x86: thinkpad_acpi: Do not report SW_TABLET_MODE on Yoga 11e (git-fixes). - platform/x86: touchscreen_dmi: Add info for the Irbis TW118 tablet (git-fixes). - power: supply: axp288_charger: Fix HP Pavilion x2 10 DMI matching (git-fixes). - power: supply: bq24190_charger: fix reference leak (git-fixes). - powerpc/64: Set up a kernel stack for secondaries before cpu_restore() (bsc#1065729). - powerpc/64s/powernv: Fix memory corruption when saving SLB entries on MCE (jsc#SLE-9246 git-fixes). - powerpc/64s/pseries: Fix hash tlbiel_all_isa300 for guest kernels (bsc#1179888 ltc#190253). - powerpc/64s: Fix allnoconfig build since uaccess flush (bsc#1177666 git-fixes). - powerpc/64s: Fix hash ISA v3.0 TLBIEL instruction generation (bsc#1055117 ltc#159753 git-fixes bsc#1179888 ltc#190253). - powerpc/64s: Trim offlined CPUs from mm_cpumasks (bsc#1055117 ltc#159753 git-fixes bsc#1179888 ltc#190253). - powerpc/bitops: Fix possible undefined behaviour with fls() and fls64() (bsc#1156395). - powerpc/eeh_cache: Fix a possible debugfs deadlock (bsc#1156395). - powerpc/numa: Fix a regression on memoryless node 0 (bsc#1179639 ltc#189002). - powerpc/pci: Remove LSI mappings on device teardown (bsc#1172145 ltc#184630). - powerpc/perf: Fix crash with is_sier_available when pmu is not set (bsc#1179578 ltc#189313). - powerpc/pseries/hibernation: remove redundant cacheinfo update (bsc#1138374 ltc#178199 git-fixes). - powerpc/pseries: Pass MSI affinity to irq_create_mapping() (bsc#1065729). - powerpc/smp: Add __init to init_big_cores() (bsc#1109695 ltc#171067 git-fixes). - powerpc/xmon: Change printk() to pr_cont() (bsc#1065729). - powerpc: Avoid broken GCC __attribute__((optimize)) (bsc#1156395). - powerpc: Fix incorrect stw{, ux, u, x} instructions in __set_pte_at (bsc#1065729). - pwm: lp3943: Dynamically allocate PWM chip base (git-fixes). - pwm: zx: Add missing cleanup in error path (git-fixes). - qede: Notify qedr when mtu has changed (bsc#1152489) - qtnfmac: fix error return code in qtnf_pcie_probe() (git-fixes). - quota: clear padding in v2r1_mem2diskdqb() (bsc#1179714). - RDMA/addr: Fix race with netevent_callback()/rdma_addr_cancel() (bsc#1152489) - RDMA/bnxt_re: Do not add user qps to flushlist (bsc#1152489) - RDMA/bnxt_re: Fix sizeof mismatch for allocation of pbl_tbl. (bsc#1152489) - RDMA/core: Fix bogus WARN_ON during ib_unregister_device_queued() (bsc#1152489) - RDMA/core: Fix reported speed and width (bsc#1152489) - RDMA/core: Fix return error value in _ib_modify_qp() to negative (bsc#1152489) - RDMA/core: Free DIM memory in error unwind (bsc#1152489) - RDMA/core: Stop DIM before destroying CQ (bsc#1152489) - RDMA/counter: Allow manually bind QPs with different pids to same counter (bsc#1152489) - RDMA/counter: Only bind user QPs in auto mode (bsc#1152489) - RDMA/hns: Add check for the validity of sl configuration (bsc#1152489) - RDMA/hns: Bugfix for memory window mtpt configuration (bsc#1152489) - RDMA/hns: Correct typo of hns_roce_create_cq() (bsc#1152489) - RDMA/hns: Fix missing sq_sig_type when querying QP (bsc#1152489) - RDMA/hns: Set the unsupported wr opcode (bsc#1152489) - RDMA/ipoib: Set rtnl_link_ops for ipoib interfaces (bsc#1152489) - RDMA/mlx5: Disable IB_DEVICE_MEM_MGT_EXTENSIONS if IB_WR_REG_MR can't work (bsc#1152489) - RDMA/netlink: Remove CAP_NET_RAW check when dump a raw QP (bsc#1152489) - RDMA/pvrdma: Fix missing kfree() in pvrdma_register_device() (bsc#1152489) - RDMA/qedr: Endianness warnings cleanup (bsc#1152489) - RDMA/qedr: Fix doorbell setting (bsc#1152489) - RDMA/qedr: Fix inline size returned for iWARP (bsc#1152489) - RDMA/qedr: Fix iWARP active mtu display (bsc#1152489) - RDMA/qedr: Fix memory leak in iWARP CM (bsc#1152489) - RDMA/qedr: Fix qp structure memory leak (bsc#1152489) - RDMA/qedr: Fix resource leak in qedr_create_qp (bsc#1152489) - RDMA/qedr: Fix use of uninitialized field (bsc#1152489) - RDMA/qedr: SRQ's bug fixes (bsc#1152489) - RDMA/rxe: Drop pointless checks in rxe_init_ports (bsc#1152489) - RDMA/rxe: Fix memleak in rxe_mem_init_user (bsc#1152489) - RDMA/rxe: Fix skb lifetime in rxe_rcv_mcast_pkt() (bsc#1152489) - RDMA/rxe: Fix the parent sysfs read when the interface has 15 chars (bsc#1152489) - RDMA/rxe: Handle skb_clone() failure in rxe_recv.c (bsc#1152489) - RDMA/rxe: Prevent access to wr->next ptr afrer wr is posted to send queue (bsc#1152489) - RDMA/rxe: Remove unused rxe_mem_map_pages (bsc#1152489) - RDMA/rxe: Return void from rxe_init_port_param() (bsc#1152489) - RDMA/rxe: Return void from rxe_mem_init_dma() (bsc#1152489) - RDMA/rxe: Skip dgid check in loopback mode (bsc#1152489) - RDMA/srpt: Fix typo in srpt_unregister_mad_agent docstring (bsc#1152489) - RDMA/umem: Fix ib_umem_find_best_pgsz() for mappings that cross a page boundary (bsc#1152489) - RDMA/umem: Prevent small pages from being returned by ib_umem_find_best_pgsz() (bsc#1152489) - Re-import the upstream uvcvideo fix; one more fix will be added later (bsc#1180117) - regmap: Remove duplicate `type` field from regmap `regcache_sync` trace event (git-fixes). - regulator: axp20x: Fix DLDO2 voltage control register mask for AXP22x (git-fixes). - regulator: mcp16502: add linear_min_sel (git-fixes). - reiserfs: Fix oops during mount (bsc#1179715). - reiserfs: Initialize inode keys properly (bsc#1179713). - remoteproc: q6v5-mss: fix error handling in q6v5_pds_enable (git-fixes). - remoteproc: qcom: Fix potential NULL dereference in adsp_init_mmio() (git-fixes). - remoteproc: qcom: fix reference leak in adsp_start (git-fixes). - rsi: fix error return code in rsi_reset_card() (git-fixes). - rtc: ep93xx: Fix NULL pointer dereference in ep93xx_rtc_read_time (git-fixes). - rtc: hym8563: enable wakeup when applicable (git-fixes). - rtw88: debug: Fix uninitialized memory in debugfs code (git-fixes). - s390/cpuinfo: show processor physical address (git-fixes). - s390/pci: fix CPU address in MSI for directed IRQ (git-fixes). - s390/qeth: delay draining the TX buffers (git-fixes). - s390/qeth: fix af_iucv notification race (git-fixes). - s390/qeth: fix tear down of async TX buffers (git-fixes). - s390/qeth: make af_iucv TX notification call more robust (bsc#1179604 LTC#190151). - s390: add 3f program exception handler (git-fixes). - samples/bpf: Remove unused test_ipip.sh (bsc#1155518). - samples: bpf: Refactor test_cgrp2_sock2 program with libbpf (bsc#1155518). - sched/fair: Fix overutilized update in enqueue_task_fair() (git-fixes) - sched/fair: Fix race between runtime distribution and (git-fixes) - sched/fair: Fix wrong cpu selecting from isolated domain (git-fixes) - sched/fair: Refill bandwidth before scaling (git-fixes) - sched: correct SD_flags returned by tl->sd_flags() (git-fixes) - scsi: core: Fix VPD LUN ID designator priorities (bsc#1178049). - scsi: core: Return BLK_STS_AGAIN for ALUA transitioning (bsc#1165933, bsc#1171000). - scsi: fnic: Avoid looping in TRANS ETH on unload (bsc#1175079). - scsi: fnic: Change shost_printk() to FNIC_FCS_DBG() (bsc#1175079). - scsi: fnic: Change shost_printk() to FNIC_MAIN_DBG() (bsc#1175079). - scsi: fnic: Set scsi_set_resid() only for underflow (bsc#1175079). - scsi: fnic: Validate io_req before others (bsc#1175079). - scsi: lpfc: Add FDMI Vendor MIB support (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Convert abort handling to SLI-3 and SLI-4 handlers (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Convert SCSI I/O completions to SLI-3 and SLI-4 handlers (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Convert SCSI path to use common I/O submission path (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Correct null ndlp reference on routine exit (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Drop nodelist reference on error in lpfc_gen_req() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Enable common send_io interface for SCSI and NVMe (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Enable common wqe_template support for both SCSI and NVMe (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Enlarge max_sectors in scsi host templates (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Extend the RDF FPIN Registration descriptor for additional events (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix duplicate wq_create_version check (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix fall-through warnings for Clang (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix FLOGI/PLOGI receive race condition in pt2pt discovery (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix initial FLOGI failure due to BBSCN not supported (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix invalid sleeping context in lpfc_sli4_nvmet_alloc() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix memory leak on lcb_context (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix missing prototype for lpfc_nvmet_prep_abort_wqe() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix missing prototype warning for lpfc_fdmi_vendor_attr_mi() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix NPIV discovery and Fabric Node detection (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix NPIV Fabric Node reference counting (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix pointer defereference before it is null checked issue (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix refcounting around SCSI and NVMe transport APIs (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix removal of SCSI transport device get and put on dev structure (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix scheduling call while in softirq context in lpfc_unreg_rpi (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix set but not used warnings from Rework remote port lock handling (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix set but unused variables in lpfc_dev_loss_tmo_handler() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix spelling mistake "Cant" -> "Can't" (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix variable 'vport' set but not used in lpfc_sli4_abts_err_handler() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_attr: Demote kernel-doc format for redefined functions (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_attr: Fix-up a bunch of kernel-doc misdemeanours (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_bsg: Provide correct documentation for a bunch of functions (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_debugfs: Fix a couple of function documentation issues (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_nvme: Fix some kernel-doc related issues (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_nvme: Remove unused variable 'phba' (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_nvmet: Fix-up some formatting and doc-rot issues (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_scsi: Fix a whole host of kernel-doc issues (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Re-fix use after free in lpfc_rq_buf_free() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Refactor WQE structure definitions for common use (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Reject CT request for MIB commands (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Remove dead code on second !ndlp check (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Remove ndlp when a PLOGI/ADISC/PRLI/REG_RPI ultimately fails (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Remove set but not used 'qp' (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Remove unneeded variable 'status' in lpfc_fcp_cpu_map_store() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Removed unused macros in lpfc_attr.c (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Rework locations of ndlp reference taking (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Rework remote port lock handling (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Rework remote port ref counting and node freeing (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Unsolicited ELS leaves node in incorrect state while dropping it (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Update changed file copyrights for 2020 (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Update lpfc version to 12.8.0.4 (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Update lpfc version to 12.8.0.5 (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Update lpfc version to 12.8.0.6 (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Use generic power management (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: mpt3sas: A small correction in _base_process_reply_queue (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Add bypass_dirty_port_flag parameter (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Add functions to check if any cmd is outstanding on Target and LUN (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Add module parameter multipath_on_hba (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Allocate memory for hba_port objects (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Bump driver version to 35.101.00.00 (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Cancel the running work during host reset (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Capture IOC data for debugging purposes (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Define hba_port structure (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Detect tampered Aero and Sea adapters (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Disable DIF when prot_mask set to zero (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Do not call disable_irq from IRQ poll handler (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Do not change the DMA coherent mask after allocations (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Dump system registers for debugging (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Fix double free warnings (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Fix error returns in BRM_status_show (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Fix memset() in non-RDPQ mode (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Fix reply queue count in non RDPQ mode (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Fix set but unused variable (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Fix sync irqs (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Fix unlock imbalance (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Get device objects using sas_address & portID (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Get sas_device objects using device's rphy (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Handle RDPQ DMA allocation in same 4G region (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Handle vSES vphy object during HBA reset (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Handling HBA vSES device (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Memset config_cmds.reply buffer with zeros (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Postprocessing of target and LUN reset (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Rearrange _scsih_mark_responding_sas_device() (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Remove NULL check before freeing function (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Remove pci-dma-compat wrapper API (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Remove superfluous memset() (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Rename and export interrupt mask/unmask functions (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Rename function name is_MSB_are_same (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Rename transport_del_phy_from_an_existing_port() (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Separate out RDPQ allocation to new function (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Set valid PhysicalPort in SMPPassThrough (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Update driver version to 35.100.00.00 (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Update hba_port objects after host reset (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Update hba_port's sas_address & phy_mask (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Update mpt3sas version to 33.101.00.00 (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Use true, false for ioc->use_32bit_dma (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: use true,false for bool variables (jsc#SLE-16914, bsc#1177733). - scsi: qla2xxx: Change post del message from debug level to log level (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Convert to DEFINE_SHOW_ATTRIBUTE (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Do not check for fw_started while posting NVMe command (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Do not consume srb greedily (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Drop TARGET_SCF_LOOKUP_LUN_FROM_TAG (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix compilation issue in PPC systems (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix crash during driver load on big endian machines (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix device loss on 4G and older HBAs (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix flash update in 28XX adapters on big endian machines (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix FW initialization error on big endian machines (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix N2N and NVMe connect retry failure (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix return of uninitialized value in rval (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix the call trace for flush workqueue (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Handle aborts correctly for port undergoing deletion (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Handle incorrect entry_type entries (bsc#1171688 bsc#1172733). - scsi: qla2xxx: If fcport is undergoing deletion complete I/O with retry (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Initialize variable in qla8044_poll_reg() (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Limit interrupt vectors to number of CPUs (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Move sess cmd list/lock to driver (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Remove in_interrupt() from qla82xx-specific code (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Remove in_interrupt() from qla83xx-specific code (bsc#1171688 bsc#1172733). - scsi: qla2xxx: remove incorrect sparse #ifdef (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Return EBUSY on fcport deletion (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Tear down session if FW say it is down (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Update version to 10.02.00.104-k (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Use constant when it is known (bsc#1171688 bsc#1172733). - scsi: Remove unneeded break statements (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: storvsc: Fix error return in storvsc_probe() (git-fixes). - scsi: target: tcm_qla2xxx: Remove BUG_ON(in_interrupt()) (bsc#1171688 bsc#1172733). - scsi_dh_alua: return BLK_STS_AGAIN for ALUA transitioning state (bsc#1165933, bsc#1171000). - scsi_dh_alua: set 'transitioning' state on unit attention (bsc#1171000, bsc#1165933). - selftest/bpf: Add missed ip6ip6 test back (bsc#1155518). - selftests/bpf/test_offload.py: Reset ethtool features after failed setting (bsc#1155518). - selftests/bpf: Fix invalid use of strncat in test_sockmap (bsc#1155518). - selftests/bpf: Print reason when a tester could not run a program (bsc#1155518). - serial: 8250_omap: Avoid FIFO corruption caused by MDR1 access (git-fixes). - serial_core: Check for port state when tty is in error state (git-fixes). - slimbus: qcom-ngd-ctrl: Avoid sending power requests without QMI (git-fixes). - soc/tegra: fuse: Fix index bug in get_process_id (git-fixes). - soc: amlogic: canvas: add missing put_device() call in meson_canvas_get() (git-fixes). - soc: fsl: dpio: Get the cpumask through cpumask_of(cpu) (git-fixes). - soc: mediatek: Check if power domains can be powered on at boot time (git-fixes). - soc: qcom: geni: More properly switch to DMA mode (git-fixes). - soc: qcom: smp2p: Safely acquire spinlock without IRQs (git-fixes). - soc: renesas: rmobile-sysc: Fix some leaks in rmobile_init_pm_domains() (git-fixes). - soc: ti: Fix reference imbalance in knav_dma_probe (git-fixes). - soc: ti: knav_qmss: fix reference leak in knav_queue_probe (git-fixes). - speakup: fix uninitialized flush_lock (git-fixes). - spi: atmel-quadspi: Disable clock in probe error path (git-fixes). - spi: atmel-quadspi: Fix AHB memory accesses (git-fixes). - spi: bcm63xx-hsspi: fix missing clk_disable_unprepare() on error in bcm63xx_hsspi_resume (git-fixes). - spi: davinci: Fix use-after-free on unbind (git-fixes). - spi: fix resource leak for drivers without .remove callback (git-fixes). - spi: img-spfi: fix reference leak in img_spfi_resume (git-fixes). - spi: mt7621: Disable clock in probe error path (git-fixes). - spi: mt7621: fix missing clk_disable_unprepare() on error in mt7621_spi_probe (git-fixes). - spi: mxs: fix reference leak in mxs_spi_probe (git-fixes). - spi: pic32: Do not leak DMA channels in probe error path (git-fixes). - spi: spi-mem: Fix passing zero to 'PTR_ERR' warning (git-fixes). - spi: spi-mem: fix reference leak in spi_mem_access_start (git-fixes). - spi: spi-nxp-fspi: fix fspi panic by unexpected interrupts (git-fixes). - spi: spi-ti-qspi: fix reference leak in ti_qspi_setup (git-fixes). - spi: sprd: fix reference leak in sprd_spi_remove (git-fixes). - spi: st-ssc4: Fix unbalanced pm_runtime_disable() in probe error path (git-fixes). - spi: stm32: fix reference leak in stm32_spi_resume (git-fixes). - spi: synquacer: Disable clock in probe error path (git-fixes). - spi: tegra114: fix reference leak in tegra spi ops (git-fixes). - spi: tegra20-sflash: fix reference leak in tegra_sflash_resume (git-fixes). - spi: tegra20-slink: fix reference leak in slink ops of tegra20 (git-fixes). - staging: comedi: mf6x4: Fix AI end-of-conversion detection (git-fixes). - staging: olpc_dcon: Do not call platform_device_unregister() in dcon_probe() (git-fixes). - thunderbolt: Fix use-after-free in remove_unplugged_switch() (git-fixes). - tty: Fix ->pgrp locking in tiocspgrp() (git-fixes). - tty: Fix ->session locking (bsc#1179745). - ubifs: dent: Fix some potential memory leaks while iterating entries (bsc#1179703). - ubifs: Do not parse authentication mount options in remount process (bsc#1179688). - ubifs: Fix a memleak after dumping authentication mount options (bsc#1179687). - ubifs: Fix wrong orphan node deletion in ubifs_jnl_update|rename (bsc#1179675). - ubifs: journal: Make sure to not dirty twice for auth nodes (bsc#1179704). - ubifs: mount_ubifs: Release authentication resource in error handling path (bsc#1179689). - ubifs: xattr: Fix some potential memory leaks while iterating entries (bsc#1179690). - udf: Fix memory leak when mounting (bsc#1179712). - usb/max3421: fix return error code in max3421_probe() (git-fixes). - usb: add RESET_RESUME quirk for Snapscan 1212 (git-fixes). - usb: chipidea: ci_hdrc_imx: Pass DISABLE_DEVICE_STREAMING flag to imx6ul (git-fixes). - usb: ehci-omap: Fix PM disable depth umbalance in ehci_hcd_omap_probe (git-fixes). - usb: gadget: f_acm: add support for SuperSpeed Plus (git-fixes). - usb: gadget: f_fs: Re-use SS descriptors for SuperSpeedPlus (git-fixes). - usb: gadget: f_fs: Use local copy of descriptors for userspace copy (git-fixes). - usb: gadget: f_midi: setup SuperSpeed Plus descriptors (git-fixes). - usb: gadget: f_rndis: fix bitrate for SuperSpeed and above (git-fixes). - usb: host: ehci-tegra: Fix error handling in tegra_ehci_probe() (git-fixes). - usb: mtu3: fix memory corruption in mtu3_debugfs_regset() (git-fixes). - usb: oxu210hp-hcd: Fix memory leak in oxu_create (git-fixes). - usb: quirks: Add USB_QUIRK_DISCONNECT_SUSPEND quirk for Lenovo A630Z TIO built-in usb-audio card (git-fixes). - usb: serial: ch341: add new Product ID for CH341A (git-fixes). - usb: serial: ch341: sort device-id entries (git-fixes). - usb: serial: digi_acceleport: fix write-wakeup deadlocks (git-fixes). - usb: serial: keyspan_pda: fix dropped unthrottle interrupts (git-fixes). - usb: serial: keyspan_pda: fix stalled writes (git-fixes). - usb: serial: keyspan_pda: fix tx-unthrottle use-after-free (git-fixes). - usb: serial: keyspan_pda: fix write deadlock (git-fixes). - usb: serial: keyspan_pda: fix write unthrottling (git-fixes). - usb: serial: keyspan_pda: fix write-wakeup use-after-free (git-fixes). - usb: serial: kl5kusb105: fix memleak on open (git-fixes). - usb: serial: mos7720: fix parallel-port state restore (git-fixes). - usb: serial: option: add Fibocom NL668 variants (git-fixes). - usb: serial: option: add interface-number sanity check to flag handling (git-fixes). - usb: serial: option: add support for Thales Cinterion EXS82 (git-fixes). - usb: serial: option: fix Quectel BG96 matching (git-fixes). - usb: UAS: introduce a quirk to set no_write_same (git-fixes). - usbnet: ipheth: fix connectivity with iOS 14 (git-fixes). - video: fbdev: radeon: Fix memleak in radeonfb_pci_register (bsc#1152472) - video: fbdev: sis: fix null ptr dereference (bsc#1152472) - watchdog: armada_37xx: Add missing dependency on HAS_IOMEM (git-fixes). - watchdog: coh901327: add COMMON_CLK dependency (git-fixes). - watchdog: Fix potential dereferencing of null pointer (git-fixes). - watchdog: qcom: Avoid context switch in restart handler (git-fixes). - watchdog: sirfsoc: Add missing dependency on HAS_IOMEM (git-fixes). - watchdog: sprd: change to use usleep_range() instead of busy loop (git-fixes). - watchdog: sprd: check busy bit before new loading rather than after that (git-fixes). - watchdog: sprd: remove watchdog disable from resume fail path (git-fixes). - wimax: fix duplicate initializer warning (git-fixes). - x86/apic/vector: Fix ordering in vector assignment (bsc#1156315). - x86/CPU/AMD: Remove amd_get_nb_id() (bsc#1152489). - x86/CPU/AMD: Save AMD NodeId as cpu_die_id (bsc#1152489). - x86/ima: use correct identifier for SetupMode variable (bsc#1152489). - x86/insn-eval: Use new for_each_insn_prefix() macro to loop over prefixes bytes (bsc#1152489). - x86/mce: Do not overwrite no_way_out if mce_end() fails (bsc#1152489). - x86/mm/ident_map: Check for errors from ident_pud_init() (bsc#1152489). - x86/mm/mem_encrypt: Fix definition of PMD_FLAGS_DEC_WP (bsc#1152489). - x86/resctrl: Add necessary kernfs_put() calls to prevent refcount leak (bsc#1152489). - x86/resctrl: Fix AMD L3 QOS CDP enable/disable (bsc#1152489). - x86/resctrl: Fix incorrect local bandwidth when mba_sc is enabled (bsc#1152489). - x86/resctrl: Remove superfluous kernfs_get() calls to prevent refcount leak (bsc#1152489). - x86/resctrl: Remove unused struct mbm_state::chunks_bw (bsc#1152489). - x86/speculation: Fix prctl() when spectre_v2_user={seccomp,prctl},ibpb (bsc#1152489). - x86/topology: Set cpu_die_id only if DIE_TYPE found (bsc#1152489). - x86/uprobes: Do not use prefixes.nbytes when looping over prefixes.bytes (bsc#1152489). - xhci-pci: Allow host runtime PM as default for Intel Alpine Ridge LP (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2021-96=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): kernel-devel-azure-5.3.18-18.32.1 kernel-source-azure-5.3.18-18.32.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (x86_64): kernel-azure-5.3.18-18.32.1 kernel-azure-debuginfo-5.3.18-18.32.1 kernel-azure-debugsource-5.3.18-18.32.1 kernel-azure-devel-5.3.18-18.32.1 kernel-azure-devel-debuginfo-5.3.18-18.32.1 kernel-syms-azure-5.3.18-18.32.1 References: https://www.suse.com/security/cve/CVE-2020-0444.html https://www.suse.com/security/cve/CVE-2020-0465.html https://www.suse.com/security/cve/CVE-2020-0466.html https://www.suse.com/security/cve/CVE-2020-11668.html https://www.suse.com/security/cve/CVE-2020-27068.html https://www.suse.com/security/cve/CVE-2020-27786.html https://www.suse.com/security/cve/CVE-2020-27825.html https://www.suse.com/security/cve/CVE-2020-27830.html https://www.suse.com/security/cve/CVE-2020-29370.html https://www.suse.com/security/cve/CVE-2020-29373.html https://www.suse.com/security/cve/CVE-2020-29660.html https://www.suse.com/security/cve/CVE-2020-29661.html https://bugzilla.suse.com/1040855 https://bugzilla.suse.com/1044120 https://bugzilla.suse.com/1044767 https://bugzilla.suse.com/1055117 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1094840 https://bugzilla.suse.com/1109695 https://bugzilla.suse.com/1115431 https://bugzilla.suse.com/1138374 https://bugzilla.suse.com/1139944 https://bugzilla.suse.com/1149032 https://bugzilla.suse.com/1152457 https://bugzilla.suse.com/1152472 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1155518 https://bugzilla.suse.com/1156315 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1158775 https://bugzilla.suse.com/1161099 https://bugzilla.suse.com/1165933 https://bugzilla.suse.com/1168952 https://bugzilla.suse.com/1171000 https://bugzilla.suse.com/1171078 https://bugzilla.suse.com/1171688 https://bugzilla.suse.com/1172145 https://bugzilla.suse.com/1172733 https://bugzilla.suse.com/1174486 https://bugzilla.suse.com/1175079 https://bugzilla.suse.com/1175480 https://bugzilla.suse.com/1175995 https://bugzilla.suse.com/1176396 https://bugzilla.suse.com/1176942 https://bugzilla.suse.com/1176956 https://bugzilla.suse.com/1177326 https://bugzilla.suse.com/1177500 https://bugzilla.suse.com/1177666 https://bugzilla.suse.com/1177679 https://bugzilla.suse.com/1177733 https://bugzilla.suse.com/1178049 https://bugzilla.suse.com/1178203 https://bugzilla.suse.com/1178270 https://bugzilla.suse.com/1178590 https://bugzilla.suse.com/1178612 https://bugzilla.suse.com/1178634 https://bugzilla.suse.com/1178660 https://bugzilla.suse.com/1178756 https://bugzilla.suse.com/1178780 https://bugzilla.suse.com/1179204 https://bugzilla.suse.com/1179434 https://bugzilla.suse.com/1179435 https://bugzilla.suse.com/1179519 https://bugzilla.suse.com/1179575 https://bugzilla.suse.com/1179578 https://bugzilla.suse.com/1179601 https://bugzilla.suse.com/1179604 https://bugzilla.suse.com/1179639 https://bugzilla.suse.com/1179652 https://bugzilla.suse.com/1179656 https://bugzilla.suse.com/1179670 https://bugzilla.suse.com/1179671 https://bugzilla.suse.com/1179672 https://bugzilla.suse.com/1179673 https://bugzilla.suse.com/1179675 https://bugzilla.suse.com/1179676 https://bugzilla.suse.com/1179677 https://bugzilla.suse.com/1179678 https://bugzilla.suse.com/1179679 https://bugzilla.suse.com/1179680 https://bugzilla.suse.com/1179681 https://bugzilla.suse.com/1179682 https://bugzilla.suse.com/1179683 https://bugzilla.suse.com/1179684 https://bugzilla.suse.com/1179685 https://bugzilla.suse.com/1179687 https://bugzilla.suse.com/1179688 https://bugzilla.suse.com/1179689 https://bugzilla.suse.com/1179690 https://bugzilla.suse.com/1179703 https://bugzilla.suse.com/1179704 https://bugzilla.suse.com/1179707 https://bugzilla.suse.com/1179709 https://bugzilla.suse.com/1179710 https://bugzilla.suse.com/1179711 https://bugzilla.suse.com/1179712 https://bugzilla.suse.com/1179713 https://bugzilla.suse.com/1179714 https://bugzilla.suse.com/1179715 https://bugzilla.suse.com/1179716 https://bugzilla.suse.com/1179745 https://bugzilla.suse.com/1179763 https://bugzilla.suse.com/1179888 https://bugzilla.suse.com/1179892 https://bugzilla.suse.com/1179896 https://bugzilla.suse.com/1179960 https://bugzilla.suse.com/1179963 https://bugzilla.suse.com/1180027 https://bugzilla.suse.com/1180029 https://bugzilla.suse.com/1180031 https://bugzilla.suse.com/1180052 https://bugzilla.suse.com/1180056 https://bugzilla.suse.com/1180086 https://bugzilla.suse.com/1180117 https://bugzilla.suse.com/1180258 https://bugzilla.suse.com/1180261 https://bugzilla.suse.com/1180506 From sle-updates at lists.suse.com Tue Jan 12 16:53:38 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Jan 2021 00:53:38 +0100 (CET) Subject: SUSE-RU-2021:0101-1: important: Recommended update for powerpc-utils Message-ID: <20210112235338.2499AFEDA@maintenance.suse.de> SUSE Recommended Update: Recommended update for powerpc-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0101-1 Rating: important References: #1180540 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for powerpc-utils fixes the following issues: - Fix for 'sys_ident' to skip length field from search. (bsc#1180540 ltc#190620) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-101=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (ppc64le): powerpc-utils-1.3.7.1-5.23.1 powerpc-utils-debuginfo-1.3.7.1-5.23.1 powerpc-utils-debugsource-1.3.7.1-5.23.1 References: https://bugzilla.suse.com/1180540 From sle-updates at lists.suse.com Tue Jan 12 16:54:34 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Jan 2021 00:54:34 +0100 (CET) Subject: SUSE-SU-2021:0094-1: moderate: Security update for the Linux Kernel Message-ID: <20210112235434.82DDBFEDA@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0094-1 Rating: moderate References: #1040855 #1044120 #1044767 #1055117 #1065729 #1094840 #1109695 #1112178 #1114648 #1115431 #1138374 #1152457 #1164780 #1171078 #1172538 #1172694 #1174784 #1178401 #1178762 #1179014 #1179015 #1179045 #1179082 #1179107 #1179142 #1179419 #1179444 #1179670 #1179671 #1179672 #1179673 #1179711 #1179713 #1179714 #1179715 #1179716 #1179722 #1179723 #1179724 #1179745 #1179810 #1179888 #1179895 #1179896 #1179960 #1179963 #1180027 #1180029 #1180031 #1180052 #1180086 #1180117 #1180258 #1180506 Cross-References: CVE-2020-0444 CVE-2020-0465 CVE-2020-0466 CVE-2020-27068 CVE-2020-27777 CVE-2020-27825 CVE-2020-29660 CVE-2020-29661 Affected Products: SUSE Linux Enterprise Real Time Extension 12-SP5 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has 46 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960). - CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031). - CVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086). - CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029). - CVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027). - CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745). - CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745). - CVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107). The following non-security bugs were fixed: - ALSA: hda/ca0132 - Change Input Source enum strings (git-fixes). - ALSA: hda/ca0132 - Fix AE-5 rear headphone pincfg (git-fixes). - ALSA: hda: Fix regressions on clear and reconfig sysfs (git-fixes). - ASoC: arizona: Fix a wrong free in wm8997_probe (git-fixes). - ASoC: cx2072x: Fix doubly definitions of Playback and Capture streams (git-fixes). - ASoC: jz4740-i2s: add missed checks for clk_get() (git-fixes). - ASoC: pcm: DRAIN support reactivation (git-fixes). - ASoC: wm8998: Fix PM disable depth imbalance on error (git-fixes). - ASoC: wm_adsp: remove "ctl" from list on error in wm_adsp_create_control() (git-fixes). - ath10k: Fix an error handling path (git-fixes). - ath10k: Release some resources in an error handling path (git-fixes). - ath10k: Remove msdu from idr when management pkt send fails (git-fixes). - ath6kl: fix enum-conversion warning (git-fixes). - Bluetooth: btusb: Fix detection of some fake CSR controllers with a bcdDevice val of 0x0134 (git-fixes). - Bluetooth: Fix null pointer dereference in hci_event_packet() (git-fixes). - Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt() (git-fixes). - btmrvl: Fix firmware filename for sd8997 chipset (bsc#1172694). - btrfs: fix use-after-free on readahead extent after failure to create it (bsc#1179963). - btrfs: remove a BUG_ON() from merge_reloc_roots() (bsc#1174784). - bus: fsl-mc: fix error return code in fsl_mc_object_allocate() (git-fixes). - can: mcp251x: add error check when wq alloc failed (git-fixes). - can: softing: softing_netdev_open(): fix error handling (git-fixes). - cirrus: cs89x0: remove set but not used variable 'lp' (git-fixes). - cirrus: cs89x0: use devm_platform_ioremap_resource() to simplify code (git-fixes). - cpufreq: highbank: Add missing MODULE_DEVICE_TABLE (git-fixes). - cpufreq: loongson1: Add missing MODULE_ALIAS (git-fixes). - cpufreq: scpi: Add missing MODULE_ALIAS (git-fixes). - cpufreq: st: Add missing MODULE_DEVICE_TABLE (git-fixes). - crypto: af_alg - avoid undefined behavior accessing salg_name (git-fixes). - crypto: omap-aes - Fix PM disable depth imbalance in omap_aes_probe (git-fixes). - crypto: qat - fix status check in qat_hal_put_rel_rd_xfer() (git-fixes). - crypto: talitos - Fix return type of current_desc_hdr() (git-fixes). - cw1200: fix missing destroy_workqueue() on error in cw1200_init_common (git-fixes). - drivers: soc: ti: knav_qmss_queue: Fix error return code in knav_queue_probe (git-fixes). - drm/amd/display: remove useless if/else (git-fixes). - drm/amdgpu: fix build_coefficients() argument (git-fixes). - drm/dp_aux_dev: check aux_dev before use in drm_dp_aux_dev_get_by_minor() (git-fixes). - drm/gma500: fix double free of gma_connector (git-fixes). - drm/meson: dw-hdmi: Register a callback to disable the regulator (git-fixes). - drm/msm/dpu: Add newline to printks (git-fixes). - drm/msm/dsi_phy_10nm: implement PHY disabling (git-fixes). - drm/omap: dmm_tiler: fix return error code in omap_dmm_probe() (git-fixes). - drm/rockchip: Avoid uninitialized use of endpoint id in LVDS (git-fixes). - EDAC/i10nm: Use readl() to access MMIO registers (12sp5). - epoll: Keep a reference on files added to the check list (bsc#1180031). - ext4: correctly report "not supported" for {usr,grp}jquota when !CONFIG_QUOTA (bsc#1179672). - ext4: fix bogus warning in ext4_update_dx_flag() (bsc#1179716). - ext4: fix error handling code in add_new_gdb (bsc#1179722). - ext4: fix invalid inode checksum (bsc#1179723). - ext4: fix leaking sysfs kobject after failed mount (bsc#1179670). - ext4: limit entries returned when counting fsmap records (bsc#1179671). - ext4: unlock xattr_sem properly in ext4_inline_data_truncate() (bsc#1179673). - extcon: max77693: Fix modalias string (git-fixes). - fix regression in "epoll: Keep a reference on files added to the check list" (bsc#1180031, git-fixes). - forcedeth: use per cpu to collect xmit/recv statistics (git-fixes). - fs: Do not invalidate page buffers in block_write_full_page() (bsc#1179711). - genirq/irqdomain: Add an irq_create_mapping_affinity() function (bsc#1065729). - HID: Add another Primax PIXART OEM mouse quirk (git-fixes). - HID: Fix slab-out-of-bounds read in hid_field_extract (bsc#1180052). - HSI: omap_ssi: Do not jump to free ID in ssi_add_controller() (git-fixes). - ibmvnic: add some debugs (bsc#1179896 ltc#190255). - ibmvnic: avoid memset null scrq msgs (bsc#1044767 ltc#155231 git-fixes). - ibmvnic: continue fatal error reset after passive init (bsc#1171078 ltc#184239 git-fixes). - ibmvnic: delay next reset if hard reset fails (bsc#1094840 ltc#167098 git-fixes). - ibmvnic: enhance resetting status check during module exit (bsc#1065729). - ibmvnic: fix call_netdevice_notifiers in do_reset (bsc#1115431 ltc#171853 git-fixes). - ibmvnic: fix NULL pointer dereference in reset_sub_crq_queues (bsc#1040855 ltc#155067 git-fixes). - ibmvnic: fix: NULL pointer dereference (bsc#1044767 ltc#155231 git-fixes). - ibmvnic: notify peers when failover and migration happen (bsc#1044120 ltc#155423 git-fixes). - ibmvnic: restore adapter state on failed reset (bsc#1152457 ltc#174432 git-fixes). - iio: adc: rockchip_saradc: fix missing clk_disable_unprepare() on error in rockchip_saradc_resume (git-fixes). - iio:pressure:mpl3115: Force alignment of buffer (git-fixes). - inet_ecn: Fix endianness of checksum update when setting ECT(1) (git-fixes). - Input: ads7846 - fix integer overflow on Rt calculation (git-fixes). - Input: ads7846 - fix race that causes missing releases (git-fixes). - Input: ads7846 - fix unaligned access on 7845 (git-fixes). - Input: cyapa_gen6 - fix out-of-bounds stack access (git-fixes). - Input: i8042 - add ByteSpeed touchpad to noloop table (git-fixes). - Input: i8042 - add Entroware Proteus EL07R4 to nomux and reset lists (git-fixes). - Input: omap4-keypad - fix runtime PM error handling (git-fixes). - Input: trackpoint - add new trackpoint variant IDs (git-fixes). - Input: trackpoint - enable Synaptics trackpoints (git-fixes). - Input: xpad - support Ardwiino Controllers (git-fixes). - kABI fix for g2d (git-fixes). - kABI workaround for dsa/b53 changes (git-fixes). - kABI workaround for net/ipvlan changes (git-fixes). - kABI: ath10k: move a new structure member to the end (git-fixes). - kABI: genirq: add back irq_create_mapping (bsc#1065729). - kernel-source.spec: Fix build with rpm 4.16 (boo#1179015). RPM_BUILD_ROOT is cleared before %%install. Do the unpack into RPM_BUILD_ROOT in %%install - kernel-{binary,source}.spec.in: do not create loop symlinks (bsc#1179082) - kernel/cpu: add arch override for clear_tasks_mm_cpumask() mm handling (bsc#1055117 ltc#159753 git-fixes bsc#1179888 ltc#190253). - kgdb: Fix spurious true from in_dbg_master() (git-fixes). - KVM: x86: reinstate vendor-agnostic check on SPEC_CTRL cpuid bits (bsc#1112178). - mac80211: do not set set TDLS STA bandwidth wider than possible (git-fixes). - mac80211: mesh: fix mesh_pathtbl_init() error path (git-fixes). - matroxfb: avoid -Warray-bounds warning (git-fixes). - md/raid5: fix oops during stripe resizing (git-fixes). - media: mtk-mdp: Fix a refcounting bug on error in init (git-fixes). - media: mtk-vcodec: add missing put_device() call in mtk_vcodec_release_dec_pm() (git-fixes). - media: s5p-g2d: Fix a memory leak in an error handling path in 'g2d_probe()' (git-fixes). - media: saa7146: fix array overflow in vidioc_s_audio() (git-fixes). - media: siano: fix memory leak of debugfs members in smsdvb_hotplug (git-fixes). - media: solo6x10: fix missing snd_card_free in error handling case (git-fixes). - media: uvcvideo: Set media controller entity functions (git-fixes). - media: uvcvideo: Silence shift-out-of-bounds warning (git-fixes). - media: v4l2-async: Fix trivial documentation typo (git-fixes). - memstick: fix a double-free bug in memstick_check (git-fixes). - memstick: r592: Fix error return in r592_probe() (git-fixes). - mfd: rt5033: Fix errorneous defines (git-fixes). - mm,memory_failure: always pin the page in madvise_inject_error (bsc#1180258). - Move upstreamed bt fixes into sorted section - mwifiex: fix mwifiex_shutdown_sw() causing sw reset failure (git-fixes). - net: aquantia: Fix aq_vec_isr_legacy() return value (git-fixes). - net: aquantia: fix LRO with FCS error (git-fixes). - net: dsa: b53: Always use dev->vlan_enabled in b53_configure_vlan() (git-fixes). - net: dsa: b53: Ensure the default VID is untagged (git-fixes). - net: dsa: b53: Fix default VLAN ID (git-fixes). - net: dsa: b53: Properly account for VLAN filtering (git-fixes). - net: dsa: bcm_sf2: Do not assume DSA master supports WoL (git-fixes). - net: dsa: bcm_sf2: potential array overflow in bcm_sf2_sw_suspend() (git-fixes). - net: dsa: qca8k: remove leftover phy accessors (git-fixes). - net: ethernet: ti: cpsw: fix runtime_pm while add/kill vlan (git-fixes). - net: hisilicon: Fix signedness bug in hix5hd2_dev_probe() (git-fixes). - net: macb: add missing barriers when reading descriptors (git-fixes). - net: macb: fix dropped RX frames due to a race (git-fixes). - net: macb: fix error format in dev_err() (git-fixes). - net: macb: fix random memory corruption on RX with 64-bit DMA (git-fixes). - net: pasemi: fix an use-after-free in pasemi_mac_phy_init() (git-fixes). - net: seeq: Fix the function used to release some memory in an error handling path (git-fixes). - net: sh_eth: fix a missing check of of_get_phy_mode (git-fixes). - net: sonic: replace dev_kfree_skb in sonic_send_packet (git-fixes). - net: sonic: return NETDEV_TX_OK if failed to map buffer (git-fixes). - net: stmmac: fix csr_clk can't be zero issue (git-fixes). - net: stmmac: Fix reception of Broadcom switches tags (git-fixes). - net:ethernet:aquantia: Extra spinlocks removed (git-fixes). - nfc: s3fwrn5: Release the nfc firmware (git-fixes). - NFS: fix nfs_path in case of a rename retry (git-fixes). - NFSD: Add missing NFSv2 .pc_func methods (git-fixes). - NFSv4.2: fix client's attribute cache management for copy_file_range (git-fixes). - NFSv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag (git-fixes). - ocfs2: fix unbalanced locking (bsc#1180506). - ocfs2: initialize ip_next_orphan (bsc#1179724). - orinoco: Move context allocation after processing the skb (git-fixes). - PCI: Fix pci_slot_release() NULL pointer dereference (git-fixes). - phy: Revert toggling reset changes (git-fixes). - pinctrl: falcon: add missing put_device() call in pinctrl_falcon_probe() (git-fixes). - platform/x86: dell-smbios-base: Fix error return code in dell_smbios_init (git-fixes). - platform/x86: mlx-platform: Fix item counter assignment for MSN2700, MSN24xx systems (git-fixes). - platform/x86: mlx-platform: remove an unused variable (git-fixes). - platform/x86: mlx-platform: Remove PSU EEPROM from default platform configuration (git-fixes). - platform/x86: mlx-platform: Remove PSU EEPROM from MSN274x platform configuration (git-fixes). - pNFS/flexfiles: Fix list corruption if the mirror count changes (git-fixes). - power: supply: bq24190_charger: fix reference leak (git-fixes). - powerpc/64: Set up a kernel stack for secondaries before cpu_restore() (bsc#1065729). - powerpc/64s/pseries: Fix hash tlbiel_all_isa300 for guest kernels (bsc#1179888 ltc#190253). - powerpc/64s: Fix hash ISA v3.0 TLBIEL instruction generation (bsc#1055117 ltc#159753 git-fixes bsc#1179888 ltc#190253). - powerpc/64s: Trim offlined CPUs from mm_cpumasks (bsc#1055117 ltc#159753 git-fixes bsc#1179888 ltc#190253). - powerpc/pseries/hibernation: remove redundant cacheinfo update (bsc#1138374 ltc#178199 git-fixes). - powerpc/pseries: Pass MSI affinity to irq_create_mapping() (bsc#1065729). - powerpc/smp: Add __init to init_big_cores() (bsc#1109695 ltc#171067 git-fixes). - powerpc/xmon: Change printk() to pr_cont() (bsc#1065729). - powerpc: Fix incorrect stw{, ux, u, x} instructions in __set_pte_at (bsc#1065729). - ppp: remove the PPPIOCDETACH ioctl (git-fixes). - pwm: lp3943: Dynamically allocate PWM chip base (git-fixes). - quota: clear padding in v2r1_mem2diskdqb() (bsc#1179714). - ravb: Fix use-after-free ravb_tstamp_skb (git-fixes). - regmap: Remove duplicate `type` field from regmap `regcache_sync` trace event (git-fixes). - reiserfs: Fix oops during mount (bsc#1179715). - reiserfs: Initialize inode keys properly (bsc#1179713). - rtc: hym8563: enable wakeup when applicable (git-fixes). - scripts/lib/SUSE/MyBS.pm: properly close prjconf Macros: section - scsi: lpfc: Add FDMI Vendor MIB support (bsc#1164780). - scsi: lpfc: Convert abort handling to SLI-3 and SLI-4 handlers (bsc#1164780). - scsi: lpfc: Convert SCSI I/O completions to SLI-3 and SLI-4 handlers (bsc#1164780). - scsi: lpfc: Convert SCSI path to use common I/O submission path (bsc#1164780). - scsi: lpfc: Correct null ndlp reference on routine exit (bsc#1164780). - scsi: lpfc: Drop nodelist reference on error in lpfc_gen_req() (bsc#1164780). - scsi: lpfc: Enable common send_io interface for SCSI and NVMe (bsc#1164780). - scsi: lpfc: Enable common wqe_template support for both SCSI and NVMe (bsc#1164780). - scsi: lpfc: Enlarge max_sectors in scsi host templates (bsc#1164780). - scsi: lpfc: Extend the RDF FPIN Registration descriptor for additional events (bsc#1164780). - scsi: lpfc: Fix duplicate wq_create_version check (bsc#1164780). - scsi: lpfc: Fix fall-through warnings for Clang (bsc#1164780). - scsi: lpfc: Fix FLOGI/PLOGI receive race condition in pt2pt discovery (bsc#1164780). - scsi: lpfc: Fix invalid sleeping context in lpfc_sli4_nvmet_alloc() (bsc#1164780). - scsi: lpfc: Fix memory leak on lcb_context (bsc#1164780). - scsi: lpfc: Fix missing prototype for lpfc_nvmet_prep_abort_wqe() (bsc#1164780). - scsi: lpfc: Fix missing prototype warning for lpfc_fdmi_vendor_attr_mi() (bsc#1164780). - scsi: lpfc: Fix NPIV discovery and Fabric Node detection (bsc#1164780). - scsi: lpfc: Fix NPIV Fabric Node reference counting (bsc#1164780). - scsi: lpfc: Fix pointer defereference before it is null checked issue (bsc#1164780). - scsi: lpfc: Fix refcounting around SCSI and NVMe transport APIs (bsc#1164780). - scsi: lpfc: Fix removal of SCSI transport device get and put on dev structure (bsc#1164780). - scsi: lpfc: Fix scheduling call while in softirq context in lpfc_unreg_rpi (bsc#1164780). - scsi: lpfc: Fix set but not used warnings from Rework remote port lock handling (bsc#1164780). - scsi: lpfc: Fix set but unused variables in lpfc_dev_loss_tmo_handler() (bsc#1164780). - scsi: lpfc: Fix spelling mistake "Cant" -> "Can't" (bsc#1164780). - scsi: lpfc: Fix variable 'vport' set but not used in lpfc_sli4_abts_err_handler() (bsc#1164780). - scsi: lpfc: lpfc_attr: Demote kernel-doc format for redefined functions (bsc#1164780). - scsi: lpfc: lpfc_attr: Fix-up a bunch of kernel-doc misdemeanours (bsc#1164780). - scsi: lpfc: lpfc_debugfs: Fix a couple of function documentation issues (bsc#1164780). - scsi: lpfc: lpfc_scsi: Fix a whole host of kernel-doc issues (bsc#1164780). - scsi: lpfc: Refactor WQE structure definitions for common use (bsc#1164780). - scsi: lpfc: Reject CT request for MIB commands (bsc#1164780). - scsi: lpfc: Remove dead code on second !ndlp check (bsc#1164780). - scsi: lpfc: Remove ndlp when a PLOGI/ADISC/PRLI/REG_RPI ultimately fails (bsc#1164780). - scsi: lpfc: Remove set but not used 'qp' (bsc#1164780). - scsi: lpfc: Remove unneeded variable 'status' in lpfc_fcp_cpu_map_store() (bsc#1164780). - scsi: lpfc: Removed unused macros in lpfc_attr.c (bsc#1164780). - scsi: lpfc: Rework locations of ndlp reference taking (bsc#1164780). - scsi: lpfc: Rework remote port lock handling (bsc#1164780). - scsi: lpfc: Rework remote port ref counting and node freeing (bsc#1164780). - scsi: lpfc: Unsolicited ELS leaves node in incorrect state while dropping it (bsc#1164780). - scsi: lpfc: Update changed file copyrights for 2020 (bsc#1164780). - scsi: lpfc: Update lpfc version to 12.8.0.4 (bsc#1164780). - scsi: lpfc: Update lpfc version to 12.8.0.5 (bsc#1164780). - scsi: lpfc: Update lpfc version to 12.8.0.6 (bsc#1164780). - scsi: lpfc: Use generic power management (bsc#1164780). - scsi: qla2xxx: Change post del message from debug level to log level (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Convert to DEFINE_SHOW_ATTRIBUTE (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Do not check for fw_started while posting NVMe command (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Do not consume srb greedily (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Drop TARGET_SCF_LOOKUP_LUN_FROM_TAG (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix compilation issue in PPC systems (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix crash during driver load on big endian machines (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix device loss on 4G and older HBAs (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix flash update in 28XX adapters on big endian machines (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix FW initialization error on big endian machines (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix N2N and NVMe connect retry failure (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix return of uninitialized value in rval (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix the call trace for flush workqueue (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Handle aborts correctly for port undergoing deletion (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Handle incorrect entry_type entries (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: If fcport is undergoing deletion complete I/O with retry (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Initialize variable in qla8044_poll_reg() (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Limit interrupt vectors to number of CPUs (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Move sess cmd list/lock to driver (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Remove in_interrupt() from qla82xx-specific code (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Remove in_interrupt() from qla83xx-specific code (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: remove incorrect sparse #ifdef (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Remove trailing semicolon in macro definition (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Return EBUSY on fcport deletion (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Tear down session if FW say it is down (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Update version to 10.02.00.104-k (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Use constant when it is known (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: Remove unneeded break statements (bsc#1164780). - scsi: storvsc: Fix error return in storvsc_probe() (git-fixes). - scsi: target: tcm_qla2xxx: Remove BUG_ON(in_interrupt()) (bsc#1172538 bsc#1179142 bsc#1179810). - serial: 8250_omap: Avoid FIFO corruption caused by MDR1 access (git-fixes). - soc/tegra: fuse: Fix index bug in get_process_id (git-fixes). - soc: mediatek: Check if power domains can be powered on at boot time (git-fixes). - soc: qcom: smp2p: Safely acquire spinlock without IRQs (git-fixes). - soc: ti: Fix reference imbalance in knav_dma_probe (git-fixes). - soc: ti: knav_qmss: fix reference leak in knav_queue_probe (git-fixes). - spi: bcm63xx-hsspi: fix missing clk_disable_unprepare() on error in bcm63xx_hsspi_resume (git-fixes). - spi: davinci: Fix use-after-free on unbind (git-fixes). - spi: img-spfi: fix reference leak in img_spfi_resume (git-fixes). - spi: pic32: Do not leak DMA channels in probe error path (git-fixes). - spi: spi-mem: Fix passing zero to 'PTR_ERR' warning (git-fixes). - spi: spi-mem: fix reference leak in spi_mem_access_start (git-fixes). - spi: spi-ti-qspi: fix reference leak in ti_qspi_setup (git-fixes). - spi: tegra114: fix reference leak in tegra spi ops (git-fixes). - spi: tegra20-sflash: fix reference leak in tegra_sflash_resume (git-fixes). - spi: tegra20-slink: fix reference leak in slink ops of tegra20 (git-fixes). - staging: comedi: mf6x4: Fix AI end-of-conversion detection (git-fixes). - staging: olpc_dcon: add a missing dependency (git-fixes). - staging: olpc_dcon: Do not call platform_device_unregister() in dcon_probe() (git-fixes). - sunrpc: fixed rollback in rpc_gssd_dummy_populate() (git-fixes). - SUNRPC: Properly set the @subbuf parameter of xdr_buf_subsegment() (git-fixes). - SUNRPC: The RDMA back channel mustn't disappear while requests are outstanding (git-fixes). - timer: Fix wheel index calculation on last level (git fixes) - timer: Prevent base->clk from moving backward (git-fixes) - uapi/if_ether.h: move __UAPI_DEF_ETHHDR libc define (git-fixes). - uapi/if_ether.h: prevent redefinition of struct ethhdr (git-fixes). - usb: chipidea: ci_hdrc_imx: Pass DISABLE_DEVICE_STREAMING flag to imx6ul (git-fixes). - usb: ehci-omap: Fix PM disable depth umbalance in ehci_hcd_omap_probe (git-fixes). - usb: gadget: f_fs: Use local copy of descriptors for userspace copy (git-fixes). - usb: oxu210hp-hcd: Fix memory leak in oxu_create (git-fixes). - usb: serial: ch341: add new Product ID for CH341A (git-fixes). - usb: serial: ch341: sort device-id entries (git-fixes). - usb: serial: digi_acceleport: clean up modem-control handling (git-fixes). - usb: serial: digi_acceleport: clean up set_termios (git-fixes). - usb: serial: digi_acceleport: fix write-wakeup deadlocks (git-fixes). - usb: serial: digi_acceleport: remove in_interrupt() usage. - usb: serial: digi_acceleport: remove redundant assignment to pointer priv (git-fixes). - usb: serial: digi_acceleport: rename tty flag variable (git-fixes). - usb: serial: digi_acceleport: use irqsave() in USB's complete callback (git-fixes). - usb: serial: keyspan_pda: fix dropped unthrottle interrupts (git-fixes). - usb: serial: keyspan_pda: fix stalled writes (git-fixes). - usb: serial: keyspan_pda: fix tx-unthrottle use-after-free (git-fixes). - usb: serial: keyspan_pda: fix write deadlock (git-fixes). - usb: serial: keyspan_pda: fix write unthrottling (git-fixes). - usb: serial: keyspan_pda: fix write-wakeup use-after-free (git-fixes). - usb: serial: mos7720: fix parallel-port state restore (git-fixes). - usb: serial: option: add Fibocom NL668 variants (git-fixes). - usb: serial: option: add interface-number sanity check to flag handling (git-fixes). - usb: serial: option: add support for Thales Cinterion EXS82 (git-fixes). - usbnet: ipheth: fix connectivity with iOS 14 (git-fixes). - wimax: fix duplicate initializer warning (git-fixes). - x86/apic: Fix integer overflow on 10 bit left shift of cpu_khz (bsc#1112178). - x86/insn-eval: Use new for_each_insn_prefix() macro to loop over prefixes bytes (bsc#1112178). - x86/mm/ident_map: Check for errors from ident_pud_init() (bsc#1112178). - x86/mm/mem_encrypt: Fix definition of PMD_FLAGS_DEC_WP (bsc#1112178). - x86/resctrl: Fix AMD L3 QOS CDP enable/disable (bsc#1114648). - x86/resctrl: Fix incorrect local bandwidth when mba_sc is enabled (bsc#1112178). - x86/resctrl: Remove unused struct mbm_state::chunks_bw (bsc#1112178). - x86/tracing: Introduce a static key for exception tracing (bsc#1179895). - x86/traps: Simplify pagefault tracing logic (bsc#1179895). - x86/uprobes: Do not use prefixes.nbytes when looping over prefixes.bytes (bsc#1112178). - xprtrdma: fix incorrect header size calculations (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 12-SP5: zypper in -t patch SUSE-SLE-RT-12-SP5-2021-94=1 Package List: - SUSE Linux Enterprise Real Time Extension 12-SP5 (x86_64): cluster-md-kmp-rt-4.12.14-10.28.3 cluster-md-kmp-rt-debuginfo-4.12.14-10.28.3 dlm-kmp-rt-4.12.14-10.28.3 dlm-kmp-rt-debuginfo-4.12.14-10.28.3 gfs2-kmp-rt-4.12.14-10.28.3 gfs2-kmp-rt-debuginfo-4.12.14-10.28.3 kernel-rt-4.12.14-10.28.3 kernel-rt-base-4.12.14-10.28.3 kernel-rt-base-debuginfo-4.12.14-10.28.3 kernel-rt-debuginfo-4.12.14-10.28.3 kernel-rt-debugsource-4.12.14-10.28.3 kernel-rt-devel-4.12.14-10.28.3 kernel-rt-devel-debuginfo-4.12.14-10.28.3 kernel-rt_debug-4.12.14-10.28.3 kernel-rt_debug-debuginfo-4.12.14-10.28.3 kernel-rt_debug-debugsource-4.12.14-10.28.3 kernel-rt_debug-devel-4.12.14-10.28.3 kernel-rt_debug-devel-debuginfo-4.12.14-10.28.3 kernel-syms-rt-4.12.14-10.28.3 ocfs2-kmp-rt-4.12.14-10.28.3 ocfs2-kmp-rt-debuginfo-4.12.14-10.28.3 - SUSE Linux Enterprise Real Time Extension 12-SP5 (noarch): kernel-devel-rt-4.12.14-10.28.3 kernel-source-rt-4.12.14-10.28.3 References: https://www.suse.com/security/cve/CVE-2020-0444.html https://www.suse.com/security/cve/CVE-2020-0465.html https://www.suse.com/security/cve/CVE-2020-0466.html https://www.suse.com/security/cve/CVE-2020-27068.html https://www.suse.com/security/cve/CVE-2020-27777.html https://www.suse.com/security/cve/CVE-2020-27825.html https://www.suse.com/security/cve/CVE-2020-29660.html https://www.suse.com/security/cve/CVE-2020-29661.html https://bugzilla.suse.com/1040855 https://bugzilla.suse.com/1044120 https://bugzilla.suse.com/1044767 https://bugzilla.suse.com/1055117 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1094840 https://bugzilla.suse.com/1109695 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1114648 https://bugzilla.suse.com/1115431 https://bugzilla.suse.com/1138374 https://bugzilla.suse.com/1152457 https://bugzilla.suse.com/1164780 https://bugzilla.suse.com/1171078 https://bugzilla.suse.com/1172538 https://bugzilla.suse.com/1172694 https://bugzilla.suse.com/1174784 https://bugzilla.suse.com/1178401 https://bugzilla.suse.com/1178762 https://bugzilla.suse.com/1179014 https://bugzilla.suse.com/1179015 https://bugzilla.suse.com/1179045 https://bugzilla.suse.com/1179082 https://bugzilla.suse.com/1179107 https://bugzilla.suse.com/1179142 https://bugzilla.suse.com/1179419 https://bugzilla.suse.com/1179444 https://bugzilla.suse.com/1179670 https://bugzilla.suse.com/1179671 https://bugzilla.suse.com/1179672 https://bugzilla.suse.com/1179673 https://bugzilla.suse.com/1179711 https://bugzilla.suse.com/1179713 https://bugzilla.suse.com/1179714 https://bugzilla.suse.com/1179715 https://bugzilla.suse.com/1179716 https://bugzilla.suse.com/1179722 https://bugzilla.suse.com/1179723 https://bugzilla.suse.com/1179724 https://bugzilla.suse.com/1179745 https://bugzilla.suse.com/1179810 https://bugzilla.suse.com/1179888 https://bugzilla.suse.com/1179895 https://bugzilla.suse.com/1179896 https://bugzilla.suse.com/1179960 https://bugzilla.suse.com/1179963 https://bugzilla.suse.com/1180027 https://bugzilla.suse.com/1180029 https://bugzilla.suse.com/1180031 https://bugzilla.suse.com/1180052 https://bugzilla.suse.com/1180086 https://bugzilla.suse.com/1180117 https://bugzilla.suse.com/1180258 https://bugzilla.suse.com/1180506 From sle-updates at lists.suse.com Tue Jan 12 17:00:59 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Jan 2021 01:00:59 +0100 (CET) Subject: SUSE-SU-2021:0095-1: important: Security update for the Linux Kernel Message-ID: <20210113000059.1EF4FFEDA@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0095-1 Rating: important References: #1040855 #1044120 #1044767 #1055117 #1065729 #1094840 #1109695 #1112178 #1115431 #1138374 #1144912 #1152457 #1163727 #1164780 #1171078 #1172145 #1172538 #1174784 #1178401 #1178762 #1179014 #1179015 #1179045 #1179082 #1179107 #1179142 #1179419 #1179444 #1179745 #1179810 #1179888 #1179895 #1179896 #1179960 #1179963 #1180027 #1180029 #1180031 #1180052 #1180086 #1180117 #1180258 #1180506 #1180559 Cross-References: CVE-2020-0444 CVE-2020-0465 CVE-2020-0466 CVE-2020-27068 CVE-2020-27777 CVE-2020-27825 CVE-2020-29660 CVE-2020-29661 CVE-2020-36158 Affected Products: SUSE Linux Enterprise Module for Realtime 15-SP1 ______________________________________________________________________________ An update that solves 9 vulnerabilities and has 35 fixes is now available. Description: The SUSE Linux Enterprise 15 SP1 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559). - CVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960). - CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031). - CVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086). - CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029). - CVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027). - CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745). - CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745). - CVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107). The following non-security bugs were fixed: - ACPI: PNP: compare the string length in the matching_id() (git-fixes). - ACPICA: Disassembler: create buffer fields in ACPI_PARSE_LOAD_PASS1 (git-fixes). - ACPICA: Do not increment operation_region reference counts for field units (git-fixes). - ALSA: ca0106: fix error code handling (git-fixes). - ALSA: ctl: allow TLV read operation for callback type of element in locked case (git-fixes). - ALSA: hda - Fix silent audio output and corrupted input on MSI X570-A PRO (git-fixes). - ALSA: hda/ca0132 - Change Input Source enum strings (git-fixes). - ALSA: hda/ca0132 - Fix AE-5 rear headphone pincfg (git-fixes). - ALSA: hda/generic: Add option to enforce preferred_dacs pairs (git-fixes). - ALSA: hda/hdmi: always check pin power status in i915 pin fixup (git-fixes). - ALSA: hda/realtek - Couldn't detect Mic if booting with headset plugged (git-fixes). - ALSA: hda/realtek - Enable headset mic of ASUS Q524UQK with ALC255 (git-fixes). - ALSA: hda/realtek: Enable front panel headset LED on Lenovo ThinkStation P520 (git-fixes). - ALSA: hda: Add NVIDIA codec IDs 9a & 9d through a0 to patch table (git-fixes). - ALSA: hda: Fix potential race in unsol event handler (git-fixes). - ALSA: hda: Fix regressions on clear and reconfig sysfs (git-fixes). - ALSA: info: Drop WARN_ON() from buffer NULL sanity check (git-fixes). - ALSA: isa/wavefront: prevent out of bounds write in ioctl (git-fixes). - ALSA: line6: Perform sanity check for each URB creation (git-fixes). - ALSA: pcm: oss: Fix a few more UBSAN fixes (git-fixes). - ALSA: pcm: oss: Fix potential out-of-bounds shift (git-fixes). - ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw sanity check (git-fixes). - ALSA: timer: Limit max amount of slave instances (git-fixes). - ALSA: usb-audio: Add delay quirk for all Logitech USB devices (git-fixes). - ALSA: usb-audio: Add delay quirk for H570e USB headsets (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for MODX (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for Qu-16 (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for Zoom UAC-2 (git-fixes). - ALSA: usb-audio: add quirk for Denon DCD-1500RE (git-fixes). - ALSA: usb-audio: add quirk for Samsung USBC Headset (AKG) (git-fixes). - ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Alpha S (git-fixes). - ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Flight S (git-fixes). - ALSA: usb-audio: add usb vendor id as DSD-capable for Khadas devices (git-fixes). - ALSA: usb-audio: Disable sample read check if firmware does not give back (git-fixes). - ALSA: usb-audio: Fix control 'access overflow' errors from chmap (git-fixes). - ALSA: usb-audio: Fix OOB access of mixer element list (git-fixes). - ALSA: usb-audio: Fix potential out-of-bounds shift (git-fixes). - ALSA: usb-audio: Fix race against the error recovery URB submission (git-fixes). - ASoC: arizona: Fix a wrong free in wm8997_probe (git-fixes). - ASoC: cx2072x: Fix doubly definitions of Playback and Capture streams (git-fixes). - ASoC: fsl_asrc_dma: Fix dma_chan leak when config DMA channel failed (git-fixes). - ASoC: jz4740-i2s: add missed checks for clk_get() (git-fixes). - ASoC: pcm3168a: The codec does not support S32_LE (git-fixes). - ASoC: pcm: DRAIN support reactivation (git-fixes). - ASoC: rt5677: Mark reg RT5677_PWR_ANLG2 as volatile (git-fixes). - ASoC: sti: fix possible sleep-in-atomic (git-fixes). - ASoC: wm8904: fix regcache handling (git-fixes). - ASoC: wm8998: Fix PM disable depth imbalance on error (git-fixes). - ASoC: wm_adsp: Do not generate kcontrols without READ flags (git-fixes). - ASoC: wm_adsp: remove "ctl" from list on error in wm_adsp_create_control() (git-fixes). - ata/libata: Fix usage of page address by page_address in ata_scsi_mode_select_xlat function (git-fixes). - ath10k: Fix an error handling path (git-fixes). - ath10k: fix backtrace on coredump (git-fixes). - ath10k: fix get invalid tx rate for Mesh metric (git-fixes). - ath10k: fix offchannel tx failure when no ath10k_mac_tx_frm_has_freq (git-fixes). - ath10k: Release some resources in an error handling path (git-fixes). - ath10k: Remove msdu from idr when management pkt send fails (git-fixes). - ath6kl: fix enum-conversion warning (git-fixes). - ath9k_htc: Discard undersized packets (git-fixes). - ath9k_htc: Modify byte order for an error message (git-fixes). - ath9k_htc: Silence undersized packet warnings (git-fixes). - ath9k_htc: Use appropriate rs_datalen type (git-fixes). - backlight: lp855x: Ensure regulators are disabled on probe failure (git-fixes). - Bluetooth: add a mutex lock to avoid UAF in do_enale_set (git-fixes). - Bluetooth: btusb: Fix detection of some fake CSR controllers with a bcdDevice val of 0x0134 (git-fixes). - Bluetooth: Fix advertising duplicated flags (git-fixes). - Bluetooth: Fix null pointer dereference in hci_event_packet() (git-fixes). - Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt() (git-fixes). - btrfs: fix use-after-free on readahead extent after failure to create it (bsc#1179963). - btrfs: remove a BUG_ON() from merge_reloc_roots() (bsc#1174784). - bus: fsl-mc: fix error return code in fsl_mc_object_allocate() (git-fixes). - can: mcp251x: add error check when wq alloc failed (git-fixes). - can: softing: softing_netdev_open(): fix error handling (git-fixes). - cfg80211: initialize rekey_data (git-fixes). - cfg80211: regulatory: Fix inconsistent format argument (git-fixes). - cirrus: cs89x0: remove set but not used variable 'lp' (git-fixes). - cirrus: cs89x0: use devm_platform_ioremap_resource() to simplify code (git-fixes). - clk: at91: usb: continue if clk_hw_round_rate() return zero (git-fixes). - clk: mvebu: a3700: fix the XTAL MODE pin to MPP1_9 (git-fixes). - clk: qcom: Allow constant ratio freq tables for rcg (git-fixes). - clk: qcom: msm8916: Fix the address location of pll->config_reg (git-fixes). - clk: s2mps11: Fix a resource leak in error handling paths in the probe function (git-fixes). - clk: samsung: exynos5433: Add IGNORE_UNUSED flag to sclk_i2s1 (git-fixes). - clk: sunxi-ng: Make sure divider tables have sentinel (git-fixes). - clk: tegra: Fix duplicated SE clock entry (git-fixes). - clk: tegra: Fix Tegra PMC clock out parents (git-fixes). - clk: ti: composite: fix memory leak (git-fixes). - clk: ti: dra7-atl-clock: Remove ti_clk_add_alias call (git-fixes). - clk: ti: Fix memleak in ti_fapll_synth_setup (git-fixes). - clocksource/drivers/asm9260: Add a check for of_clk_get (git-fixes). - cpufreq: highbank: Add missing MODULE_DEVICE_TABLE (git-fixes). - cpufreq: loongson1: Add missing MODULE_ALIAS (git-fixes). - cpufreq: scpi: Add missing MODULE_ALIAS (git-fixes). - cpufreq: st: Add missing MODULE_DEVICE_TABLE (git-fixes). - crypto: af_alg - avoid undefined behavior accessing salg_name (git-fixes). - crypto: omap-aes - Fix PM disable depth imbalance in omap_aes_probe (git-fixes). - crypto: qat - fix status check in qat_hal_put_rel_rd_xfer() (git-fixes). - crypto: talitos - Fix return type of current_desc_hdr() (git-fixes). - cw1200: fix missing destroy_workqueue() on error in cw1200_init_common (git-fixes). - drivers: base: Fix NULL pointer exception in __platform_driver_probe() if a driver developer is foolish (git-fixes). - drivers: soc: ti: knav_qmss_queue: Fix error return code in knav_queue_probe (git-fixes). - drm/amd/display: remove useless if/else (git-fixes). - drm/amdgpu: fix build_coefficients() argument (git-fixes). - drm/dp_aux_dev: check aux_dev before use in drm_dp_aux_dev_get_by_minor() (git-fixes). - drm/gma500: fix double free of gma_connector (git-fixes). - drm/meson: dw-hdmi: Register a callback to disable the regulator (git-fixes). - drm/msm/dpu: Add newline to printks (git-fixes). - drm/msm/dsi_phy_10nm: implement PHY disabling (git-fixes). - drm/omap: dmm_tiler: fix return error code in omap_dmm_probe() (git-fixes). - drm/rockchip: Avoid uninitialized use of endpoint id in LVDS (git-fixes). - epoll: Keep a reference on files added to the check list (bsc#1180031). - extcon: max77693: Fix modalias string (git-fixes). - firmware: qcom: scm: Ensure 'a0' status code is treated as signed (git-fixes). - fix regression in "epoll: Keep a reference on files added to the check list" (bsc#1180031, git-fixes). - forcedeth: use per cpu to collect xmit/recv statistics (git-fixes). - geneve: change from tx_error to tx_dropped on missing metadata (git-fixes). - genirq/irqdomain: Add an irq_create_mapping_affinity() function (bsc#1065729). - gpio: arizona: handle pm_runtime_get_sync failure case (git-fixes). - gpio: gpio-grgpio: fix possible sleep-in-atomic-context bugs in grgpio_irq_map/unmap() (git-fixes). - gpio: max77620: Add missing dependency on GPIOLIB_IRQCHIP (git-fixes). - gpio: max77620: Fixup debounce delays (git-fixes). - gpio: max77620: Use correct unit for debounce times (git-fixes). - gpio: mpc8xxx: Add platform device to gpiochip->parent (git-fixes). - gpio: mvebu: fix potential user-after-free on probe (git-fixes). - gpiolib: acpi: Add honor_wakeup module-option + quirk mechanism (git-fixes). - gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2 10 BYT + AXP288 model (git-fixes). - gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2 10 CHT + AXP288 model (git-fixes). - gpiolib: acpi: Correct comment for HP x2 10 honor_wakeup quirk (git-fixes). - gpiolib: acpi: Rework honor_wakeup option into an ignore_wake option (git-fixes). - gpiolib: acpi: Turn dmi_system_id table into a generic quirk table (git-fixes). - gpiolib: fix up emulated open drain outputs (git-fixes). - HID: Add another Primax PIXART OEM mouse quirk (git-fixes). - HID: apple: Disable Fn-key key-re-mapping on clone keyboards (git-fixes). - HID: core: check whether Usage Page item is after Usage ID items (git-fixes). - HID: core: Correctly handle ReportSize being zero (git-fixes). - HID: cypress: Support Varmilo Keyboards' media hotkeys (git-fixes). - HID: Fix slab-out-of-bounds read in hid_field_extract (bsc#1180052). - HID: hid-sensor-hub: Fix issue with devices with no report ID (git-fixes). - HID: Improve Windows Precision Touchpad detection (git-fixes). - HID: intel-ish-hid: fix wrong error handling in ishtp_cl_alloc_tx_ring() (git-fixes). - HID: logitech-hidpp: Silence intermittent get_battery_capacity errors (git-fixes). - HSI: omap_ssi: Do not jump to free ID in ssi_add_controller() (git-fixes). - hwmon: (aspeed-pwm-tacho) Avoid possible buffer overflow (git-fixes). - hwmon: (jc42) Fix name to have no illegal characters (git-fixes). - i2c: algo: pca: Reapply i2c bus settings after reset (git-fixes). - i2c: i801: Fix resume bug (git-fixes). - i2c: piix4: Detect secondary SMBus controller on AMD AM4 chipsets (git-fixes). - i2c: pxa: clear all master action bits in i2c_pxa_stop_message() (git-fixes). - i2c: pxa: fix i2c_pxa_scream_blue_murder() debug output (git-fixes). - ibmvnic: add some debugs (bsc#1179896 ltc#190255). - ibmvnic: avoid memset null scrq msgs (bsc#1044767 ltc#155231 git-fixes). - ibmvnic: continue fatal error reset after passive init (bsc#1171078 ltc#184239 git-fixes). - ibmvnic: delay next reset if hard reset fails (bsc#1094840 ltc#167098 git-fixes). - ibmvnic: enhance resetting status check during module exit (bsc#1065729). - ibmvnic: fix call_netdevice_notifiers in do_reset (bsc#1115431 ltc#171853 git-fixes). - ibmvnic: fix NULL pointer dereference in reset_sub_crq_queues (bsc#1040855 ltc#155067 git-fixes). - ibmvnic: fix: NULL pointer dereference (bsc#1044767 ltc#155231 git-fixes). - ibmvnic: notify peers when failover and migration happen (bsc#1044120 ltc#155423 git-fixes). - ibmvnic: restore adapter state on failed reset (bsc#1152457 ltc#174432 git-fixes). - iio: adc: max1027: Reset the device at probe time (git-fixes). - iio: adc: rockchip_saradc: fix missing clk_disable_unprepare() on error in rockchip_saradc_resume (git-fixes). - iio: bmp280: fix compensation of humidity (git-fixes). - iio: buffer: Fix demux update (git-fixes). - iio: dac: ad5592r: fix unbalanced mutex unlocks in ad5592r_read_raw() (git-fixes). - iio: fix center temperature of bmc150-accel-core (git-fixes). - iio: humidity: hdc100x: fix IIO_HUMIDITYRELATIVE channel reporting (git-fixes). - iio: light: bh1750: Resolve compiler warning and make code more readable (git-fixes). - iio: srf04: fix wrong limitation in distance measuring (git-fixes). - iio:imu:bmi160: Fix too large a buffer (git-fixes). - iio:pressure:mpl3115: Force alignment of buffer (git-fixes). - inet_ecn: Fix endianness of checksum update when setting ECT(1) (git-fixes). - Input: ads7846 - fix integer overflow on Rt calculation (git-fixes). - Input: ads7846 - fix race that causes missing releases (git-fixes). - Input: ads7846 - fix unaligned access on 7845 (git-fixes). - Input: atmel_mxt_ts - disable IRQ across suspend (git-fixes). - Input: cm109 - do not stomp on control URB (git-fixes). - Input: cros_ec_keyb - send 'scancodes' in addition to key events (git-fixes). - Input: cyapa_gen6 - fix out-of-bounds stack access (git-fixes). - Input: goodix - add upside-down quirk for Teclast X98 Pro tablet (git-fixes). - Input: i8042 - add Acer laptops to the i8042 reset list (git-fixes). - Input: i8042 - add ByteSpeed touchpad to noloop table (git-fixes). - Input: i8042 - add Entroware Proteus EL07R4 to nomux and reset lists (git-fixes). - Input: i8042 - allow insmod to succeed on devices without an i8042 controller (git-fixes). - Input: omap4-keypad - fix runtime PM error handling (git-fixes). - Input: synaptics - enable InterTouch for ThinkPad X1E 1st gen (git-fixes). - Input: trackpoint - add new trackpoint variant IDs (git-fixes). - Input: trackpoint - enable Synaptics trackpoints (git-fixes). - Input: xpad - support Ardwiino Controllers (git-fixes). - ipw2x00: Fix -Wcast-function-type (git-fixes). - irqchip/alpine-msi: Fix freeing of interrupts on allocation error path (git-fixes). - iwlwifi: mvm: fix kernel panic in case of assert during CSA (git-fixes). - iwlwifi: mvm: fix unaligned read of rx_pkt_status (git-fixes). - iwlwifi: pcie: limit memory read spin time (git-fixes). - kABI workaround for dsa/b53 changes (git-fixes). - kABI workaround for HD-audio generic parser (git-fixes). - kABI workaround for net/ipvlan changes (git-fixes). - kABI: ath10k: move a new structure member to the end (git-fixes). - kABI: genirq: add back irq_create_mapping (bsc#1065729). - kernel-source.spec: Fix build with rpm 4.16 (boo#1179015). RPM_BUILD_ROOT is cleared before %%install. Do the unpack into RPM_BUILD_ROOT in %%install - kernel-{binary,source}.spec.in: do not create loop symlinks (bsc#1179082) - KVM: x86: reinstate vendor-agnostic check on SPEC_CTRL cpuid bits (bsc#1112178). - mac80211: allow rx of mesh eapol frames with default rx key (git-fixes). - mac80211: Check port authorization in the ieee80211_tx_dequeue() case (git-fixes). - mac80211: do not set set TDLS STA bandwidth wider than possible (git-fixes). - mac80211: fix authentication with iwlwifi/mvm (git-fixes). - mac80211: fix use of skb payload instead of header (git-fixes). - mac80211: mesh: fix mesh_pathtbl_init() error path (git-fixes). - matroxfb: avoid -Warray-bounds warning (git-fixes). - md-cluster: fix rmmod issue when md_cluster convert bitmap to none (bsc#1163727). - md-cluster: fix safemode_delay value when converting to clustered bitmap (bsc#1163727). - md-cluster: fix wild pointer of unlock_all_bitmaps() (bsc#1163727). - md/bitmap: fix memory leak of temporary bitmap (bsc#1163727). - md/bitmap: md_bitmap_get_counter returns wrong blocks (bsc#1163727). - md/bitmap: md_bitmap_read_sb uses wrong bitmap blocks (bsc#1163727). - md/cluster: block reshape with remote resync job (bsc#1163727). - md/cluster: fix deadlock when node is doing resync job (bsc#1163727). - md/raid5: fix oops during stripe resizing (git-fixes). - media: am437x-vpfe: Setting STD to current value is not an error (git-fixes). - media: cec-funcs.h: add status_req checks (git-fixes). - media: cx88: Fix some error handling path in 'cx8800_initdev()' (git-fixes). - media: gspca: Fix memory leak in probe (git-fixes). - media: i2c: mt9v032: fix enum mbus codes and frame sizes (git-fixes). - media: i2c: ov2659: Fix missing 720p register config (git-fixes). - media: i2c: ov2659: fix s_stream return value (git-fixes). - media: msi2500: assign SPI bus number dynamically (git-fixes). - media: mtk-vcodec: add missing put_device() call in mtk_vcodec_release_dec_pm() (git-fixes). - media: platform: add missing put_device() call in mtk_jpeg_probe() and mtk_jpeg_remove() (git-patches). - media: pvrusb2: Fix oops on tear-down when radio support is not present (git-fixes). - media: saa7146: fix array overflow in vidioc_s_audio() (git-fixes). - media: si470x-i2c: add missed operations in remove (git-fixes). - media: siano: fix memory leak of debugfs members in smsdvb_hotplug (git-fixes). - media: solo6x10: fix missing snd_card_free in error handling case (git-fixes). - media: sti: bdisp: fix a possible sleep-in-atomic-context bug in bdisp_device_run() (git-fixes). - media: sunxi-cir: ensure IR is handled when it is continuous (git-fixes). - media: ti-vpe: vpe: ensure buffers are cleaned up properly in abort cases (git-fixes). - media: ti-vpe: vpe: fix a v4l2-compliance failure about frame sequence number (git-fixes). - media: ti-vpe: vpe: fix a v4l2-compliance failure about invalid sizeimage (git-fixes). - media: ti-vpe: vpe: fix a v4l2-compliance failure causing a kernel panic (git-fixes). - media: ti-vpe: vpe: fix a v4l2-compliance warning about invalid pixel format (git-fixes). - media: ti-vpe: vpe: Make sure YUYV is set as default format (git-fixes). - media: v4l2-async: Fix trivial documentation typo (git-fixes). - media: v4l2-core: fix touch support in v4l_g_fmt (git-fixes). - media: v4l2-device.h: Explicitly compare grp{id,mask} to zero in v4l2_device macros (git-fixes). - mei: bus: do not clean driver pointer (git-fixes). - mei: protect mei_cl_mtu from null dereference (git-fixes). - memstick: fix a double-free bug in memstick_check (git-fixes). - memstick: r592: Fix error return in r592_probe() (git-fixes). - mfd: rt5033: Fix errorneous defines (git-fixes). - mfd: wm8994: Fix driver operation if loaded as modules (git-fixes). - mm,memory_failure: always pin the page in madvise_inject_error (bsc#1180258). - Move upstreamed bt fixes into sorted section - mwifiex: fix mwifiex_shutdown_sw() causing sw reset failure (git-fixes). - net: aquantia: Fix aq_vec_isr_legacy() return value (git-fixes). - net: aquantia: fix LRO with FCS error (git-fixes). - net: dsa: b53: Always use dev->vlan_enabled in b53_configure_vlan() (git-fixes). - net: dsa: b53: Ensure the default VID is untagged (git-fixes). - net: dsa: b53: Fix default VLAN ID (git-fixes). - net: dsa: b53: Properly account for VLAN filtering (git-fixes). - net: dsa: bcm_sf2: Do not assume DSA master supports WoL (git-fixes). - net: dsa: bcm_sf2: potential array overflow in bcm_sf2_sw_suspend() (git-fixes). - net: dsa: qca8k: remove leftover phy accessors (git-fixes). - net: ethernet: ti: cpsw: fix runtime_pm while add/kill vlan (git-fixes). - net: hisilicon: Fix signedness bug in hix5hd2_dev_probe() (git-fixes). - net: macb: add missing barriers when reading descriptors (git-fixes). - net: macb: fix dropped RX frames due to a race (git-fixes). - net: macb: fix error format in dev_err() (git-fixes). - net: macb: fix random memory corruption on RX with 64-bit DMA (git-fixes). - net: pasemi: fix an use-after-free in pasemi_mac_phy_init() (git-fixes). - net: phy: Avoid multiple suspends (git-fixes). - net: seeq: Fix the function used to release some memory in an error handling path (git-fixes). - net: sh_eth: fix a missing check of of_get_phy_mode (git-fixes). - net: sonic: replace dev_kfree_skb in sonic_send_packet (git-fixes). - net: sonic: return NETDEV_TX_OK if failed to map buffer (git-fixes). - net: stmmac: fix csr_clk can't be zero issue (git-fixes). - net: stmmac: Fix reception of Broadcom switches tags (git-fixes). - net: usb: sr9800: fix uninitialized local variable (git-fixes). - net:ethernet:aquantia: Extra spinlocks removed (git-fixes). - nfc: s3fwrn5: add missing release on skb in s3fwrn5_recv_frame (git-fixes). - nfc: s3fwrn5: Release the nfc firmware (git-fixes). - nfc: st95hf: Fix memleak in st95hf_in_send_cmd (git-fixes). - NFS: fix nfs_path in case of a rename retry (git-fixes). - NFSD: Add missing NFSv2 .pc_func methods (git-fixes). - NFSv4.2: fix client's attribute cache management for copy_file_range (git-fixes). - NFSv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag (git-fixes). - ocfs2: fix unbalanced locking (bsc#1180506). - orinoco: Move context allocation after processing the skb (git-fixes). - parport: load lowlevel driver if ports not found (git-fixes). - PCI/ASPM: Allow ASPM on links to PCIe-to-PCI/PCI-X Bridges (git-fixes). - PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge (git-fixes). - PCI: Do not disable decoding when mmio_always_on is set (git-fixes). - PCI: Fix pci_slot_release() NULL pointer dereference (git-fixes). - phy: Revert toggling reset changes (git-fixes). - pinctrl: amd: fix __iomem annotation in amd_gpio_irq_handler() (git-fixes). - pinctrl: amd: fix npins for uart0 in kerncz_groups (git-fixes). - pinctrl: amd: remove debounce filter setting in IRQ type setting (git-fixes). - pinctrl: baytrail: Avoid clearing debounce value when turning it off (git-fixes). - pinctrl: falcon: add missing put_device() call in pinctrl_falcon_probe() (git-fixes). - pinctrl: merrifield: Set default bias in case no particular value given (git-fixes). - pinctrl: sh-pfc: sh7734: Fix duplicate TCLK1_B (git-fixes). - platform/x86: acer-wmi: add automatic keyboard background light toggle key as KEY_LIGHTS_TOGGLE (git-fixes). - platform/x86: dell-smbios-base: Fix error return code in dell_smbios_init (git-fixes). - platform/x86: mlx-platform: Fix item counter assignment for MSN2700, MSN24xx systems (git-fixes). - platform/x86: mlx-platform: remove an unused variable (git-fixes). - platform/x86: mlx-platform: Remove PSU EEPROM from default platform configuration (git-fixes). - platform/x86: mlx-platform: Remove PSU EEPROM from MSN274x platform configuration (git-fixes). - PM / hibernate: memory_bm_find_bit(): Tighten node optimisation (git-fixes). - PM: ACPI: Output correct message on target power state (git-fixes). - PM: hibernate: Freeze kernel threads in software_resume() (git-fixes). - PM: hibernate: remove the bogus call to get_gendisk() in software_resume() (git-fixes). - pNFS/flexfiles: Fix list corruption if the mirror count changes (git-fixes). - power: supply: bq24190_charger: fix reference leak (git-fixes). - power: supply: bq27xxx_battery: Silence deferred-probe error (git-fixes). - powerpc/64: Set up a kernel stack for secondaries before cpu_restore() (bsc#1065729). - powerpc/64s/pseries: Fix hash tlbiel_all_isa300 for guest kernels (bsc#1179888 ltc#190253). - powerpc/64s: Fix hash ISA v3.0 TLBIEL instruction generation (bsc#1055117 ltc#159753 git-fixes bsc#1179888 ltc#190253). - powerpc/pci: Fix broken INTx configuration via OF (bsc#1172145 ltc#184630). - powerpc/pci: Remove legacy debug code (bsc#1172145 ltc#184630 git-fixes). - powerpc/pci: Remove LSI mappings on device teardown (bsc#1172145 ltc#184630). - powerpc/pci: Use of_irq_parse_and_map_pci() helper (bsc#1172145 ltc#184630). - powerpc/pseries/hibernation: remove redundant cacheinfo update (bsc#1138374 ltc#178199 git-fixes). - powerpc/pseries: Pass MSI affinity to irq_create_mapping() (bsc#1065729). - powerpc/smp: Add __init to init_big_cores() (bsc#1109695 ltc#171067 git-fixes). - powerpc/xmon: Change printk() to pr_cont() (bsc#1065729). - powerpc: Convert to using %pOF instead of full_name (bsc#1172145 ltc#184630). - powerpc: Fix incorrect stw{, ux, u, x} instructions in __set_pte_at (bsc#1065729). - ppp: remove the PPPIOCDETACH ioctl (git-fixes). - pwm: lp3943: Dynamically allocate PWM chip base (git-fixes). - radeon: insert 10ms sleep in dce5_crtc_load_lut (git-fixes). - ravb: Fix use-after-free ravb_tstamp_skb (git-fixes). - regmap: debugfs: check count when read regmap file (git-fixes). - regmap: dev_get_regmap_match(): fix string comparison (git-fixes). - regmap: Remove duplicate `type` field from regmap `regcache_sync` trace event (git-fixes). - regulator: max8907: Fix the usage of uninitialized variable in max8907_regulator_probe() (git-fixes). - regulator: pfuze100-regulator: Variable "val" in pfuze100_regulator_probe() could be uninitialized (git-fixes). - regulator: ti-abb: Fix timeout in ti_abb_wait_txdone/ti_abb_clear_all_txdone (git-fixes). - remoteproc: Fix wrong rvring index computation (git-fixes). - rfkill: Fix incorrect check to avoid NULL pointer dereference (git-fixes). - rtc: 88pm860x: fix possible race condition (git-fixes). - rtc: hym8563: enable wakeup when applicable (git-fixes). - rtl8xxxu: fix RTL8723BU connection failure issue after warm reboot (git-fixes). - rtlwifi: fix memory leak in rtl92c_set_fw_rsvdpagepkt() (git-fixes). - s390/dasd: fix hanging device offline processing (bsc#1144912). - scripts/lib/SUSE/MyBS.pm: properly close prjconf Macros: section - scsi: lpfc: Add FDMI Vendor MIB support (bsc#1164780). - scsi: lpfc: Convert abort handling to SLI-3 and SLI-4 handlers (bsc#1164780). - scsi: lpfc: Convert SCSI I/O completions to SLI-3 and SLI-4 handlers (bsc#1164780). - scsi: lpfc: Convert SCSI path to use common I/O submission path (bsc#1164780). - scsi: lpfc: Correct null ndlp reference on routine exit (bsc#1164780). - scsi: lpfc: Drop nodelist reference on error in lpfc_gen_req() (bsc#1164780). - scsi: lpfc: Enable common send_io interface for SCSI and NVMe (bsc#1164780). - scsi: lpfc: Enable common wqe_template support for both SCSI and NVMe (bsc#1164780). - scsi: lpfc: Enlarge max_sectors in scsi host templates (bsc#1164780). - scsi: lpfc: Extend the RDF FPIN Registration descriptor for additional events (bsc#1164780). - scsi: lpfc: Fix duplicate wq_create_version check (bsc#1164780). - scsi: lpfc: Fix fall-through warnings for Clang (bsc#1164780). - scsi: lpfc: Fix FLOGI/PLOGI receive race condition in pt2pt discovery (bsc#1164780). - scsi: lpfc: Fix invalid sleeping context in lpfc_sli4_nvmet_alloc() (bsc#1164780). - scsi: lpfc: Fix memory leak on lcb_context (bsc#1164780). - scsi: lpfc: Fix missing prototype for lpfc_nvmet_prep_abort_wqe() (bsc#1164780). - scsi: lpfc: Fix missing prototype warning for lpfc_fdmi_vendor_attr_mi() (bsc#1164780). - scsi: lpfc: Fix NPIV discovery and Fabric Node detection (bsc#1164780). - scsi: lpfc: Fix NPIV Fabric Node reference counting (bsc#1164780). - scsi: lpfc: Fix pointer defereference before it is null checked issue (bsc#1164780). - scsi: lpfc: Fix refcounting around SCSI and NVMe transport APIs (bsc#1164780). - scsi: lpfc: Fix removal of SCSI transport device get and put on dev structure (bsc#1164780). - scsi: lpfc: Fix scheduling call while in softirq context in lpfc_unreg_rpi (bsc#1164780). - scsi: lpfc: Fix set but not used warnings from Rework remote port lock handling (bsc#1164780). - scsi: lpfc: Fix set but unused variables in lpfc_dev_loss_tmo_handler() (bsc#1164780). - scsi: lpfc: Fix spelling mistake "Cant" -> "Can't" (bsc#1164780). - scsi: lpfc: Fix variable 'vport' set but not used in lpfc_sli4_abts_err_handler() (bsc#1164780). - scsi: lpfc: lpfc_attr: Demote kernel-doc format for redefined functions (bsc#1164780). - scsi: lpfc: lpfc_attr: Fix-up a bunch of kernel-doc misdemeanours (bsc#1164780). - scsi: lpfc: lpfc_debugfs: Fix a couple of function documentation issues (bsc#1164780). - scsi: lpfc: lpfc_scsi: Fix a whole host of kernel-doc issues (bsc#1164780). - scsi: lpfc: Refactor WQE structure definitions for common use (bsc#1164780). - scsi: lpfc: Reject CT request for MIB commands (bsc#1164780). - scsi: lpfc: Remove dead code on second !ndlp check (bsc#1164780). - scsi: lpfc: Remove ndlp when a PLOGI/ADISC/PRLI/REG_RPI ultimately fails (bsc#1164780). - scsi: lpfc: Remove set but not used 'qp' (bsc#1164780). - scsi: lpfc: Remove unneeded variable 'status' in lpfc_fcp_cpu_map_store() (bsc#1164780). - scsi: lpfc: Removed unused macros in lpfc_attr.c (bsc#1164780). - scsi: lpfc: Rework locations of ndlp reference taking (bsc#1164780). - scsi: lpfc: Rework remote port lock handling (bsc#1164780). - scsi: lpfc: Rework remote port ref counting and node freeing (bsc#1164780). - scsi: lpfc: Unsolicited ELS leaves node in incorrect state while dropping it (bsc#1164780). - scsi: lpfc: Update changed file copyrights for 2020 (bsc#1164780). - scsi: lpfc: Update lpfc version to 12.8.0.4 (bsc#1164780). - scsi: lpfc: Update lpfc version to 12.8.0.5 (bsc#1164780). - scsi: lpfc: Update lpfc version to 12.8.0.6 (bsc#1164780). - scsi: lpfc: Use generic power management (bsc#1164780). - scsi: qla2xxx: Change post del message from debug level to log level (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Convert to DEFINE_SHOW_ATTRIBUTE (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Do not check for fw_started while posting NVMe command (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Do not consume srb greedily (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Drop TARGET_SCF_LOOKUP_LUN_FROM_TAG (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix compilation issue in PPC systems (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix crash during driver load on big endian machines (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix device loss on 4G and older HBAs (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix flash update in 28XX adapters on big endian machines (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix FW initialization error on big endian machines (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix N2N and NVMe connect retry failure (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix return of uninitialized value in rval (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix the call trace for flush workqueue (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Handle aborts correctly for port undergoing deletion (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Handle incorrect entry_type entries (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: If fcport is undergoing deletion complete I/O with retry (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Initialize variable in qla8044_poll_reg() (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Limit interrupt vectors to number of CPUs (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Move sess cmd list/lock to driver (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Remove in_interrupt() from qla82xx-specific code (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Remove in_interrupt() from qla83xx-specific code (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: remove incorrect sparse #ifdef (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Remove trailing semicolon in macro definition (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Return EBUSY on fcport deletion (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Tear down session if FW say it is down (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Update version to 10.02.00.104-k (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Use constant when it is known (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: Remove unneeded break statements (bsc#1164780). - scsi: storvsc: Fix error return in storvsc_probe() (git-fixes). - scsi: target: tcm_qla2xxx: Remove BUG_ON(in_interrupt()) (bsc#1172538 bsc#1179142 bsc#1179810). - serial: 8250_omap: Avoid FIFO corruption caused by MDR1 access (git-fixes). - serial: 8250_pci: Add Realtek 816a and 816b (git-fixes). - serial: amba-pl011: Make sure we initialize the port.lock spinlock (git-fixes). - serial: ar933x_uart: set UART_CS_{RX,TX}_READY_ORIDE (git-fixes). - serial: txx9: add missing platform_driver_unregister() on error in serial_txx9_init (git-fixes). - serial_core: Check for port state when tty is in error state (git-fixes). - soc/tegra: fuse: Fix index bug in get_process_id (git-fixes). - soc: imx: gpc: fix power up sequencing (git-fixes). - soc: mediatek: Check if power domains can be powered on at boot time (git-fixes). - soc: qcom: smp2p: Safely acquire spinlock without IRQs (git-fixes). - soc: ti: Fix reference imbalance in knav_dma_probe (git-fixes). - soc: ti: knav_qmss: fix reference leak in knav_queue_probe (git-fixes). - spi: Add call to spi_slave_abort() function when spidev driver is released (git-fixes). - spi: bcm63xx-hsspi: fix missing clk_disable_unprepare() on error in bcm63xx_hsspi_resume (git-fixes). - spi: davinci: Fix use-after-free on unbind (git-fixes). - spi: dw: Enable interrupts in accordance with DMA xfer mode (git-fixes). - spi: dw: Fix Rx-only DMA transfers (git-fixes). - spi: dw: Return any value retrieved from the dma_transfer callback (git-fixes). - spi: Fix memory leak on splited transfers (git-fixes). - spi: img-spfi: fix potential double release (git-fixes). - spi: img-spfi: fix reference leak in img_spfi_resume (git-fixes). - spi: pic32: Do not leak DMA channels in probe error path (git-fixes). - spi: pxa2xx: Add missed security checks (git-fixes). - spi: spi-cavium-thunderx: Add missing pci_release_regions() (git-fixes). - spi: spi-loopback-test: Fix out-of-bounds read (git-fixes). - spi: spi-mem: Fix passing zero to 'PTR_ERR' warning (git-fixes). - spi: spi-mem: fix reference leak in spi_mem_access_start (git-fixes). - spi: spi-ti-qspi: fix reference leak in ti_qspi_setup (git-fixes). - spi: spidev: fix a potential use-after-free in spidev_release() (git-fixes). - spi: st-ssc4: add missed pm_runtime_disable (git-fixes). - spi: st-ssc4: Fix unbalanced pm_runtime_disable() in probe error path (git-fixes). - spi: tegra114: fix reference leak in tegra spi ops (git-fixes). - spi: tegra20-sflash: fix reference leak in tegra_sflash_resume (git-fixes). - spi: tegra20-slink: add missed clk_unprepare (git-fixes). - spi: tegra20-slink: fix reference leak in slink ops of tegra20 (git-fixes). - staging: comedi: check validity of wMaxPacketSize of usb endpoints found (git-fixes). - staging: comedi: gsc_hpdi: check dma_alloc_coherent() return value (git-fixes). - staging: comedi: mf6x4: Fix AI end-of-conversion detection (git-fixes). - staging: olpc_dcon: add a missing dependency (git-fixes). - staging: olpc_dcon: Do not call platform_device_unregister() in dcon_probe() (git-fixes). - staging: rtl8188eu: Add device code for TP-Link TL-WN727N v5.21 (git-fixes). - staging: rtl8188eu: Add device id for MERCUSYS MW150US v2 (git-fixes). - staging: rtl8188eu: fix possible null dereference (git-fixes). - staging: rtl8192u: fix multiple memory leaks on error path (git-fixes). - staging: vt6656: set usb_set_intfdata on driver fail (git-fixes). - staging: wlan-ng: fix out of bounds read in prism2sta_probe_usb() (git-fixes). - staging: wlan-ng: properly check endpoint types (git-fixes). - sunrpc: fixed rollback in rpc_gssd_dummy_populate() (git-fixes). - SUNRPC: Properly set the @subbuf parameter of xdr_buf_subsegment() (git-fixes). - SUNRPC: The RDMA back channel mustn't disappear while requests are outstanding (git-fixes). - thunderbolt: Use 32-bit writes when writing ring producer/consumer (git-fixes). - timer: Fix wheel index calculation on last level (git fixes) - timer: Prevent base->clk from moving backward (git-fixes) - tty: always relink the port (git-fixes). - tty: link tty and port before configuring it as console (git-fixes). - tty: synclink_gt: Adjust indentation in several functions (git-fixes). - tty: synclinkmp: Adjust indentation in several functions (git-fixes). - tty:serial:mvebu-uart:fix a wrong return (git-fixes). - uapi/if_ether.h: move __UAPI_DEF_ETHHDR libc define (git-fixes). - uapi/if_ether.h: prevent redefinition of struct ethhdr (git-fixes). - usb: add RESET_RESUME quirk for Snapscan 1212 (git-fixes). - usb: chipidea: ci_hdrc_imx: Pass DISABLE_DEVICE_STREAMING flag to imx6ul (git-fixes). - usb: dummy-hcd: Fix uninitialized array use in init() (git-fixes). - usb: dwc2: Fix IN FIFO allocation (git-fixes). - usb: dwc3: remove the call trace of USBx_GFLADJ (git-fixes). - usb: ehci-omap: Fix PM disable depth umbalance in ehci_hcd_omap_probe (git-fixes). - usb: Fix: Do not skip endpoint descriptors with maxpacket=0 (git-fixes). - usb: fsl: Check memory resource before releasing it (git-fixes). - usb: gadget: composite: Fix possible double free memory bug (git-fixes). - usb: gadget: configfs: fix concurrent issue between composite APIs (git-fixes). - usb: gadget: configfs: Fix missing spin_lock_init() (git-fixes). - usb: gadget: f_acm: add support for SuperSpeed Plus (git-fixes). - usb: gadget: f_midi: setup SuperSpeed Plus descriptors (git-fixes). - usb: gadget: f_rndis: fix bitrate for SuperSpeed and above (git-fixes). - usb: gadget: ffs: ffs_aio_cancel(): Save/restore IRQ flags (git-fixes). - usb: gadget: fix wrong endpoint desc (git-fixes). - usb: gadget: goku_udc: fix potential crashes in probe (git-fixes). - usb: gadget: net2280: fix memory leak on probe error handling paths (git-fixes). - usb: gadget: serial: fix Tx stall after buffer overflow (git-fixes). - usb: gadget: udc: fix possible sleep-in-atomic-context bugs in gr_probe() (git-fixes). - usb: gadget: udc: gr_udc: fix memleak on error handling path in gr_ep_init() (git-fixes). - usb: hso: Fix debug compile warning on sparc32 (git-fixes). - usb: ldusb: use unsigned size format specifiers (git-fixes). - usb: musb: omap2430: Get rid of musb .set_vbus for omap2430 glue (git-fixes). - usb: oxu210hp-hcd: Fix memory leak in oxu_create (git-fixes). - usb: serial: ch341: add new Product ID for CH341A (git-fixes). - usb: serial: ch341: sort device-id entries (git-fixes). - usb: serial: digi_acceleport: clean up modem-control handling (git-fixes). - usb: serial: digi_acceleport: clean up set_termios (git-fixes). - usb: serial: digi_acceleport: fix write-wakeup deadlocks (git-fixes). - usb: serial: digi_acceleport: remove in_interrupt() usage. - usb: serial: digi_acceleport: remove redundant assignment to pointer priv (git-fixes). - usb: serial: digi_acceleport: rename tty flag variable (git-fixes). - usb: serial: digi_acceleport: use irqsave() in USB's complete callback (git-fixes). - usb: serial: keyspan_pda: fix dropped unthrottle interrupts (git-fixes). - usb: serial: keyspan_pda: fix stalled writes (git-fixes). - usb: serial: keyspan_pda: fix tx-unthrottle use-after-free (git-fixes). - usb: serial: keyspan_pda: fix write deadlock (git-fixes). - usb: serial: keyspan_pda: fix write unthrottling (git-fixes). - usb: serial: keyspan_pda: fix write-wakeup use-after-free (git-fixes). - usb: serial: mos7720: fix parallel-port state restore (git-fixes). - usb: serial: option: add Fibocom NL668 variants (git-fixes). - usb: serial: option: add interface-number sanity check to flag handling (git-fixes). - usb: serial: option: add support for Thales Cinterion EXS82 (git-fixes). - usb: Skip endpoints with 0 maxpacket length (git-fixes). - usb: UAS: introduce a quirk to set no_write_same (git-fixes). - usb: usbfs: Suppress problematic bind and unbind uevents (git-fixes). - usblp: poison URBs upon disconnect (git-fixes). - usbnet: ipheth: fix connectivity with iOS 14 (git-fixes). - video: fbdev: neofb: fix memory leak in neo_scan_monitor() (git-fixes). - vt: do not hardcode the mem allocation upper bound (git-fixes). - vt: Reject zero-sized screen buffer size (git-fixes). - watchdog: coh901327: add COMMON_CLK dependency (git-fixes). - watchdog: da9062: do not ping the hw during stop() (git-fixes). - watchdog: da9062: No need to ping manually before setting timeout (git-fixes). - watchdog: qcom: Avoid context switch in restart handler (git-fixes). - watchdog: sirfsoc: Add missing dependency on HAS_IOMEM (git-fixes). - wimax: fix duplicate initializer warning (git-fixes). - wireless: Use linux/stddef.h instead of stddef.h (git-fixes). - wireless: Use offsetof instead of custom macro (git-fixes). - x86/apic: Fix integer overflow on 10 bit left shift of cpu_khz (bsc#1112178). - x86/insn-eval: Use new for_each_insn_prefix() macro to loop over prefixes bytes (bsc#1112178). - x86/mm/ident_map: Check for errors from ident_pud_init() (bsc#1112178). - x86/mm/mem_encrypt: Fix definition of PMD_FLAGS_DEC_WP (bsc#1112178). - x86/resctrl: Fix incorrect local bandwidth when mba_sc is enabled (bsc#1112178). - x86/resctrl: Remove unused struct mbm_state::chunks_bw (bsc#1112178). - x86/tracing: Introduce a static key for exception tracing (bsc#1179895). - x86/traps: Simplify pagefault tracing logic (bsc#1179895). - x86/uprobes: Do not use prefixes.nbytes when looping over prefixes.bytes (bsc#1112178). - xhci: Give USB2 ports time to enter U3 in bus suspend (git-fixes). - xprtrdma: fix incorrect header size calculations (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Realtime 15-SP1: zypper in -t patch SUSE-SLE-Module-RT-15-SP1-2021-95=1 Package List: - SUSE Linux Enterprise Module for Realtime 15-SP1 (noarch): kernel-devel-rt-4.12.14-14.47.1 kernel-source-rt-4.12.14-14.47.1 - SUSE Linux Enterprise Module for Realtime 15-SP1 (x86_64): cluster-md-kmp-rt-4.12.14-14.47.1 cluster-md-kmp-rt-debuginfo-4.12.14-14.47.1 dlm-kmp-rt-4.12.14-14.47.1 dlm-kmp-rt-debuginfo-4.12.14-14.47.1 gfs2-kmp-rt-4.12.14-14.47.1 gfs2-kmp-rt-debuginfo-4.12.14-14.47.1 kernel-rt-4.12.14-14.47.1 kernel-rt-base-4.12.14-14.47.1 kernel-rt-base-debuginfo-4.12.14-14.47.1 kernel-rt-debuginfo-4.12.14-14.47.1 kernel-rt-debugsource-4.12.14-14.47.1 kernel-rt-devel-4.12.14-14.47.1 kernel-rt-devel-debuginfo-4.12.14-14.47.1 kernel-rt_debug-debuginfo-4.12.14-14.47.1 kernel-rt_debug-debugsource-4.12.14-14.47.1 kernel-rt_debug-devel-4.12.14-14.47.1 kernel-rt_debug-devel-debuginfo-4.12.14-14.47.1 kernel-syms-rt-4.12.14-14.47.1 ocfs2-kmp-rt-4.12.14-14.47.1 ocfs2-kmp-rt-debuginfo-4.12.14-14.47.1 References: https://www.suse.com/security/cve/CVE-2020-0444.html https://www.suse.com/security/cve/CVE-2020-0465.html https://www.suse.com/security/cve/CVE-2020-0466.html https://www.suse.com/security/cve/CVE-2020-27068.html https://www.suse.com/security/cve/CVE-2020-27777.html https://www.suse.com/security/cve/CVE-2020-27825.html https://www.suse.com/security/cve/CVE-2020-29660.html https://www.suse.com/security/cve/CVE-2020-29661.html https://www.suse.com/security/cve/CVE-2020-36158.html https://bugzilla.suse.com/1040855 https://bugzilla.suse.com/1044120 https://bugzilla.suse.com/1044767 https://bugzilla.suse.com/1055117 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1094840 https://bugzilla.suse.com/1109695 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1115431 https://bugzilla.suse.com/1138374 https://bugzilla.suse.com/1144912 https://bugzilla.suse.com/1152457 https://bugzilla.suse.com/1163727 https://bugzilla.suse.com/1164780 https://bugzilla.suse.com/1171078 https://bugzilla.suse.com/1172145 https://bugzilla.suse.com/1172538 https://bugzilla.suse.com/1174784 https://bugzilla.suse.com/1178401 https://bugzilla.suse.com/1178762 https://bugzilla.suse.com/1179014 https://bugzilla.suse.com/1179015 https://bugzilla.suse.com/1179045 https://bugzilla.suse.com/1179082 https://bugzilla.suse.com/1179107 https://bugzilla.suse.com/1179142 https://bugzilla.suse.com/1179419 https://bugzilla.suse.com/1179444 https://bugzilla.suse.com/1179745 https://bugzilla.suse.com/1179810 https://bugzilla.suse.com/1179888 https://bugzilla.suse.com/1179895 https://bugzilla.suse.com/1179896 https://bugzilla.suse.com/1179960 https://bugzilla.suse.com/1179963 https://bugzilla.suse.com/1180027 https://bugzilla.suse.com/1180029 https://bugzilla.suse.com/1180031 https://bugzilla.suse.com/1180052 https://bugzilla.suse.com/1180086 https://bugzilla.suse.com/1180117 https://bugzilla.suse.com/1180258 https://bugzilla.suse.com/1180506 https://bugzilla.suse.com/1180559 From sle-updates at lists.suse.com Tue Jan 12 17:06:41 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Jan 2021 01:06:41 +0100 (CET) Subject: SUSE-RU-2021:0104-1: Recommended update for postgresql12 Message-ID: <20210113000641.D8B4DFEDA@maintenance.suse.de> SUSE Recommended Update: Recommended update for postgresql12 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0104-1 Rating: low References: #1178961 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for postgresql12 fixes the following issues: - Marked symlinks to pg_config and ecpg as ghost files, so that rpm doesn't complain when they are not there (bsc#1178961) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2021-104=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2021-104=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): libecpg6-12.5-3.18.1 libecpg6-debuginfo-12.5-3.18.1 postgresql12-contrib-12.5-3.18.1 postgresql12-contrib-debuginfo-12.5-3.18.1 postgresql12-debuginfo-12.5-3.18.1 postgresql12-debugsource-12.5-3.18.1 postgresql12-devel-12.5-3.18.1 postgresql12-devel-debuginfo-12.5-3.18.1 postgresql12-plperl-12.5-3.18.1 postgresql12-plperl-debuginfo-12.5-3.18.1 postgresql12-plpython-12.5-3.18.1 postgresql12-plpython-debuginfo-12.5-3.18.1 postgresql12-pltcl-12.5-3.18.1 postgresql12-pltcl-debuginfo-12.5-3.18.1 postgresql12-server-12.5-3.18.1 postgresql12-server-debuginfo-12.5-3.18.1 postgresql12-server-devel-12.5-3.18.1 postgresql12-server-devel-debuginfo-12.5-3.18.1 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (noarch): postgresql12-docs-12.5-3.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libpq5-12.5-3.18.1 libpq5-debuginfo-12.5-3.18.1 postgresql12-12.5-3.18.1 postgresql12-debuginfo-12.5-3.18.1 postgresql12-debugsource-12.5-3.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libpq5-32bit-12.5-3.18.1 libpq5-32bit-debuginfo-12.5-3.18.1 References: https://bugzilla.suse.com/1178961 From sle-updates at lists.suse.com Tue Jan 12 17:07:39 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Jan 2021 01:07:39 +0100 (CET) Subject: SUSE-RU-2021:0102-1: important: Recommended update for powerpc-utils Message-ID: <20210113000739.85472FEDA@maintenance.suse.de> SUSE Recommended Update: Recommended update for powerpc-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0102-1 Rating: important References: #1180540 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for powerpc-utils fixes the following issues: - Fix for 'sys_ident' to skip length field from search. (bsc#1180540 ltc#190620) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-102=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2021-102=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (ppc64le): powerpc-utils-1.3.7.1-3.24.1 powerpc-utils-debuginfo-1.3.7.1-3.24.1 powerpc-utils-debugsource-1.3.7.1-3.24.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (ppc64le): powerpc-utils-1.3.7.1-3.24.1 powerpc-utils-debuginfo-1.3.7.1-3.24.1 powerpc-utils-debugsource-1.3.7.1-3.24.1 References: https://bugzilla.suse.com/1180540 From sle-updates at lists.suse.com Tue Jan 12 17:08:36 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Jan 2021 01:08:36 +0100 (CET) Subject: SUSE-SU-2021:0099-1: important: Security update for openstack-dashboard, release-notes-suse-openstack-cloud Message-ID: <20210113000836.5A591FEDA@maintenance.suse.de> SUSE Security Update: Security update for openstack-dashboard, release-notes-suse-openstack-cloud ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0099-1 Rating: important References: #1179955 Cross-References: CVE-2020-29565 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openstack-dashboard, release-notes-suse-openstack-cloud fixes the following issues: - Fix open redirect (OSSA-2020-008, CVE-2020-29565) - Fix horizon-nodejs jobs. - Add workaround for secure boot issue when shim package is updated. (bsc#1179955) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-99=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-99=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-99=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): openstack-dashboard-12.0.5~dev6-3.29.1 python-horizon-12.0.5~dev6-3.29.1 release-notes-suse-openstack-cloud-8.20201214-3.26.1 - SUSE OpenStack Cloud 8 (noarch): openstack-dashboard-12.0.5~dev6-3.29.1 python-horizon-12.0.5~dev6-3.29.1 release-notes-suse-openstack-cloud-8.20201214-3.26.1 - HPE Helion Openstack 8 (noarch): openstack-dashboard-12.0.5~dev6-3.29.1 python-horizon-12.0.5~dev6-3.29.1 release-notes-hpe-helion-openstack-8.20201214-3.26.1 References: https://www.suse.com/security/cve/CVE-2020-29565.html https://bugzilla.suse.com/1179955 From sle-updates at lists.suse.com Wed Jan 13 07:16:31 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Jan 2021 15:16:31 +0100 (CET) Subject: SUSE-RU-2021:0110-1: important: Recommended update for supportutils-plugin-ses Message-ID: <20210113141631.CC075FCFA@maintenance.suse.de> SUSE Recommended Update: Recommended update for supportutils-plugin-ses ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0110-1 Rating: important References: #1179569 Affected Products: SUSE Enterprise Storage 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for supportutils-plugin-ses fixes the following issues: - Fix for cephadm.rc that requires installation of the `jq` package. (bsc#1179569) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2021-110=1 Package List: - SUSE Enterprise Storage 7 (noarch): supportutils-plugin-ses-7.0+git.1599032059.a673145-3.3.1 References: https://bugzilla.suse.com/1179569 From sle-updates at lists.suse.com Wed Jan 13 07:17:30 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Jan 2021 15:17:30 +0100 (CET) Subject: SUSE-RU-2021:0111-1: moderate: Recommended update for prometheus-ha_cluster_exporter Message-ID: <20210113141730.7F63CFCFA@maintenance.suse.de> SUSE Recommended Update: Recommended update for prometheus-ha_cluster_exporter ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0111-1 Rating: moderate References: TEAM-2169 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP2 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for prometheus-ha_cluster_exporter fixes the following issue: Update to version 1.2.1 - Remove Pacemaker dependency from systemd unit (jsc#TEAM-2169) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2021-111=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP2 (aarch64 ppc64le s390x x86_64): prometheus-ha_cluster_exporter-1.2.1+git.1606912430.4fceb77-3.9.1 References: From sle-updates at lists.suse.com Wed Jan 13 07:18:21 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Jan 2021 15:18:21 +0100 (CET) Subject: SUSE-SU-2021:0108-1: important: Security update for the Linux Kernel Message-ID: <20210113141821.D71FEFCFA@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0108-1 Rating: important References: #1040855 #1044120 #1044767 #1055117 #1065729 #1094840 #1109695 #1115431 #1138374 #1149032 #1152457 #1152472 #1152489 #1155518 #1156315 #1156395 #1163727 #1165933 #1167657 #1168952 #1171000 #1171078 #1171688 #1172145 #1172733 #1174486 #1175079 #1175480 #1176396 #1176942 #1177326 #1177500 #1177666 #1177679 #1177733 #1178049 #1178203 #1178270 #1178612 #1178660 #1178780 #1179107 #1179204 #1179419 #1179434 #1179435 #1179519 #1179575 #1179604 #1179652 #1179656 #1179670 #1179671 #1179672 #1179673 #1179675 #1179676 #1179677 #1179678 #1179679 #1179680 #1179681 #1179682 #1179683 #1179684 #1179685 #1179687 #1179688 #1179689 #1179690 #1179703 #1179704 #1179707 #1179709 #1179710 #1179711 #1179712 #1179713 #1179714 #1179715 #1179716 #1179745 #1179763 #1179888 #1179892 #1179896 #1179960 #1179963 #1180027 #1180029 #1180031 #1180052 #1180056 #1180086 #1180117 #1180258 #1180261 #1180349 #1180506 #1180541 #1180559 #1180566 Cross-References: CVE-2020-0444 CVE-2020-0465 CVE-2020-0466 CVE-2020-11668 CVE-2020-27068 CVE-2020-27777 CVE-2020-27825 CVE-2020-27830 CVE-2020-29370 CVE-2020-29373 CVE-2020-29660 CVE-2020-29661 CVE-2020-36158 Affected Products: SUSE Linux Enterprise Module for Realtime 15-SP2 ______________________________________________________________________________ An update that solves 13 vulnerabilities and has 89 fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559). - CVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960). - CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031). - CVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086). - CVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027). - CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029). - CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745). - CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745). - CVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107). - CVE-2020-29373: Fixed an unsafe handling of the root directory during path lookups in fs/io_uring.c (bnc#1179434). - CVE-2020-11668: Fixed the mishandling of invalid descriptors in the Xirlink camera USB driver (bnc#1168952). - CVE-2020-27830: Fixed a null pointer dereference in speakup (bsc#1179656). - CVE-2020-29370: Fixed a race condition in kmem_cache_alloc_bulk (bnc#1179435). The following non-security bugs were fixed: - ACPI: PNP: compare the string length in the matching_id() (git-fixes). - add reference to CVE and its bsc - ALSA/hda: apply jack fixup for the Acer Veriton N4640G/N6640G/N2510G (git-fixes). - ALSA: core: memalloc: add page alignment for iram (git-fixes). - ALSA: hda/ca0132 - Change Input Source enum strings (git-fixes). - ALSA: hda/ca0132 - Fix AE-5 rear headphone pincfg (git-fixes). - ALSA: hda/hdmi: always print pin NIDs as hexadecimal (git-fixes). - ALSA: hda/hdmi: packet buffer index must be set before reading value (git-fixes). - ALSA: hda/proc - print DP-MST connections (git-fixes). - ALSA: hda/realtek - Add supported for more Lenovo ALC285 Headset Button (git-fixes). - ALSA: hda/realtek - Enable headset mic of ASUS Q524UQK with ALC255 (git-fixes). - ALSA: hda/realtek - Enable headset mic of ASUS X430UN with ALC256 (git-fixes). - ALSA: hda/realtek: Add quirk for MSI-GP73 (git-fixes). - ALSA: hda/realtek: Apply jack fixup for Quanta NL3 (git-fixes). - ALSA: hda/realtek: make bass spk volume adjustable on a yoga laptop (git-fixes). - ALSA: hda: Fix regressions on clear and reconfig sysfs (git-fixes). - ALSA: pcm: oss: Fix a few more UBSAN fixes (git-fixes). - ALSA: pcm: oss: Fix potential out-of-bounds shift (git-fixes). - ALSA: rawmidi: Access runtime->avail always in spinlock (git-fixes). - ALSA: seq: remove useless function (git-fixes). - ALSA: usb-audio: Add generic implicit fb parsing (bsc#1178203). - ALSA: usb-audio: Add hw constraint for implicit fb sync (bsc#1178203). - ALSA: usb-audio: Add implicit fb support for Steinberg UR22 (git-fixes). - ALSA: usb-audio: Add implicit_fb module option (bsc#1178203). - ALSA: usb-audio: Add quirk for Pioneer DJ DDJ-SR2 (git-fixes). - ALSA: usb-audio: Add snd_usb_get_endpoint() helper (bsc#1178203). - ALSA: usb-audio: Add snd_usb_get_host_interface() helper (bsc#1178203). - ALSA: usb-audio: Add support for Pioneer DJ DDJ-RR controller (git-fixes). - ALSA: usb-audio: Add VID to support native DSD reproduction on FiiO devices (git-fixes). - ALSA: usb-audio: Always set up the parameters after resume (bsc#1178203). - ALSA: usb-audio: Avoid doubly initialization for implicit fb (bsc#1178203). - ALSA: usb-audio: Check implicit feedback EP generically for UAC2 (bsc#1178203). - ALSA: usb-audio: Check valid altsetting at parsing rates for UAC2/3 (bsc#1178203). - ALSA: usb-audio: Constify audioformat pointer references (bsc#1178203). - ALSA: usb-audio: Create endpoint objects at parsing phase (bsc#1178203). - ALSA: usb-audio: Disable sample read check if firmware does not give back (git-fixes). - ALSA: usb-audio: Do not call usb_set_interface() at trigger callback (bsc#1178203). - ALSA: usb-audio: Do not set altsetting before initializing sample rate (bsc#1178203). - ALSA: usb-audio: Drop debug.h (bsc#1178203). - ALSA: usb-audio: Drop keep_interface flag again (bsc#1178203). - ALSA: usb-audio: Drop unneeded snd_usb_substream fields (bsc#1178203). - ALSA: usb-audio: Factor out the implicit feedback quirk code (bsc#1178203). - ALSA: usb-audio: Fix control 'access overflow' errors from chmap (git-fixes). - ALSA: usb-audio: Fix EP matching for continuous rates (bsc#1178203). - ALSA: usb-audio: Fix MOTU M-Series quirks (bsc#1178203). - ALSA: usb-audio: Fix possible stall of implicit fb packet ring-buffer (bsc#1178203). - ALSA: usb-audio: Fix potential out-of-bounds shift (git-fixes). - ALSA: usb-audio: Fix quirks for other BOSS devices (bsc#1178203). - ALSA: usb-audio: Handle discrete rates properly in hw constraints (bsc#1178203). - ALSA: usb-audio: Improve some debug prints (bsc#1178203). - ALSA: usb-audio: Move snd_usb_autoresume() call out of setup_hw_info() (bsc#1178203). - ALSA: usb-audio: Pass snd_usb_audio object to quirk functions (bsc#1178203). - ALSA: usb-audio: Quirk for BOSS GT-001 (bsc#1178203). - ALSA: usb-audio: Refactor endpoint management (bsc#1178203). - ALSA: usb-audio: Refactoring endpoint URB deactivation (bsc#1178203). - ALSA: usb-audio: Replace slave/master terms (bsc#1178203). - ALSA: usb-audio: Set and clear sync EP link properly (bsc#1178203). - ALSA: usb-audio: Set callbacks via snd_usb_endpoint_set_callback() (bsc#1178203). - ALSA: usb-audio: Show sync endpoint information in proc outputs (bsc#1178203). - ALSA: usb-audio: Simplify hw_params rules (bsc#1178203). - ALSA: usb-audio: Simplify rate_min/max and rates set up (bsc#1178203). - ALSA: usb-audio: Simplify snd_usb_init_pitch() arguments (bsc#1178203). - ALSA: usb-audio: Simplify snd_usb_init_sample_rate() arguments (bsc#1178203). - ALSA: usb-audio: Stop both endpoints properly at error (bsc#1178203). - ALSA: usb-audio: Track implicit fb sync endpoint in audioformat list (bsc#1178203). - ALSA: usb-audio: Unify the code for the next packet size calculation (bsc#1178203). - ALSA: usb-audio: Use atomic_t for endpoint use_count (bsc#1178203). - ALSA: usb-audio: Use unsigned char for iface and altsettings fields (bsc#1178203). - ALSA: usb-audio: workaround for iface reset issue (bsc#1178203). - ASoC: amd: change clk_get() to devm_clk_get() and add missed checks (git-fixes). - ASoC: arizona: Fix a wrong free in wm8997_probe (git-fixes). - ASoC: cx2072x: Fix doubly definitions of Playback and Capture streams (git-fixes). - ASoC: jz4740-i2s: add missed checks for clk_get() (git-fixes). - ASoC: meson: fix COMPILE_TEST error (git-fixes). - ASoC: pcm: DRAIN support reactivation (git-fixes). - ASoC: SOF: control: fix size checks for ext_bytes control .get() (git-fixes). - ASoC: sun4i-i2s: Fix lrck_period computation for I2S justified mode (git-fixes). - ASoC: tegra20-spdif: remove "default m" (git-fixes). - ASoC: ti: davinci-mcasp: remove always zero of davinci_mcasp_get_dt_params (git-fixes). - ASoC: wm8998: Fix PM disable depth imbalance on error (git-fixes). - ASoC: wm_adsp: remove "ctl" from list on error in wm_adsp_create_control() (git-fixes). - ath10k: Fix an error handling path (git-fixes). - ath10k: Release some resources in an error handling path (git-fixes). - ath6kl: fix enum-conversion warning (git-fixes). - blk-mq: Remove 'running from the wrong CPU' warning (bsc#1174486). - block: return status code in blk_mq_end_request() (bsc#1171000, bsc#1165933). - Bluetooth: btmtksdio: Add the missed release_firmware() in mtk_setup_firmware() (git-fixes). - Bluetooth: btusb: Add the missed release_firmware() in btusb_mtk_setup_firmware() (git-fixes). - Bluetooth: Fix null pointer dereference in hci_event_packet() (git-fixes). - Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt() (git-fixes). - Bluetooth: hci_h5: fix memory leak in h5_close (git-fixes). - bpf: Fix bpf_put_raw_tracepoint()'s use of __module_address() (git-fixes). - btrfs: add missing check for nocow and compression inode flags (bsc#1178780). - btrfs: delete duplicated words + other fixes in comments (bsc#1180566). - btrfs: do not commit logs and transactions during link and rename operations (bsc#1180566). - btrfs: do not take the log_mutex of the subvolume when pinning the log (bsc#1180566). - btrfs: fix readahead hang and use-after-free after removing a device (bsc#1179963). - btrfs: fix use-after-free on readahead extent after failure to create it (bsc#1179963). - btrfs: qgroup: do not try to wait flushing if we're already holding a transaction (bsc#1179575). - bus: fsl-mc: fix error return code in fsl_mc_object_allocate() (git-fixes). - can: softing: softing_netdev_open(): fix error handling (git-fixes). - cfg80211: initialize rekey_data (git-fixes). - cifs: add NULL check for ses->tcon_ipc (bsc#1178270). - cifs: do not share tcons with DFS (bsc#1178270). - cifs: document and cleanup dfs mount (bsc#1178270). - cifs: ensure correct super block for DFS reconnect (bsc#1178270). - cifs: Fix an error pointer dereference in cifs_mount() (bsc#1178270). - cifs: fix check of tcon dfs in smb1 (bsc#1178270). - cifs: fix DFS mount with cifsacl/modefromsid (bsc#1178270). - cifs: fix double free error on share and prefix (bsc#1178270). - cifs: fix leaked reference on requeued write (bsc#1178270). - cifs: fix uninitialised lease_key in open_shroot() (bsc#1178270). - cifs: get rid of unused parameter in reconn_setup_dfs_targets() (bsc#1178270). - cifs: handle empty list of targets in cifs_reconnect() (bsc#1178270). - cifs: handle hostnames that resolve to same ip in failover (bsc#1178270). - cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1178270). - cifs: merge __{cifs,smb2}_reconnect[_tcon]() into cifs_tree_connect() (bsc#1178270). - cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#1178270). - cifs: reduce number of referral requests in DFS link lookups (bsc#1178270). - cifs: rename reconn_inval_dfs_target() (bsc#1178270). - cifs: set up next DFS target before generic_ip_connect() (bsc#1178270). - clk: at91: sam9x60: remove atmel,osc-bypass support (git-fixes). - clk: ingenic: Fix divider calculation with div tables (git-fixes). - clk: mediatek: Make mtk_clk_register_mux() a static function (git-fixes). - clk: mvebu: a3700: fix the XTAL MODE pin to MPP1_9 (git-fixes). - clk: renesas: r9a06g032: Drop __packed for portability (git-fixes). - clk: s2mps11: Fix a resource leak in error handling paths in the probe function (git-fixes). - clk: sunxi-ng: Make sure divider tables have sentinel (git-fixes). - clk: tegra: Do not return 0 on failure (git-fixes). - clk: tegra: Fix duplicated SE clock entry (git-fixes). - clk: ti: Fix memleak in ti_fapll_synth_setup (git-fixes). - clocksource/drivers/arm_arch_timer: Correct fault programming of CNTKCTL_EL1.EVNTI (git-fixes). - clocksource/drivers/arm_arch_timer: Use stable count reader in erratum sne (git-fixes). - clocksource/drivers/cadence_ttc: Fix memory leak in ttc_setup_clockevent() (git-fixes). - clocksource/drivers/orion: Add missing clk_disable_unprepare() on error path (git-fixes). - cpufreq: ap806: Add missing MODULE_DEVICE_TABLE (git-fixes). - cpufreq: highbank: Add missing MODULE_DEVICE_TABLE (git-fixes). - cpufreq: loongson1: Add missing MODULE_ALIAS (git-fixes). - cpufreq: mediatek: Add missing MODULE_DEVICE_TABLE (git-fixes). - cpufreq: scpi: Add missing MODULE_ALIAS (git-fixes). - cpufreq: st: Add missing MODULE_DEVICE_TABLE (git-fixes). - cpufreq: vexpress-spc: Add missing MODULE_ALIAS (git-fixes). - crypto: af_alg - avoid undefined behavior accessing salg_name (git-fixes). - crypto: atmel-i2c - select CONFIG_BITREVERSE (git-fixes). - crypto: crypto4xx - Replace bitwise OR with logical OR in crypto4xx_build_pd (git-fixes). - crypto: ecdh - avoid unaligned accesses in ecdh_set_secret() (git-fixes). - crypto: inside-secure - Fix sizeof() mismatch (git-fixes). - crypto: omap-aes - Fix PM disable depth imbalance in omap_aes_probe (git-fixes). - crypto: qat - fix status check in qat_hal_put_rel_rd_xfer() (git-fixes). - crypto: talitos - Endianess in current_desc_hdr() (git-fixes). - crypto: talitos - Fix return type of current_desc_hdr() (git-fixes). - cw1200: fix missing destroy_workqueue() on error in cw1200_init_common (git-fixes). - dmaengine: mv_xor_v2: Fix error return code in mv_xor_v2_probe() (git-fixes). - Documentation: seqlock: s/LOCKTYPE/LOCKNAME/g (git-fixes). - drivers: soc: ti: knav_qmss_queue: Fix error return code in knav_queue_probe (git-fixes). - drm/amd/display: Fix wrong return value in dm_update_plane_state() (bsc#1152489) - drm/amdgpu: pass NULL pointer instead of 0 (bsc#1152489) Backporting changes: * context fixes - drm/crc-debugfs: Fix memleak in crc_control_write (bsc#1152472) - drm/gma500: fix error check (bsc#1152472) Backporting changes: * context fixes - drm/i915/gem: Avoid implicit vmap for highmem on x86-32 (bsc#1152489) Backporting changes: * context fixes - drm/i915: Fix sha_text population code (bsc#1152489) Backporting changes: * context fixes * adapted I/O functions to old driver - drm/imx: tve remove extraneous type qualifier (bsc#1152489) - drm/mediatek: Add exception handing in mtk_drm_probe() if component (bsc#1152472) - drm/mediatek: Add missing put_device() call in (bsc#1152472) - drm/mediatek: Add missing put_device() call in mtk_drm_kms_init() (bsc#1152472) Backporting changes: * context fixes * adapted to function layout - drm/msm: Avoid div-by-zero in dpu_crtc_atomic_check() (bsc#1152489) - drm/msm: Drop debug print in _dpu_crtc_setup_lm_bounds() (bsc#1152489) Backporting changes: * context fixes - drm/panfrost: Ensure GPU quirks are always initialised (bsc#1152489) - drm/panfrost: increase readl_relaxed_poll_timeout values (bsc#1152472) Backporting changes: * context fixes - drm/radeon: Prefer lower feedback dividers (bsc#1152489) - drm/sun4i: sun8i-csc: Secondary CSC register correction (bsc#1152489) - drm/vc4/vc4_hdmi: fill ASoC card owner (bsc#1152489) - drm/vc4: crtc: Rework a bit the CRTC state code (bsc#1152472) Backporting changes: * context fixes - drm/vc4: hdmi: Avoid sleeping in atomic context (bsc#1152489) Backporting changes: * context fixes - drm/vkms: fix xrgb on compute crc (bsc#1152472) Backporting changes: * changed filename from vkms_composer.c to vkms_crc.c * context fixes - drm: mxsfb: check framebuffer pitch (bsc#1152472) Backporting changes: * context fixes - drm: mxsfb: Remove fbdev leftovers (bsc#1152472) Backporting changes: * context fixes - drm: panel: Fix bpc for OrtusTech COM43H4M85ULC panel (bsc#1152489) - drm: panel: Fix bus format for OrtusTech COM43H4M85ULC panel (bsc#1152472) Backporting changes: * context fixes - drm: rcar-du: Put reference to VSP device (bsc#1152489) - EDAC/amd64: Do not load on family 0x15, model 0x13 (bsc#1179763). - EDAC/i10nm: Use readl() to access MMIO registers (bsc#1152489). - EDAC/mce_amd: Use struct cpuinfo_x86.cpu_die_id for AMD NodeId (bsc#1152489). - epoll: Keep a reference on files added to the check list (bsc#1180031). - ext4: correctly report "not supported" for {usr,grp}jquota when !CONFIG_QUOTA (bsc#1179672). - ext4: fix bogus warning in ext4_update_dx_flag() (bsc#1179716). - ext4: fix leaking sysfs kobject after failed mount (bsc#1179670). - ext4: limit entries returned when counting fsmap records (bsc#1179671). - ext4: unlock xattr_sem properly in ext4_inline_data_truncate() (bsc#1179673). - extcon: max77693: Fix modalias string (git-fixes). - fail_function: Remove a redundant mutex unlock (bsc#1149032). - fbcon: Remove the superfluous break (bsc#1152472) - fix regression in "epoll: Keep a reference on files added to the check list" (bsc#1180031, git-fixes). - fs/minix: check return value of sb_getblk() (bsc#1179676). - fs/minix: do not allow getting deleted inodes (bsc#1179677). - fs/minix: fix block limit check for V1 filesystems (bsc#1179680). - fs/minix: reject too-large maximum file size (bsc#1179678). - fs/minix: remove expected error message in block_to_path() (bsc#1179681). - fs/minix: set s_maxbytes correctly (bsc#1179679). - fs/ufs: avoid potential u32 multiplication overflow (bsc#1179682). - fs: Do not invalidate page buffers in block_write_full_page() (bsc#1179711). - ftrace: Fix updating FTRACE_FL_TRAMP (git-fixes). - genirq/irqdomain: Add an irq_create_mapping_affinity() function (bsc#1065729). - genirq/matrix: Deal with the sillyness of for_each_cpu() on UP (bsc#1156315). - gpio: mvebu: fix potential user-after-free on probe (git-fixes). - gpio: mvebu: update Armada XP per-CPU comment (git-fixes). - HID: i2c-hid: add Vero K147 to descriptor override (git-fixes). - HMAT: Register memory-side cache after parsing (bsc#1178660). - HMAT: Skip publishing target info for nodes with no online memory (bsc#1178660). - HSI: omap_ssi: Do not jump to free ID in ssi_add_controller() (git-fixes). - IB/isert: Fix unaligned immediate-data handling (bsc#1152489) - IB/mlx4: Add and improve logging (bsc#1152489) - IB/mlx4: Add support for MRA (bsc#1152489) - IB/mlx4: Adjust delayed work when a dup is observed (bsc#1152489) - IB/mlx4: Fix starvation in paravirt mux/demux (bsc#1152489) - IB/mthca: fix return value of error branch in mthca_init_cq() (bsc#1152489) - IB/rdmavt: Fix sizeof mismatch (bsc#1152489) - IB/srpt: Fix memory leak in srpt_add_one (bsc#1152489) - IB/uverbs: Set IOVA on IB MR in uverbs layer (bsc#1152489) - ibmvnic: add some debugs (bsc#1179896 ltc#190255). - ibmvnic: avoid memset null scrq msgs (bsc#1044767 ltc#155231 git-fixes). - ibmvnic: continue fatal error reset after passive init (bsc#1171078 ltc#184239 git-fixes). - ibmvnic: delay next reset if hard reset fails (bsc#1094840 ltc#167098 git-fixes). - ibmvnic: enhance resetting status check during module exit (bsc#1065729). - ibmvnic: fix call_netdevice_notifiers in do_reset (bsc#1115431 ltc#171853 git-fixes). - ibmvnic: fix NULL pointer dereference in reset_sub_crq_queues (bsc#1040855 ltc#155067 git-fixes). - ibmvnic: fix: NULL pointer dereference (bsc#1044767 ltc#155231 git-fixes). - ibmvnic: notify peers when failover and migration happen (bsc#1044120 ltc#155423 git-fixes). - ibmvnic: restore adapter state on failed reset (bsc#1152457 ltc#174432 git-fixes). - iio: adc: rockchip_saradc: fix missing clk_disable_unprepare() on error in rockchip_saradc_resume (git-fixes). - iio: buffer: Fix demux update (git-fixes). - iio: hrtimer-trigger: Mark hrtimer to expire in hard interrupt context (git-fixes). - iio:adc:ti-ads124s08: Fix alignment and data leak issues (git-fixes). - iio:adc:ti-ads124s08: Fix buffer being too long (git-fixes). - iio:imu:bmi160: Fix too large a buffer (git-fixes). - iio:light:rpr0521: Fix timestamp alignment and prevent data leak (git-fixes). - iio:light:st_uvis25: Fix timestamp alignment and prevent data leak (git-fixes). - iio:magnetometer:mag3110: Fix alignment and data leak issues (git-fixes). - iio:pressure:mpl3115: Force alignment of buffer (git-fixes). - inet_ecn: Fix endianness of checksum update when setting ECT(1) (git-fixes). - Input: ads7846 - fix integer overflow on Rt calculation (git-fixes). - Input: ads7846 - fix race that causes missing releases (git-fixes). - Input: ads7846 - fix unaligned access on 7845 (git-fixes). - Input: cm109 - do not stomp on control URB (git-fixes). - Input: cros_ec_keyb - send 'scancodes' in addition to key events (git-fixes). - Input: cyapa_gen6 - fix out-of-bounds stack access (git-fixes). - Input: goodix - add upside-down quirk for Teclast X98 Pro tablet (git-fixes). - Input: i8042 - add Acer laptops to the i8042 reset list (git-fixes). - Input: i8042 - add ByteSpeed touchpad to noloop table (git-fixes). - Input: omap4-keypad - fix runtime PM error handling (git-fixes). - Input: xpad - support Ardwiino Controllers (git-fixes). - iomap: Clear page error before beginning a write (bsc#1179683). - iomap: Mark read blocks uptodate in write_begin (bsc#1179684). - iomap: Set all uptodate bits for an Uptodate page (bsc#1179685). - iommu/amd: Set DTE[IntTabLen] to represent 512 IRTEs (bsc#1179652). - iwlwifi: mvm: fix kernel panic in case of assert during CSA (git-fixes). - iwlwifi: mvm: hook up missing RX handlers (git-fixes). - iwlwifi: pcie: add one missing entry for AX210 (git-fixes). - iwlwifi: pcie: limit memory read spin time (git-fixes). - jbd2: fix up sparse warnings in checkpoint code (bsc#1179707). - kABI: genirq: add back irq_create_mapping (bsc#1065729). - kernel/cpu: add arch override for clear_tasks_mm_cpumask() mm handling (bsc#1055117 ltc#159753 git-fixes bsc#1179888 ltc#190253). - KVM: PPC: Book3S HV: XIVE: Fix possible oops when accessing ESB page (bsc#1156395). - lan743x: fix for potential NULL pointer dereference with bare card (git-fixes). - libfs: fix error cast of negative value in simple_attr_write() (bsc#1179709). - locking/percpu-rwsem: Use this_cpu_{inc,dec}() for read_count (bsc#1149032). - mac80211: do not set set TDLS STA bandwidth wider than possible (git-fixes). - mac80211: mesh: fix mesh_pathtbl_init() error path (git-fixes). - md-cluster: fix rmmod issue when md_cluster convert bitmap to none (bsc#1163727). - md-cluster: fix safemode_delay value when converting to clustered bitmap (bsc#1163727). - md-cluster: fix wild pointer of unlock_all_bitmaps() (bsc#1163727). - md/bitmap: fix memory leak of temporary bitmap (bsc#1163727). - md/bitmap: md_bitmap_get_counter returns wrong blocks (bsc#1163727). - md/bitmap: md_bitmap_read_sb uses wrong bitmap blocks (bsc#1163727). - md/cluster: block reshape with remote resync job (bsc#1163727). - md/cluster: fix deadlock when node is doing resync job (bsc#1163727). - media: gspca: Fix memory leak in probe (git-fixes). - media: imx214: Fix stop streaming (git-fixes). - media: ipu3-cio2: Make the field on subdev format V4L2_FIELD_NONE (git-fixes). - media: ipu3-cio2: Remove traces of returned buffers (git-fixes). - media: ipu3-cio2: Return actual subdev format (git-fixes). - media: ipu3-cio2: Serialise access to pad format (git-fixes). - media: ipu3-cio2: Validate mbus format in setting subdev format (git-fixes). - media: max2175: fix max2175_set_csm_mode() error code (git-fixes). - media: msi2500: assign SPI bus number dynamically (git-fixes). - media: mtk-vcodec: add missing put_device() call in mtk_vcodec_init_dec_pm() (git-fixes). - media: mtk-vcodec: add missing put_device() call in mtk_vcodec_init_enc_pm() (git-fixes). - media: mtk-vcodec: add missing put_device() call in mtk_vcodec_release_dec_pm() (git-fixes). - media: saa7146: fix array overflow in vidioc_s_audio() (git-fixes). - media: siano: fix memory leak of debugfs members in smsdvb_hotplug (git-fixes). - media: solo6x10: fix missing snd_card_free in error handling case (git-fixes). - media: sunxi-cir: ensure IR is handled when it is continuous (git-fixes). - media: tm6000: Fix sizeof() mismatches (git-fixes). - media: uvcvideo: Accept invalid bFormatIndex and bFrameIndex values (bsc#1180117). - memstick: fix a double-free bug in memstick_check (git-fixes). - memstick: r592: Fix error return in r592_probe() (git-fixes). - mfd: rt5033: Fix errorneous defines (git-fixes). - mm,memory_failure: always pin the page in madvise_inject_error (bsc#1180258). - mm/error_inject: Fix allow_error_inject function signatures (bsc#1179710). - mm/memory_hotplug: shrink zones when offlining memory (bsc#1177679). - mm/userfaultfd: do not access vma->vm_mm after calling handle_userfault() (bsc#1179204). - mm: memcg: fix memcg reclaim soft lockup (VM Functionality, bsc#1180056). - mmc: block: Fixup condition for CMD13 polling for RPMB requests (git-fixes). - mmc: pxamci: Fix error return code in pxamci_probe (git-fixes). - mtd: rawnand: gpmi: fix reference count leak in gpmi ops (git-fixes). - mtd: rawnand: gpmi: Fix the random DMA timeout issue (git-fixes). - mtd: rawnand: meson: Fix a resource leak in init (git-fixes). - mtd: rawnand: meson: fix meson_nfc_dma_buffer_release() arguments (git-fixes). - mtd: rawnand: qcom: Fix DMA sync on FLASH_STATUS register read (git-fixes). - mtd: spinand: Fix OOB read (git-fixes). - mwifiex: fix mwifiex_shutdown_sw() causing sw reset failure (git-fixes). - nfc: s3fwrn5: Release the nfc firmware (git-fixes). - nvme-fabrics: allow to queue requests for live queues (git-fixes). - nvme-fabrics: do not check state NVME_CTRL_NEW for request acceptance (bsc#1179519). - nvme-fc: avoid calling _nvme_fc_abort_outstanding_ios from interrupt context (bsc#1177326). - nvme-fc: cancel async events before freeing event struct (git-fixes). - nvme-fc: eliminate terminate_io use by nvme_fc_error_recovery (bsc#1177326). - nvme-fc: fix error loop in create_hw_io_queues (git-fixes). - nvme-fc: fix io timeout to abort I/O (bsc#1177326). - nvme-fc: remove err_work work item (bsc#1177326). - nvme-fc: remove nvme_fc_terminate_io() (bsc#1177326). - nvme-fc: shorten reconnect delay if possible for FC (git-fixes). - nvme-fc: track error_recovery while connecting (bsc#1177326). - nvme-fc: wait for queues to freeze before calling (git-fixes). - nvme-multipath: fix deadlock between ana_work and scan_work (git-fixes). - nvme-multipath: fix deadlock due to head->lock (git-fixes). - nvme-pci: properly print controller address (git-fixes). - nvme-rdma: avoid race between time out and tear down (bsc#1179519). - nvme-rdma: avoid repeated request completion (bsc#1179519). - nvme-rdma: cancel async events before freeing event struct (git-fixes). - nvme-rdma: fix controller reset hang during traffic (bsc#1179519). - nvme-rdma: fix reset hang if controller died in the middle of a reset (bsc#1179519). - nvme-rdma: fix timeout handler (bsc#1179519). - nvme-rdma: handle unexpected nvme completion data length (bsc#1178612). - nvme-rdma: serialize controller teardown sequences (bsc#1179519). - nvme-tcp: avoid race between time out and tear down (bsc#1179519). - nvme-tcp: avoid repeated request completion (bsc#1179519). - nvme-tcp: avoid scheduling io_work if we are already polling (bsc#1179519). - nvme-tcp: break from io_work loop if recv failed (bsc#1179519). - nvme-tcp: cancel async events before freeing event struct (git-fixes). - nvme-tcp: do not poll a non-live queue (bsc#1179519). - nvme-tcp: fix controller reset hang during traffic (bsc#1179519). - nvme-tcp: fix possible crash in recv error flow (bsc#1179519). - nvme-tcp: fix possible leakage during error flow (git-fixes). - nvme-tcp: fix reset hang if controller died in the middle of a reset (bsc#1179519). - nvme-tcp: fix timeout handler (bsc#1179519). - nvme-tcp: have queue prod/cons send list become a llist (bsc#1179519). - nvme-tcp: leverage request plugging (bsc#1179519). - nvme-tcp: move send failure to nvme_tcp_try_send (bsc#1179519). - nvme-tcp: optimize network stack with setting msg flags (bsc#1179519). - nvme-tcp: optimize queue io_cpu assignment for multiple queue (git-fixes). - nvme-tcp: serialize controller teardown sequences (bsc#1179519). - nvme-tcp: set MSG_SENDPAGE_NOTLAST with MSG_MORE when we have (bsc#1179519). - nvme-tcp: try to send request in queue_rq context (bsc#1179519). - nvme-tcp: use bh_lock in data_ready (bsc#1179519). - nvme: do not protect ns mutation with ns->head->lock (git-fixes). - nvme: have nvme_wait_freeze_timeout return if it timed out (bsc#1179519). - nvme: introduce nvme_sync_io_queues (bsc#1179519). - nvme: Revert: Fix controller creation races with teardown (git-fixes). - nvmet-fc: fix missing check for no hostport struct (bsc#1176942). - nvmet-tcp: fix maxh2cdata icresp parameter (bsc#1179892). - ocfs2: fix unbalanced locking (bsc#1180506). - orinoco: Move context allocation after processing the skb (git-fixes). - PCI: brcmstb: Initialize "tmp" before use (git-fixes). - PCI: Fix overflow in command-line resource alignment requests (git-fixes). - PCI: Fix pci_slot_release() NULL pointer dereference (git-fixes). - PCI: iproc: Fix out-of-bound array accesses (git-fixes). - pinctrl: amd: remove debounce filter setting in IRQ type setting (git-fixes). - pinctrl: aspeed: Fix GPIO requests on pass-through banks (git-fixes). - pinctrl: baytrail: Avoid clearing debounce value when turning it off (git-fixes). - pinctrl: falcon: add missing put_device() call in pinctrl_falcon_probe() (git-fixes). - pinctrl: merrifield: Set default bias in case no particular value given (git-fixes). - platform/chrome: cros_ec_spi: Do not overwrite spi::mode (git-fixes). - platform/x86: acer-wmi: add automatic keyboard background light toggle key as KEY_LIGHTS_TOGGLE (git-fixes). - platform/x86: dell-smbios-base: Fix error return code in dell_smbios_init (git-fixes). - platform/x86: intel-vbtn: Allow switch events on Acer Switch Alpha 12 (git-fixes). - platform/x86: intel-vbtn: Support for tablet mode on HP Pavilion 13 x360 PC (git-fixes). - platform/x86: mlx-platform: Fix item counter assignment for MSN2700, MSN24xx systems (git-fixes). - platform/x86: mlx-platform: remove an unused variable (git-fixes). - platform/x86: mlx-platform: Remove PSU EEPROM from default platform configuration (git-fixes). - platform/x86: mlx-platform: Remove PSU EEPROM from MSN274x platform configuration (git-fixes). - platform/x86: thinkpad_acpi: Add BAT1 is primary battery quirk for Thinkpad Yoga 11e 4th gen (git-fixes). - platform/x86: thinkpad_acpi: Do not report SW_TABLET_MODE on Yoga 11e (git-fixes). - platform/x86: touchscreen_dmi: Add info for the Irbis TW118 tablet (git-fixes). - power: supply: axp288_charger: Fix HP Pavilion x2 10 DMI matching (git-fixes). - power: supply: bq24190_charger: fix reference leak (git-fixes). - powerpc/64: Set up a kernel stack for secondaries before cpu_restore() (bsc#1065729). - powerpc/64s/powernv: Fix memory corruption when saving SLB entries on MCE (jsc#SLE-9246 git-fixes). - powerpc/64s/pseries: Fix hash tlbiel_all_isa300 for guest kernels (bsc#1179888 ltc#190253). - powerpc/64s: Fix allnoconfig build since uaccess flush (bsc#1177666 git-fixes). - powerpc/64s: Fix hash ISA v3.0 TLBIEL instruction generation (bsc#1055117 ltc#159753 git-fixes bsc#1179888 ltc#190253). - powerpc/64s: Trim offlined CPUs from mm_cpumasks (bsc#1055117 ltc#159753 git-fixes bsc#1179888 ltc#190253). - powerpc/bitops: Fix possible undefined behaviour with fls() and fls64() (bsc#1156395). - powerpc/eeh_cache: Fix a possible debugfs deadlock (bsc#1156395). - powerpc/pci: Remove LSI mappings on device teardown (bsc#1172145 ltc#184630). - powerpc/pseries/hibernation: remove redundant cacheinfo update (bsc#1138374 ltc#178199 git-fixes). - powerpc/pseries: Pass MSI affinity to irq_create_mapping() (bsc#1065729). - powerpc/smp: Add __init to init_big_cores() (bsc#1109695 ltc#171067 git-fixes). - powerpc/xmon: Change printk() to pr_cont() (bsc#1065729). - powerpc: Avoid broken GCC __attribute__((optimize)) (bsc#1156395). - powerpc: Fix incorrect stw{, ux, u, x} instructions in __set_pte_at (bsc#1065729). - pwm: lp3943: Dynamically allocate PWM chip base (git-fixes). - pwm: zx: Add missing cleanup in error path (git-fixes). - qede: Notify qedr when mtu has changed (bsc#1152489) - qtnfmac: fix error return code in qtnf_pcie_probe() (git-fixes). - quota: clear padding in v2r1_mem2diskdqb() (bsc#1179714). - RDMA/addr: Fix race with netevent_callback()/rdma_addr_cancel() (bsc#1152489) - RDMA/bnxt_re: Do not add user qps to flushlist (bsc#1152489) - RDMA/bnxt_re: Fix sizeof mismatch for allocation of pbl_tbl. (bsc#1152489) - RDMA/core: Fix bogus WARN_ON during ib_unregister_device_queued() (bsc#1152489) - RDMA/core: Fix reported speed and width (bsc#1152489) - RDMA/core: Fix return error value in _ib_modify_qp() to negative (bsc#1152489) - RDMA/core: Free DIM memory in error unwind (bsc#1152489) - RDMA/core: Stop DIM before destroying CQ (bsc#1152489) - RDMA/counter: Allow manually bind QPs with different pids to same counter (bsc#1152489) - RDMA/counter: Only bind user QPs in auto mode (bsc#1152489) - RDMA/hns: Add check for the validity of sl configuration (bsc#1152489) - RDMA/hns: Bugfix for memory window mtpt configuration (bsc#1152489) - RDMA/hns: Correct typo of hns_roce_create_cq() (bsc#1152489) - RDMA/hns: Fix missing sq_sig_type when querying QP (bsc#1152489) - RDMA/hns: Set the unsupported wr opcode (bsc#1152489) - RDMA/ipoib: Set rtnl_link_ops for ipoib interfaces (bsc#1152489) - RDMA/mlx5: Disable IB_DEVICE_MEM_MGT_EXTENSIONS if IB_WR_REG_MR can't work (bsc#1152489) - RDMA/netlink: Remove CAP_NET_RAW check when dump a raw QP (bsc#1152489) - RDMA/pvrdma: Fix missing kfree() in pvrdma_register_device() (bsc#1152489) - RDMA/qedr: Endianness warnings cleanup (bsc#1152489) - RDMA/qedr: Fix doorbell setting (bsc#1152489) - RDMA/qedr: Fix inline size returned for iWARP (bsc#1152489) - RDMA/qedr: Fix iWARP active mtu display (bsc#1152489) - RDMA/qedr: Fix memory leak in iWARP CM (bsc#1152489) - RDMA/qedr: Fix qp structure memory leak (bsc#1152489) - RDMA/qedr: Fix resource leak in qedr_create_qp (bsc#1152489) - RDMA/qedr: Fix use of uninitialized field (bsc#1152489) - RDMA/qedr: SRQ's bug fixes (bsc#1152489) - RDMA/rxe: Drop pointless checks in rxe_init_ports (bsc#1152489) - RDMA/rxe: Fix memleak in rxe_mem_init_user (bsc#1152489) - RDMA/rxe: Fix skb lifetime in rxe_rcv_mcast_pkt() (bsc#1152489) - RDMA/rxe: Fix the parent sysfs read when the interface has 15 chars (bsc#1152489) - RDMA/rxe: Handle skb_clone() failure in rxe_recv.c (bsc#1152489) - RDMA/rxe: Prevent access to wr->next ptr afrer wr is posted to send queue (bsc#1152489) - RDMA/rxe: Remove unused rxe_mem_map_pages (bsc#1152489) - RDMA/rxe: Return void from rxe_init_port_param() (bsc#1152489) - RDMA/rxe: Return void from rxe_mem_init_dma() (bsc#1152489) - RDMA/rxe: Skip dgid check in loopback mode (bsc#1152489) - RDMA/srpt: Fix typo in srpt_unregister_mad_agent docstring (bsc#1152489) - RDMA/umem: Fix ib_umem_find_best_pgsz() for mappings that cross a page boundary (bsc#1152489) - RDMA/umem: Prevent small pages from being returned by ib_umem_find_best_pgsz() (bsc#1152489) - Re-import the upstream uvcvideo fix; one more fix will be added later (bsc#1180117) - regmap: Remove duplicate `type` field from regmap `regcache_sync` trace event (git-fixes). - regulator: axp20x: Fix DLDO2 voltage control register mask for AXP22x (git-fixes). - regulator: mcp16502: add linear_min_sel (git-fixes). - reiserfs: Fix oops during mount (bsc#1179715). - reiserfs: Initialize inode keys properly (bsc#1179713). - remoteproc: q6v5-mss: fix error handling in q6v5_pds_enable (git-fixes). - remoteproc: qcom: Fix potential NULL dereference in adsp_init_mmio() (git-fixes). - remoteproc: qcom: fix reference leak in adsp_start (git-fixes). - rsi: fix error return code in rsi_reset_card() (git-fixes). - rtc: ep93xx: Fix NULL pointer dereference in ep93xx_rtc_read_time (git-fixes). - rtc: hym8563: enable wakeup when applicable (git-fixes). - s390/cpuinfo: show processor physical address (git-fixes). - s390/pci: fix CPU address in MSI for directed IRQ (git-fixes). - s390/qeth: delay draining the TX buffers (git-fixes). - s390/qeth: fix af_iucv notification race (git-fixes). - s390/qeth: fix tear down of async TX buffers (git-fixes). - s390/qeth: make af_iucv TX notification call more robust (bsc#1179604 LTC#190151). - s390: add 3f program exception handler (git-fixes). - samples/bpf: Remove unused test_ipip.sh (bsc#1155518). - samples: bpf: Refactor test_cgrp2_sock2 program with libbpf (bsc#1155518). - sched/fair: Fix overutilized update in enqueue_task_fair() (git-fixes) - sched/fair: Fix race between runtime distribution and (git-fixes) - sched/fair: Fix wrong cpu selecting from isolated domain (git-fixes) - sched/fair: Refill bandwidth before scaling (git-fixes) - sched: correct SD_flags returned by tl->sd_flags() (git-fixes) - scsi: core: Fix VPD LUN ID designator priorities (bsc#1178049). - scsi: core: Return BLK_STS_AGAIN for ALUA transitioning (bsc#1165933, bsc#1171000). - scsi: fnic: Avoid looping in TRANS ETH on unload (bsc#1175079). - scsi: fnic: Change shost_printk() to FNIC_FCS_DBG() (bsc#1175079). - scsi: fnic: Change shost_printk() to FNIC_MAIN_DBG() (bsc#1175079). - scsi: fnic: Set scsi_set_resid() only for underflow (bsc#1175079). - scsi: fnic: Validate io_req before others (bsc#1175079). - scsi: lpfc: Add FDMI Vendor MIB support (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Convert abort handling to SLI-3 and SLI-4 handlers (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Convert SCSI I/O completions to SLI-3 and SLI-4 handlers (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Convert SCSI path to use common I/O submission path (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Correct null ndlp reference on routine exit (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Drop nodelist reference on error in lpfc_gen_req() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Enable common send_io interface for SCSI and NVMe (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Enable common wqe_template support for both SCSI and NVMe (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Enlarge max_sectors in scsi host templates (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Extend the RDF FPIN Registration descriptor for additional events (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix duplicate wq_create_version check (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix fall-through warnings for Clang (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix FLOGI/PLOGI receive race condition in pt2pt discovery (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix initial FLOGI failure due to BBSCN not supported (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix invalid sleeping context in lpfc_sli4_nvmet_alloc() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix memory leak on lcb_context (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix missing prototype for lpfc_nvmet_prep_abort_wqe() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix missing prototype warning for lpfc_fdmi_vendor_attr_mi() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix NPIV discovery and Fabric Node detection (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix NPIV Fabric Node reference counting (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix pointer defereference before it is null checked issue (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix refcounting around SCSI and NVMe transport APIs (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix removal of SCSI transport device get and put on dev structure (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix scheduling call while in softirq context in lpfc_unreg_rpi (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix set but not used warnings from Rework remote port lock handling (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix set but unused variables in lpfc_dev_loss_tmo_handler() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix spelling mistake "Cant" -> "Can't" (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix variable 'vport' set but not used in lpfc_sli4_abts_err_handler() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_attr: Demote kernel-doc format for redefined functions (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_attr: Fix-up a bunch of kernel-doc misdemeanours (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_bsg: Provide correct documentation for a bunch of functions (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_debugfs: Fix a couple of function documentation issues (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_nvme: Fix some kernel-doc related issues (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_nvme: Remove unused variable 'phba' (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_nvmet: Fix-up some formatting and doc-rot issues (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_scsi: Fix a whole host of kernel-doc issues (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Re-fix use after free in lpfc_rq_buf_free() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Refactor WQE structure definitions for common use (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Reject CT request for MIB commands (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Remove dead code on second !ndlp check (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Remove ndlp when a PLOGI/ADISC/PRLI/REG_RPI ultimately fails (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Remove set but not used 'qp' (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Remove unneeded variable 'status' in lpfc_fcp_cpu_map_store() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Removed unused macros in lpfc_attr.c (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Rework locations of ndlp reference taking (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Rework remote port lock handling (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Rework remote port ref counting and node freeing (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Unsolicited ELS leaves node in incorrect state while dropping it (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Update changed file copyrights for 2020 (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Update lpfc version to 12.8.0.4 (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Update lpfc version to 12.8.0.5 (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Update lpfc version to 12.8.0.6 (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Use generic power management (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: mpt3sas: A small correction in _base_process_reply_queue (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Add bypass_dirty_port_flag parameter (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Add functions to check if any cmd is outstanding on Target and LUN (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Add module parameter multipath_on_hba (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Allocate memory for hba_port objects (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Bump driver version to 35.101.00.00 (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Cancel the running work during host reset (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Capture IOC data for debugging purposes (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Define hba_port structure (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Detect tampered Aero and Sea adapters (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Disable DIF when prot_mask set to zero (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Do not call disable_irq from IRQ poll handler (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Do not change the DMA coherent mask after allocations (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Dump system registers for debugging (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Fix double free warnings (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Fix error returns in BRM_status_show (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Fix memset() in non-RDPQ mode (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Fix reply queue count in non RDPQ mode (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Fix set but unused variable (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Fix sync irqs (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Fix unlock imbalance (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Get device objects using sas_address & portID (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Get sas_device objects using device's rphy (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Handle RDPQ DMA allocation in same 4G region (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Handle vSES vphy object during HBA reset (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Handling HBA vSES device (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Memset config_cmds.reply buffer with zeros (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Postprocessing of target and LUN reset (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Rearrange _scsih_mark_responding_sas_device() (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Remove NULL check before freeing function (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Remove pci-dma-compat wrapper API (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Remove superfluous memset() (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Rename and export interrupt mask/unmask functions (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Rename function name is_MSB_are_same (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Rename transport_del_phy_from_an_existing_port() (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Separate out RDPQ allocation to new function (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Set valid PhysicalPort in SMPPassThrough (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Update driver version to 35.100.00.00 (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Update hba_port objects after host reset (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Update hba_port's sas_address & phy_mask (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Update mpt3sas version to 33.101.00.00 (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Use true, false for ioc->use_32bit_dma (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: use true,false for bool variables (jsc#SLE-16914, bsc#1177733). - scsi: qla2xxx: Change post del message from debug level to log level (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Convert to DEFINE_SHOW_ATTRIBUTE (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Do not check for fw_started while posting NVMe command (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Do not consume srb greedily (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Drop TARGET_SCF_LOOKUP_LUN_FROM_TAG (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix compilation issue in PPC systems (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix crash during driver load on big endian machines (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix device loss on 4G and older HBAs (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix flash update in 28XX adapters on big endian machines (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix FW initialization error on big endian machines (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix N2N and NVMe connect retry failure (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix return of uninitialized value in rval (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix the call trace for flush workqueue (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Handle aborts correctly for port undergoing deletion (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Handle incorrect entry_type entries (bsc#1171688 bsc#1172733). - scsi: qla2xxx: If fcport is undergoing deletion complete I/O with retry (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Initialize variable in qla8044_poll_reg() (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Limit interrupt vectors to number of CPUs (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Move sess cmd list/lock to driver (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Remove in_interrupt() from qla82xx-specific code (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Remove in_interrupt() from qla83xx-specific code (bsc#1171688 bsc#1172733). - scsi: qla2xxx: remove incorrect sparse #ifdef (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Return EBUSY on fcport deletion (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Tear down session if FW say it is down (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Update version to 10.02.00.104-k (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Use constant when it is known (bsc#1171688 bsc#1172733). - scsi: Remove unneeded break statements (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: target: tcm_qla2xxx: Remove BUG_ON(in_interrupt()) (bsc#1171688 bsc#1172733). - scsi_dh_alua: return BLK_STS_AGAIN for ALUA transitioning state (bsc#1165933, bsc#1171000). - scsi_dh_alua: set 'transitioning' state on unit attention (bsc#1171000, bsc#1165933). - selftest/bpf: Add missed ip6ip6 test back (bsc#1155518). - selftests/bpf/test_offload.py: Reset ethtool features after failed setting (bsc#1155518). - selftests/bpf: Fix invalid use of strncat in test_sockmap (bsc#1155518). - selftests/bpf: Print reason when a tester could not run a program (bsc#1155518). - seqlock: avoid -Wshadow warnings (git-fixes). - serial: 8250_omap: Avoid FIFO corruption caused by MDR1 access (git-fixes). - serial_core: Check for port state when tty is in error state (git-fixes). - slimbus: qcom-ngd-ctrl: Avoid sending power requests without QMI (git-fixes). - soc/tegra: fuse: Fix index bug in get_process_id (git-fixes). - soc: amlogic: canvas: add missing put_device() call in meson_canvas_get() (git-fixes). - soc: fsl: dpio: Get the cpumask through cpumask_of(cpu) (git-fixes). - soc: mediatek: Check if power domains can be powered on at boot time (git-fixes). - soc: qcom: geni: More properly switch to DMA mode (git-fixes). - soc: qcom: smp2p: Safely acquire spinlock without IRQs (git-fixes). - soc: renesas: rmobile-sysc: Fix some leaks in rmobile_init_pm_domains() (git-fixes). - soc: ti: Fix reference imbalance in knav_dma_probe (git-fixes). - soc: ti: knav_qmss: fix reference leak in knav_queue_probe (git-fixes). - speakup: fix uninitialized flush_lock (git-fixes). - spi: atmel-quadspi: Disable clock in probe error path (git-fixes). - spi: atmel-quadspi: Fix AHB memory accesses (git-fixes). - spi: bcm63xx-hsspi: fix missing clk_disable_unprepare() on error in bcm63xx_hsspi_resume (git-fixes). - spi: davinci: Fix use-after-free on unbind (git-fixes). - spi: fix resource leak for drivers without .remove callback (git-fixes). - spi: img-spfi: fix reference leak in img_spfi_resume (git-fixes). - spi: mt7621: Disable clock in probe error path (git-fixes). - spi: mt7621: fix missing clk_disable_unprepare() on error in mt7621_spi_probe (git-fixes). - spi: mxs: fix reference leak in mxs_spi_probe (git-fixes). - spi: pic32: Do not leak DMA channels in probe error path (git-fixes). - spi: spi-mem: Fix passing zero to 'PTR_ERR' warning (git-fixes). - spi: spi-mem: fix reference leak in spi_mem_access_start (git-fixes). - spi: spi-nxp-fspi: fix fspi panic by unexpected interrupts (git-fixes). - spi: spi-ti-qspi: fix reference leak in ti_qspi_setup (git-fixes). - spi: sprd: fix reference leak in sprd_spi_remove (git-fixes). - spi: st-ssc4: Fix unbalanced pm_runtime_disable() in probe error path (git-fixes). - spi: stm32: fix reference leak in stm32_spi_resume (git-fixes). - spi: synquacer: Disable clock in probe error path (git-fixes). - spi: tegra114: fix reference leak in tegra spi ops (git-fixes). - spi: tegra20-sflash: fix reference leak in tegra_sflash_resume (git-fixes). - spi: tegra20-slink: fix reference leak in slink ops of tegra20 (git-fixes). - staging: comedi: mf6x4: Fix AI end-of-conversion detection (git-fixes). - staging: olpc_dcon: Do not call platform_device_unregister() in dcon_probe() (git-fixes). - timers: Do not block on ->expiry_lock for TIMER_IRQSAFE timers (bsc#1180349). - tty: Fix ->session locking (bsc#1179745). - ubifs: dent: Fix some potential memory leaks while iterating entries (bsc#1179703). - ubifs: Do not parse authentication mount options in remount process (bsc#1179688). - ubifs: Fix a memleak after dumping authentication mount options (bsc#1179687). - ubifs: Fix wrong orphan node deletion in ubifs_jnl_update|rename (bsc#1179675). - ubifs: journal: Make sure to not dirty twice for auth nodes (bsc#1179704). - ubifs: mount_ubifs: Release authentication resource in error handling path (bsc#1179689). - ubifs: xattr: Fix some potential memory leaks while iterating entries (bsc#1179690). - udf: Fix memory leak when mounting (bsc#1179712). - usb/max3421: fix return error code in max3421_probe() (git-fixes). - usb: add RESET_RESUME quirk for Snapscan 1212 (git-fixes). - usb: chipidea: ci_hdrc_imx: Pass DISABLE_DEVICE_STREAMING flag to imx6ul (git-fixes). - usb: ehci-omap: Fix PM disable depth umbalance in ehci_hcd_omap_probe (git-fixes). - usb: gadget: f_acm: add support for SuperSpeed Plus (git-fixes). - usb: gadget: f_fs: Re-use SS descriptors for SuperSpeedPlus (git-fixes). - usb: gadget: f_midi: setup SuperSpeed Plus descriptors (git-fixes). - usb: gadget: f_rndis: fix bitrate for SuperSpeed and above (git-fixes). - usb: host: ehci-tegra: Fix error handling in tegra_ehci_probe() (git-fixes). - usb: mtu3: fix memory corruption in mtu3_debugfs_regset() (git-fixes). - usb: oxu210hp-hcd: Fix memory leak in oxu_create (git-fixes). - usb: serial: ch341: add new Product ID for CH341A (git-fixes). - usb: serial: ch341: sort device-id entries (git-fixes). - usb: serial: digi_acceleport: fix write-wakeup deadlocks (git-fixes). - usb: serial: keyspan_pda: fix dropped unthrottle interrupts (git-fixes). - usb: serial: keyspan_pda: fix stalled writes (git-fixes). - usb: serial: keyspan_pda: fix tx-unthrottle use-after-free (git-fixes). - usb: serial: keyspan_pda: fix write deadlock (git-fixes). - usb: serial: keyspan_pda: fix write unthrottling (git-fixes). - usb: serial: keyspan_pda: fix write-wakeup use-after-free (git-fixes). - usb: serial: mos7720: fix parallel-port state restore (git-fixes). - usb: serial: option: add Fibocom NL668 variants (git-fixes). - usb: serial: option: add interface-number sanity check to flag handling (git-fixes). - usb: serial: option: add support for Thales Cinterion EXS82 (git-fixes). - usb: UAS: introduce a quirk to set no_write_same (git-fixes). - usbnet: ipheth: fix connectivity with iOS 14 (git-fixes). - video: fbdev: radeon: Fix memleak in radeonfb_pci_register (bsc#1152472) - video: fbdev: sis: fix null ptr dereference (bsc#1152472) - watchdog: armada_37xx: Add missing dependency on HAS_IOMEM (git-fixes). - watchdog: coh901327: add COMMON_CLK dependency (git-fixes). - watchdog: Fix potential dereferencing of null pointer (git-fixes). - watchdog: qcom: Avoid context switch in restart handler (git-fixes). - watchdog: sirfsoc: Add missing dependency on HAS_IOMEM (git-fixes). - watchdog: sprd: change to use usleep_range() instead of busy loop (git-fixes). - watchdog: sprd: check busy bit before new loading rather than after that (git-fixes). - watchdog: sprd: remove watchdog disable from resume fail path (git-fixes). - wimax: fix duplicate initializer warning (git-fixes). - x86/apic/vector: Fix ordering in vector assignment (bsc#1156315). - x86/CPU/AMD: Remove amd_get_nb_id() (bsc#1152489). - x86/CPU/AMD: Save AMD NodeId as cpu_die_id (bsc#1152489). - x86/ima: use correct identifier for SetupMode variable (bsc#1152489). - x86/insn-eval: Use new for_each_insn_prefix() macro to loop over prefixes bytes (bsc#1152489). - x86/mce: Do not overwrite no_way_out if mce_end() fails (bsc#1152489). - x86/mm/ident_map: Check for errors from ident_pud_init() (bsc#1152489). - x86/mm/mem_encrypt: Fix definition of PMD_FLAGS_DEC_WP (bsc#1152489). - x86/resctrl: Fix AMD L3 QOS CDP enable/disable (bsc#1152489). - x86/resctrl: Fix incorrect local bandwidth when mba_sc is enabled (bsc#1152489). - x86/resctrl: Remove unused struct mbm_state::chunks_bw (bsc#1152489). - x86/topology: Set cpu_die_id only if DIE_TYPE found (bsc#1152489). - x86/uprobes: Do not use prefixes.nbytes when looping over prefixes.bytes (bsc#1152489). - xhci-pci: Allow host runtime PM as default for Intel Alpine Ridge LP (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Realtime 15-SP2: zypper in -t patch SUSE-SLE-Module-RT-15-SP2-2021-108=1 Package List: - SUSE Linux Enterprise Module for Realtime 15-SP2 (noarch): kernel-devel-rt-5.3.18-22.1 kernel-source-rt-5.3.18-22.1 - SUSE Linux Enterprise Module for Realtime 15-SP2 (x86_64): cluster-md-kmp-rt-5.3.18-22.1 cluster-md-kmp-rt-debuginfo-5.3.18-22.1 dlm-kmp-rt-5.3.18-22.1 dlm-kmp-rt-debuginfo-5.3.18-22.1 gfs2-kmp-rt-5.3.18-22.1 gfs2-kmp-rt-debuginfo-5.3.18-22.1 kernel-rt-5.3.18-22.1 kernel-rt-debuginfo-5.3.18-22.1 kernel-rt-debugsource-5.3.18-22.1 kernel-rt-devel-5.3.18-22.1 kernel-rt-devel-debuginfo-5.3.18-22.1 kernel-rt_debug-debuginfo-5.3.18-22.1 kernel-rt_debug-debugsource-5.3.18-22.1 kernel-rt_debug-devel-5.3.18-22.1 kernel-rt_debug-devel-debuginfo-5.3.18-22.1 kernel-syms-rt-5.3.18-22.1 ocfs2-kmp-rt-5.3.18-22.1 ocfs2-kmp-rt-debuginfo-5.3.18-22.1 References: https://www.suse.com/security/cve/CVE-2020-0444.html https://www.suse.com/security/cve/CVE-2020-0465.html https://www.suse.com/security/cve/CVE-2020-0466.html https://www.suse.com/security/cve/CVE-2020-11668.html https://www.suse.com/security/cve/CVE-2020-27068.html https://www.suse.com/security/cve/CVE-2020-27777.html https://www.suse.com/security/cve/CVE-2020-27825.html https://www.suse.com/security/cve/CVE-2020-27830.html https://www.suse.com/security/cve/CVE-2020-29370.html https://www.suse.com/security/cve/CVE-2020-29373.html https://www.suse.com/security/cve/CVE-2020-29660.html https://www.suse.com/security/cve/CVE-2020-29661.html https://www.suse.com/security/cve/CVE-2020-36158.html https://bugzilla.suse.com/1040855 https://bugzilla.suse.com/1044120 https://bugzilla.suse.com/1044767 https://bugzilla.suse.com/1055117 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1094840 https://bugzilla.suse.com/1109695 https://bugzilla.suse.com/1115431 https://bugzilla.suse.com/1138374 https://bugzilla.suse.com/1149032 https://bugzilla.suse.com/1152457 https://bugzilla.suse.com/1152472 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1155518 https://bugzilla.suse.com/1156315 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1163727 https://bugzilla.suse.com/1165933 https://bugzilla.suse.com/1167657 https://bugzilla.suse.com/1168952 https://bugzilla.suse.com/1171000 https://bugzilla.suse.com/1171078 https://bugzilla.suse.com/1171688 https://bugzilla.suse.com/1172145 https://bugzilla.suse.com/1172733 https://bugzilla.suse.com/1174486 https://bugzilla.suse.com/1175079 https://bugzilla.suse.com/1175480 https://bugzilla.suse.com/1176396 https://bugzilla.suse.com/1176942 https://bugzilla.suse.com/1177326 https://bugzilla.suse.com/1177500 https://bugzilla.suse.com/1177666 https://bugzilla.suse.com/1177679 https://bugzilla.suse.com/1177733 https://bugzilla.suse.com/1178049 https://bugzilla.suse.com/1178203 https://bugzilla.suse.com/1178270 https://bugzilla.suse.com/1178612 https://bugzilla.suse.com/1178660 https://bugzilla.suse.com/1178780 https://bugzilla.suse.com/1179107 https://bugzilla.suse.com/1179204 https://bugzilla.suse.com/1179419 https://bugzilla.suse.com/1179434 https://bugzilla.suse.com/1179435 https://bugzilla.suse.com/1179519 https://bugzilla.suse.com/1179575 https://bugzilla.suse.com/1179604 https://bugzilla.suse.com/1179652 https://bugzilla.suse.com/1179656 https://bugzilla.suse.com/1179670 https://bugzilla.suse.com/1179671 https://bugzilla.suse.com/1179672 https://bugzilla.suse.com/1179673 https://bugzilla.suse.com/1179675 https://bugzilla.suse.com/1179676 https://bugzilla.suse.com/1179677 https://bugzilla.suse.com/1179678 https://bugzilla.suse.com/1179679 https://bugzilla.suse.com/1179680 https://bugzilla.suse.com/1179681 https://bugzilla.suse.com/1179682 https://bugzilla.suse.com/1179683 https://bugzilla.suse.com/1179684 https://bugzilla.suse.com/1179685 https://bugzilla.suse.com/1179687 https://bugzilla.suse.com/1179688 https://bugzilla.suse.com/1179689 https://bugzilla.suse.com/1179690 https://bugzilla.suse.com/1179703 https://bugzilla.suse.com/1179704 https://bugzilla.suse.com/1179707 https://bugzilla.suse.com/1179709 https://bugzilla.suse.com/1179710 https://bugzilla.suse.com/1179711 https://bugzilla.suse.com/1179712 https://bugzilla.suse.com/1179713 https://bugzilla.suse.com/1179714 https://bugzilla.suse.com/1179715 https://bugzilla.suse.com/1179716 https://bugzilla.suse.com/1179745 https://bugzilla.suse.com/1179763 https://bugzilla.suse.com/1179888 https://bugzilla.suse.com/1179892 https://bugzilla.suse.com/1179896 https://bugzilla.suse.com/1179960 https://bugzilla.suse.com/1179963 https://bugzilla.suse.com/1180027 https://bugzilla.suse.com/1180029 https://bugzilla.suse.com/1180031 https://bugzilla.suse.com/1180052 https://bugzilla.suse.com/1180056 https://bugzilla.suse.com/1180086 https://bugzilla.suse.com/1180117 https://bugzilla.suse.com/1180258 https://bugzilla.suse.com/1180261 https://bugzilla.suse.com/1180349 https://bugzilla.suse.com/1180506 https://bugzilla.suse.com/1180541 https://bugzilla.suse.com/1180559 https://bugzilla.suse.com/1180566 From sle-updates at lists.suse.com Wed Jan 13 07:29:55 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Jan 2021 15:29:55 +0100 (CET) Subject: SUSE-RU-2021:0112-1: moderate: Recommended update for python36 Message-ID: <20210113142955.09BEBFCFA@maintenance.suse.de> SUSE Recommended Update: Recommended update for python36 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0112-1 Rating: moderate References: #1180377 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python36 fixes the following issue: - Re-enable the floating point exception control (`fpectl`) module building. (bsc#1180377) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-112=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.12-4.28.1 libpython3_6m1_0-debuginfo-3.6.12-4.28.1 python36-3.6.12-4.28.1 python36-base-3.6.12-4.28.1 python36-base-debuginfo-3.6.12-4.28.1 python36-debuginfo-3.6.12-4.28.1 python36-debugsource-3.6.12-4.28.1 References: https://bugzilla.suse.com/1180377 From sle-updates at lists.suse.com Wed Jan 13 07:30:58 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Jan 2021 15:30:58 +0100 (CET) Subject: SUSE-SU-2021:0107-1: moderate: Security update for nodejs14 Message-ID: <20210113143058.06801FCFA@maintenance.suse.de> SUSE Security Update: Security update for nodejs14 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0107-1 Rating: moderate References: #1180553 #1180554 Cross-References: CVE-2020-8265 CVE-2020-8287 Affected Products: SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for nodejs14 fixes the following issues: - New upstream LTS version 14.15.4: * CVE-2020-8265: use-after-free in TLSWrap (High) bug in TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits (bsc#1180553) * CVE-2020-8287: HTTP Request Smuggling allow two copies of a header field in a http request. For example, two Transfer-Encoding header fields. In this case Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling (https://cwe.mitre.org/data/definitions/444.html). (bsc#1180554) - New upstream LTS version 14.15.3: * deps: + upgrade npm to 6.14.9 + update acorn to v8.0.4 * http2: check write not scheduled in scope destructor * stream: fix regression on duplex end Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2021-107=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): nodejs14-14.15.4-6.6.1 nodejs14-debuginfo-14.15.4-6.6.1 nodejs14-debugsource-14.15.4-6.6.1 nodejs14-devel-14.15.4-6.6.1 npm14-14.15.4-6.6.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs14-docs-14.15.4-6.6.1 References: https://www.suse.com/security/cve/CVE-2020-8265.html https://www.suse.com/security/cve/CVE-2020-8287.html https://bugzilla.suse.com/1180553 https://bugzilla.suse.com/1180554 From sle-updates at lists.suse.com Wed Jan 13 07:31:58 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Jan 2021 15:31:58 +0100 (CET) Subject: SUSE-SU-2021:0109-1: moderate: Security update for libzypp, zypper Message-ID: <20210113143158.C8F64FCFA@maintenance.suse.de> SUSE Security Update: Security update for libzypp, zypper ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0109-1 Rating: moderate References: #1050625 #1174016 #1177238 #1177275 #1177427 #1177583 #1178910 #1178966 #1179083 #1179222 #1179415 #1179909 Cross-References: CVE-2017-9271 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Installer 15-SP2 ______________________________________________________________________________ An update that solves one vulnerability and has 11 fixes is now available. Description: This update for libzypp, zypper fixes the following issues: Update zypper to version 1.14.41 Update libzypp to 17.25.4 - CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583) - RepoManager: Force refresh if repo url has changed (bsc#1174016) - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966) - RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427). - RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910) - Fixed update of gpg keys with elongated expire date (bsc#179222) - needreboot: remove udev from the list (bsc#1179083) - Fix lsof monitoring (bsc#1179909) yast-installation was updated to 4.2.48: - Do not cleanup the libzypp cache when the system has low memory, incomplete cache confuses libzypp later (bsc#1179415) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-109=1 - SUSE Linux Enterprise Installer 15-SP2: zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2021-109=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libzypp-17.25.5-3.25.6 libzypp-debuginfo-17.25.5-3.25.6 libzypp-debugsource-17.25.5-3.25.6 libzypp-devel-17.25.5-3.25.6 zypper-1.14.41-3.14.10 zypper-debuginfo-1.14.41-3.14.10 zypper-debugsource-1.14.41-3.14.10 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): yast2-installation-4.2.48-3.16.1 zypper-log-1.14.41-3.14.10 zypper-needs-restarting-1.14.41-3.14.10 - SUSE Linux Enterprise Installer 15-SP2 (aarch64 ppc64le s390x x86_64): libzypp-17.25.5-3.25.6 - SUSE Linux Enterprise Installer 15-SP2 (noarch): yast2-installation-4.2.48-3.16.1 References: https://www.suse.com/security/cve/CVE-2017-9271.html https://bugzilla.suse.com/1050625 https://bugzilla.suse.com/1174016 https://bugzilla.suse.com/1177238 https://bugzilla.suse.com/1177275 https://bugzilla.suse.com/1177427 https://bugzilla.suse.com/1177583 https://bugzilla.suse.com/1178910 https://bugzilla.suse.com/1178966 https://bugzilla.suse.com/1179083 https://bugzilla.suse.com/1179222 https://bugzilla.suse.com/1179415 https://bugzilla.suse.com/1179909 From sle-updates at lists.suse.com Wed Jan 13 10:16:34 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Jan 2021 18:16:34 +0100 (CET) Subject: SUSE-RU-2021:0113-1: moderate: Recommended update for gdm Message-ID: <20210113171634.C4918FCFA@maintenance.suse.de> SUSE Recommended Update: Recommended update for gdm ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0113-1 Rating: moderate References: #1174533 #1179968 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for gdm fixes the following issues: - Fix for the issue with user switch with enabled autologin. (bsc#1179968, bsc#1174533) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-113=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): gdm-3.34.1-8.12.1 gdm-debuginfo-3.34.1-8.12.1 gdm-debugsource-3.34.1-8.12.1 gdm-devel-3.34.1-8.12.1 libgdm1-3.34.1-8.12.1 libgdm1-debuginfo-3.34.1-8.12.1 typelib-1_0-Gdm-1_0-3.34.1-8.12.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (noarch): gdm-lang-3.34.1-8.12.1 gdm-systemd-3.34.1-8.12.1 gdmflexiserver-3.34.1-8.12.1 References: https://bugzilla.suse.com/1174533 https://bugzilla.suse.com/1179968 From sle-updates at lists.suse.com Wed Jan 13 13:19:15 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Jan 2021 21:19:15 +0100 (CET) Subject: SUSE-RU-2021:0114-1: moderate: Recommended update for dpdk Message-ID: <20210113201915.54A93FCFA@maintenance.suse.de> SUSE Recommended Update: Recommended update for dpdk ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0114-1 Rating: moderate References: #1099951 #1102310 #1174543 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for dpdk provides the following fixes: - Fix a syntax error affecting csh environment configuration. (bsc#1102310) - Fix a broken library reference in pmd drivers. (bsc#1099951) - rebuilt with new signing key. (bsc#1174543) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2021-114=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2021-114=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2021-114=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-114=1 Package List: - SUSE OpenStack Cloud 7 (x86_64): dpdk-2.2.0-16.4.1 dpdk-debuginfo-2.2.0-16.4.1 dpdk-debugsource-2.2.0-16.4.1 dpdk-tools-2.2.0-16.4.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): dpdk-2.2.0-16.4.1 dpdk-debuginfo-2.2.0-16.4.1 dpdk-debugsource-2.2.0-16.4.1 dpdk-tools-2.2.0-16.4.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (x86_64): dpdk-2.2.0-16.4.1 dpdk-debuginfo-2.2.0-16.4.1 dpdk-debugsource-2.2.0-16.4.1 dpdk-tools-2.2.0-16.4.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): dpdk-2.2.0-16.4.1 dpdk-debuginfo-2.2.0-16.4.1 dpdk-debugsource-2.2.0-16.4.1 dpdk-tools-2.2.0-16.4.1 References: https://bugzilla.suse.com/1099951 https://bugzilla.suse.com/1102310 https://bugzilla.suse.com/1174543 From sle-updates at lists.suse.com Wed Jan 13 13:20:28 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Jan 2021 21:20:28 +0100 (CET) Subject: SUSE-SU-2021:0115-1: moderate: Security update for rubygem-archive-tar-minitar Message-ID: <20210113202028.C6912FCFA@maintenance.suse.de> SUSE Security Update: Security update for rubygem-archive-tar-minitar ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0115-1 Rating: moderate References: #1021740 Cross-References: CVE-2016-10173 Affected Products: SUSE Linux Enterprise Module for Containers 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rubygem-archive-tar-minitar fixes one security issue: - CVE-2016-10173: Archives with files containing '..' in the extracted filename could have been used to overwrite arbitrary files (bsc#1021740). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2021-115=1 Package List: - SUSE Linux Enterprise Module for Containers 12 (ppc64le s390x x86_64): ruby2.1-rubygem-archive-tar-minitar-0.5.2-7.3.65 References: https://www.suse.com/security/cve/CVE-2016-10173.html https://bugzilla.suse.com/1021740 From sle-updates at lists.suse.com Wed Jan 13 16:16:28 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Jan 2021 00:16:28 +0100 (CET) Subject: SUSE-RU-2021:0116-1: Recommended update for release-notes-sles Message-ID: <20210113231628.417B0FCFA@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0116-1 Rating: low References: #1024946 #1143465 #1168741 #1170958 #1172752 #1173570 #1180183 SLE-11078 SLE-11177 SLE-12474 SLE-12751 SLE-12830 Affected Products: SUSE Linux Enterprise Server Installer 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has 7 recommended fixes and contains 5 features can now be installed. Description: This update for release-notes-sles fixes the following issues: Release notes 12.5.20210104 (bsc#1180183) - Make sure that the Containers section is included in the output document - Added note about Git 2.26.2 update (jsc#SLE-11177) - Added note about postgressql 12 (jsc#SLE-11078) - Added note about Salt 3000 update (jsc#SLE-12830) - Added note about end of support for packaged Docker images (bsc#1168741) - Added note about PHP 7.4 Upgrade (jsc#SLE-12474) - Added note about updated Apache NSS to SLES 12 SP5 (jsc#SLE-12751) - Added note about new kernel-firmware package (bsc#1143465) - Fixed section about software requiring external contracts (bsc#1173570) - Python 3.6 is shipped in `python-3.6` package (bsc#1172752) - Added info that Btrfs quota groups can degrade performance (bsc#1024946) - Btrfs features: Added missing data for SLES 12 SP5 - Fixed typo in the word "module" (bsc#1170958) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server Installer 12-SP5: zypper in -t patch SUSE-SLE-SERVER-INSTALLER-12-SP5-2021-116=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-116=1 Package List: - SUSE Linux Enterprise Server Installer 12-SP5 (noarch): release-notes-sles-12.5.20210104-3.16.2 - SUSE Linux Enterprise Server 12-SP5 (noarch): release-notes-sles-12.5.20210104-3.16.2 References: https://bugzilla.suse.com/1024946 https://bugzilla.suse.com/1143465 https://bugzilla.suse.com/1168741 https://bugzilla.suse.com/1170958 https://bugzilla.suse.com/1172752 https://bugzilla.suse.com/1173570 https://bugzilla.suse.com/1180183 From sle-updates at lists.suse.com Wed Jan 13 23:57:23 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Jan 2021 07:57:23 +0100 (CET) Subject: SUSE-CU-2021:21-1: Security update of suse/sle15 Message-ID: <20210114065723.9C4B5FEDA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:21-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.8.2.822 Container Release : 8.2.822 Severity : moderate Type : security References : 1050625 1174016 1177238 1177275 1177427 1177583 1178910 1178966 1179083 1179222 1179415 1179909 CVE-2017-9271 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:109-1 Released: Wed Jan 13 10:13:24 2021 Summary: Security update for libzypp, zypper Type: security Severity: moderate References: 1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179415,1179909,CVE-2017-9271 This update for libzypp, zypper fixes the following issues: Update zypper to version 1.14.41 Update libzypp to 17.25.4 - CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583) - RepoManager: Force refresh if repo url has changed (bsc#1174016) - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966) - RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427). - RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910) - Fixed update of gpg keys with elongated expire date (bsc#179222) - needreboot: remove udev from the list (bsc#1179083) - Fix lsof monitoring (bsc#1179909) yast-installation was updated to 4.2.48: - Do not cleanup the libzypp cache when the system has low memory, incomplete cache confuses libzypp later (bsc#1179415) From sle-updates at lists.suse.com Thu Jan 14 01:16:16 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Jan 2021 09:16:16 +0100 (CET) Subject: SUSE-SU-2021:0117-1: moderate: Security update for the Linux Kernel Message-ID: <20210114081616.0C4C7FEDA@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0117-1 Rating: moderate References: #1040855 #1044120 #1044767 #1055117 #1065729 #1094840 #1109695 #1115431 #1138374 #1139944 #1149032 #1152457 #1152472 #1152489 #1155518 #1156315 #1156395 #1158775 #1161099 #1163727 #1165933 #1167657 #1168952 #1171000 #1171078 #1171688 #1172145 #1172733 #1174486 #1175079 #1175480 #1175995 #1176396 #1176942 #1176956 #1177326 #1177500 #1177666 #1177679 #1177733 #1178049 #1178203 #1178270 #1178372 #1178590 #1178612 #1178634 #1178660 #1178756 #1178780 #1179107 #1179204 #1179419 #1179434 #1179435 #1179519 #1179575 #1179578 #1179601 #1179604 #1179639 #1179652 #1179656 #1179670 #1179671 #1179672 #1179673 #1179675 #1179676 #1179677 #1179678 #1179679 #1179680 #1179681 #1179682 #1179683 #1179684 #1179685 #1179687 #1179688 #1179689 #1179690 #1179703 #1179704 #1179707 #1179709 #1179710 #1179711 #1179712 #1179713 #1179714 #1179715 #1179716 #1179745 #1179763 #1179888 #1179892 #1179896 #1179960 #1179963 #1180027 #1180029 #1180031 #1180052 #1180056 #1180086 #1180117 #1180258 #1180261 #1180506 #1180541 #1180559 #1180566 Cross-References: CVE-2020-0444 CVE-2020-0465 CVE-2020-0466 CVE-2020-11668 CVE-2020-27068 CVE-2020-27777 CVE-2020-27786 CVE-2020-27825 CVE-2020-27830 CVE-2020-28374 CVE-2020-29370 CVE-2020-29373 CVE-2020-29660 CVE-2020-29661 CVE-2020-36158 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Module for Legacy Software 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that solves 15 vulnerabilities and has 98 fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-28374: Fixed a Linux SCSI target issue (bsc#1178372). - CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559). - CVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960). - CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031). - CVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086). - CVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027). - CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029). - CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745). - CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745). - CVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107). - CVE-2020-29373: Fixed an unsafe handling of the root directory during path lookups in fs/io_uring.c (bnc#1179434). - CVE-2020-11668: Fixed the mishandling of invalid descriptors in the Xirlink camera USB driver (bnc#1168952). - CVE-2020-27830: Fixed a null pointer dereference in speakup (bsc#1179656). - CVE-2020-29370: Fixed a race condition in kmem_cache_alloc_bulk (bnc#1179435). - CVE-2020-27786: Fixed a use after free in kernel midi subsystem snd_rawmidi_kernel_read1() (bsc#1179601). The following non-security bugs were fixed: - ACPI: APEI: Kick the memory_failure() queue for synchronous errors (jsc#SLE-16610). - ACPI: PNP: compare the string length in the matching_id() (git-fixes). - ALSA/hda: apply jack fixup for the Acer Veriton N4640G/N6640G/N2510G (git-fixes). - ALSA: core: memalloc: add page alignment for iram (git-fixes). - ALSA: hda/ca0132 - Change Input Source enum strings (git-fixes). - ALSA: hda/ca0132 - Fix AE-5 rear headphone pincfg (git-fixes). - ALSA: hda/generic: Add option to enforce preferred_dacs pairs (git-fixes). - ALSA: hda/hdmi: always print pin NIDs as hexadecimal (git-fixes). - ALSA: hda/hdmi: packet buffer index must be set before reading value (git-fixes). - ALSA: hda/proc - print DP-MST connections (git-fixes). - ALSA: hda/realtek - Add new codec supported for ALC897 (git-fixes). - ALSA: hda/realtek - Add supported for more Lenovo ALC285 Headset Button (git-fixes). - ALSA: hda/realtek - Enable headset mic of ASUS Q524UQK with ALC255 (git-fixes). - ALSA: hda/realtek - Enable headset mic of ASUS X430UN with ALC256 (git-fixes). - ALSA: hda/realtek - Fixed Dell AIO wrong sound tone (git-fixes). - ALSA: hda/realtek: Add mute LED quirk to yet another HP x360 model (git-fixes). - ALSA: hda/realtek: Add quirk for MSI-GP73 (git-fixes). - ALSA: hda/realtek: Apply jack fixup for Quanta NL3 (git-fixes). - ALSA: hda/realtek: Enable headset of ASUS UX482EG & B9400CEA with ALC294 (git-fixes). - ALSA: hda/realtek: Fix bass speaker DAC assignment on Asus Zephyrus G14 (git-fixes). - ALSA: hda/realtek: make bass spk volume adjustable on a yoga laptop (git-fixes). - ALSA: hda: Fix regressions on clear and reconfig sysfs (git-fixes). - ALSA: pcm: oss: Fix a few more UBSAN fixes (git-fixes). - ALSA: pcm: oss: Fix potential out-of-bounds shift (git-fixes). - ALSA: rawmidi: Access runtime->avail always in spinlock (git-fixes). - ALSA: seq: remove useless function (git-fixes). - ALSA: usb-audio: Add generic implicit fb parsing (bsc#1178203). - ALSA: usb-audio: Add hw constraint for implicit fb sync (bsc#1178203). - ALSA: usb-audio: Add implicit fb support for Steinberg UR22 (git-fixes). - ALSA: usb-audio: Add implicit_fb module option (bsc#1178203). - ALSA: usb-audio: Add quirk for Pioneer DJ DDJ-SR2 (git-fixes). - ALSA: usb-audio: Add snd_usb_get_endpoint() helper (bsc#1178203). - ALSA: usb-audio: Add snd_usb_get_host_interface() helper (bsc#1178203). - ALSA: usb-audio: Add support for Pioneer DJ DDJ-RR controller (git-fixes). - ALSA: usb-audio: Add VID to support native DSD reproduction on FiiO devices (git-fixes). - ALSA: usb-audio: Always set up the parameters after resume (bsc#1178203). - ALSA: usb-audio: Avoid doubly initialization for implicit fb (bsc#1178203). - ALSA: usb-audio: Check implicit feedback EP generically for UAC2 (bsc#1178203). - ALSA: usb-audio: Check valid altsetting at parsing rates for UAC2/3 (bsc#1178203). - ALSA: usb-audio: Constify audioformat pointer references (bsc#1178203). - ALSA: usb-audio: Convert to the common vmalloc memalloc (bsc#1178203). - ALSA: usb-audio: Correct wrongly matching entries with audio class (bsc#1178203). - ALSA: usb-audio: Create endpoint objects at parsing phase (bsc#1178203). - ALSA: usb-audio: Disable sample read check if firmware does not give back (git-fixes). - ALSA: usb-audio: Do not call usb_set_interface() at trigger callback (bsc#1178203). - ALSA: usb-audio: Do not set altsetting before initializing sample rate (bsc#1178203). - ALSA: usb-audio: Drop debug.h (bsc#1178203). - ALSA: usb-audio: Drop keep_interface flag again (bsc#1178203). - ALSA: usb-audio: Drop unneeded snd_usb_substream fields (bsc#1178203). - ALSA: usb-audio: Factor out the implicit feedback quirk code (bsc#1178203). - ALSA: usb-audio: Fix control 'access overflow' errors from chmap (git-fixes). - ALSA: usb-audio: Fix EP matching for continuous rates (bsc#1178203). - ALSA: usb-audio: Fix MOTU M-Series quirks (bsc#1178203). - ALSA: usb-audio: Fix possible stall of implicit fb packet ring-buffer (bsc#1178203). - ALSA: usb-audio: Fix potential out-of-bounds shift (git-fixes). - ALSA: usb-audio: Fix quirks for other BOSS devices (bsc#1178203). - ALSA: usb-audio: Handle discrete rates properly in hw constraints (bsc#1178203). - ALSA: usb-audio: Improve some debug prints (bsc#1178203). - ALSA: usb-audio: Move device rename and profile quirks to an internal table (bsc#1178203). - ALSA: usb-audio: Move snd_usb_autoresume() call out of setup_hw_info() (bsc#1178203). - ALSA: usb-audio: Pass snd_usb_audio object to quirk functions (bsc#1178203). - ALSA: usb-audio: Properly match with audio interface class (bsc#1178203). - ALSA: usb-audio: Quirk for BOSS GT-001 (bsc#1178203). - ALSA: usb-audio: Refactor endpoint management (bsc#1178203). - ALSA: usb-audio: Refactoring endpoint URB deactivation (bsc#1178203). - ALSA: usb-audio: Replace slave/master terms (bsc#1178203). - ALSA: usb-audio: Set and clear sync EP link properly (bsc#1178203). - ALSA: usb-audio: Set callbacks via snd_usb_endpoint_set_callback() (bsc#1178203). - ALSA: usb-audio: Show sync endpoint information in proc outputs (bsc#1178203). - ALSA: usb-audio: Simplify hw_params rules (bsc#1178203). - ALSA: usb-audio: Simplify quirk entries with a macro (bsc#1178203). - ALSA: usb-audio: Simplify rate_min/max and rates set up (bsc#1178203). - ALSA: usb-audio: Simplify snd_usb_init_pitch() arguments (bsc#1178203). - ALSA: usb-audio: Simplify snd_usb_init_sample_rate() arguments (bsc#1178203). - ALSA: usb-audio: Stop both endpoints properly at error (bsc#1178203). - ALSA: usb-audio: Support PCM sync_stop (bsc#1178203). - ALSA: usb-audio: Track implicit fb sync endpoint in audioformat list (bsc#1178203). - ALSA: usb-audio: Unify the code for the next packet size calculation (bsc#1178203). - ALSA: usb-audio: US16x08: fix value count for level meters (git-fixes). - ALSA: usb-audio: Use ALC1220-VB-DT mapping for ASUS ROG Strix TRX40 mobo (bsc#1178203). - ALSA: usb-audio: Use atomic_t for endpoint use_count (bsc#1178203). - ALSA: usb-audio: Use managed buffer allocation (bsc#1178203). - ALSA: usb-audio: Use unsigned char for iface and altsettings fields (bsc#1178203). - ALSA: usb-audio: workaround for iface reset issue (bsc#1178203). - arm64: acpi: Make apei_claim_sea() synchronise with APEI's irq work (jsc#SLE-16610). - ASoC: amd: change clk_get() to devm_clk_get() and add missed checks (git-fixes). - ASoC: arizona: Fix a wrong free in wm8997_probe (git-fixes). - ASoC: cx2072x: Fix doubly definitions of Playback and Capture streams (git-fixes). - ASoC: Intel: bytcr_rt5640: Fix HP Pavilion x2 Detachable quirks (git-fixes). - ASoC: jz4740-i2s: add missed checks for clk_get() (git-fixes). - ASoC: meson: fix COMPILE_TEST error (git-fixes). - ASoC: pcm: DRAIN support reactivation (git-fixes). - ASoC: SOF: control: fix size checks for ext_bytes control .get() (git-fixes). - ASoC: sun4i-i2s: Fix lrck_period computation for I2S justified mode (git-fixes). - ASoC: tegra20-spdif: remove "default m" (git-fixes). - ASoC: ti: davinci-mcasp: remove always zero of davinci_mcasp_get_dt_params (git-fixes). - ASoC: wm8998: Fix PM disable depth imbalance on error (git-fixes). - ASoC: wm_adsp: fix error return code in wm_adsp_load() (git-fixes). - ASoC: wm_adsp: remove "ctl" from list on error in wm_adsp_create_control() (git-fixes). - ath10k: Fix an error handling path (git-fixes). - ath10k: Release some resources in an error handling path (git-fixes). - ath6kl: fix enum-conversion warning (git-fixes). - batman-adv: Consider fragmentation for needed_headroom (git-fixes). - batman-adv: Do not always reallocate the fragmentation skb head (git-fixes). - batman-adv: Reserve needed_*room for fragments (git-fixes). - blk-mq: Remove 'running from the wrong CPU' warning (bsc#1174486). - block: return status code in blk_mq_end_request() (bsc#1171000, bsc#1165933). - Bluetooth: btmtksdio: Add the missed release_firmware() in mtk_setup_firmware() (git-fixes). - Bluetooth: btusb: Add the missed release_firmware() in btusb_mtk_setup_firmware() (git-fixes). - Bluetooth: Fix null pointer dereference in hci_event_packet() (git-fixes). - Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt() (git-fixes). - Bluetooth: hci_h5: fix memory leak in h5_close (git-fixes). - bpf: Fix bpf_put_raw_tracepoint()'s use of __module_address() (git-fixes). - btrfs: add missing check for nocow and compression inode flags (bsc#1178780). - btrfs: allow btrfs_truncate_block() to fallback to nocow for data space reservation (bsc#1161099). - btrfs: delete duplicated words + other fixes in comments (bsc#1180566). - btrfs: do not commit logs and transactions during link and rename operations (bsc#1180566). - btrfs: do not take the log_mutex of the subvolume when pinning the log (bsc#1180566). - btrfs: fix readahead hang and use-after-free after removing a device (bsc#1179963). - btrfs: fix use-after-free on readahead extent after failure to create it (bsc#1179963). - btrfs: qgroup: do not commit transaction when we already hold the handle (bsc#1178634). - btrfs: qgroup: do not try to wait flushing if we're already holding a transaction (bsc#1179575). - bus: fsl-mc: fix error return code in fsl_mc_object_allocate() (git-fixes). - can: c_can: c_can_power_up(): fix error handling (git-fixes). - can: sja1000: sja1000_err(): do not count arbitration lose as an error (git-fixes). - can: softing: softing_netdev_open(): fix error handling (git-fixes). - can: sun4i_can: sun4i_can_err(): do not count arbitration lose as an error (git-fixes). - cfg80211: initialize rekey_data (git-fixes). - cifs: add NULL check for ses->tcon_ipc (bsc#1178270). - cifs: allow syscalls to be restarted in __smb_send_rqst() (bsc#1176956). - cifs: do not share tcons with DFS (bsc#1178270). - cifs: document and cleanup dfs mount (bsc#1178270). - cifs: ensure correct super block for DFS reconnect (bsc#1178270). - cifs: Fix an error pointer dereference in cifs_mount() (bsc#1178270). - cifs: fix check of tcon dfs in smb1 (bsc#1178270). - cifs: fix DFS mount with cifsacl/modefromsid (bsc#1178270). - cifs: fix double free error on share and prefix (bsc#1178270). - cifs: fix leaked reference on requeued write (bsc#1178270). - cifs: fix potential use-after-free in cifs_echo_request() (bsc#1139944). - cifs: fix uninitialised lease_key in open_shroot() (bsc#1178270). - cifs: get rid of unused parameter in reconn_setup_dfs_targets() (bsc#1178270). - cifs: handle empty list of targets in cifs_reconnect() (bsc#1178270). - cifs: handle hostnames that resolve to same ip in failover (bsc#1178270). - cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1178270). - cifs: merge __{cifs,smb2}_reconnect[_tcon]() into cifs_tree_connect() (bsc#1178270). - cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#1178270). - cifs: reduce number of referral requests in DFS link lookups (bsc#1178270). - cifs: rename reconn_inval_dfs_target() (bsc#1178270). - cifs: set up next DFS target before generic_ip_connect() (bsc#1178270). - clk: at91: sam9x60: remove atmel,osc-bypass support (git-fixes). - clk: ingenic: Fix divider calculation with div tables (git-fixes). - clk: mediatek: Make mtk_clk_register_mux() a static function (git-fixes). - clk: mvebu: a3700: fix the XTAL MODE pin to MPP1_9 (git-fixes). - clk: renesas: r9a06g032: Drop __packed for portability (git-fixes). - clk: s2mps11: Fix a resource leak in error handling paths in the probe function (git-fixes). - clk: sunxi-ng: Make sure divider tables have sentinel (git-fixes). - clk: tegra: Do not return 0 on failure (git-fixes). - clk: tegra: Fix duplicated SE clock entry (git-fixes). - clk: ti: Fix memleak in ti_fapll_synth_setup (git-fixes). - clocksource/drivers/arm_arch_timer: Correct fault programming of CNTKCTL_EL1.EVNTI (git-fixes). - clocksource/drivers/arm_arch_timer: Use stable count reader in erratum sne (git-fixes). - clocksource/drivers/cadence_ttc: Fix memory leak in ttc_setup_clockevent() (git-fixes). - clocksource/drivers/orion: Add missing clk_disable_unprepare() on error path (git-fixes). - compiler_attributes.h: Add 'fallthrough' pseudo keyword for switch/case use (bsc#1178203). - coredump: fix core_pattern parse error (git-fixes). - cpufreq: ap806: Add missing MODULE_DEVICE_TABLE (git-fixes). - cpufreq: highbank: Add missing MODULE_DEVICE_TABLE (git-fixes). - cpufreq: loongson1: Add missing MODULE_ALIAS (git-fixes). - cpufreq: mediatek: Add missing MODULE_DEVICE_TABLE (git-fixes). - cpufreq: scpi: Add missing MODULE_ALIAS (git-fixes). - cpufreq: st: Add missing MODULE_DEVICE_TABLE (git-fixes). - cpufreq: vexpress-spc: Add missing MODULE_ALIAS (git-fixes). - crypto: af_alg - avoid undefined behavior accessing salg_name (git-fixes). - crypto: atmel-i2c - select CONFIG_BITREVERSE (git-fixes). - crypto: crypto4xx - Replace bitwise OR with logical OR in crypto4xx_build_pd (git-fixes). - crypto: ecdh - avoid unaligned accesses in ecdh_set_secret() (git-fixes). - crypto: inside-secure - Fix sizeof() mismatch (git-fixes). - crypto: omap-aes - Fix PM disable depth imbalance in omap_aes_probe (git-fixes). - crypto: qat - fix status check in qat_hal_put_rel_rd_xfer() (git-fixes). - crypto: sun4i-ss - add the A33 variant of SS (git-fixes). - crypto: talitos - Endianess in current_desc_hdr() (git-fixes). - crypto: talitos - Fix return type of current_desc_hdr() (git-fixes). - cw1200: fix missing destroy_workqueue() on error in cw1200_init_common (git-fixes). - dmaengine: mv_xor_v2: Fix error return code in mv_xor_v2_probe() (git-fixes). - drivers: soc: ti: knav_qmss_queue: Fix error return code in knav_queue_probe (git-fixes). - drm/amd/display: Fix wrong return value in dm_update_plane_state() (bsc#1152489) - drm/amdgpu: pass NULL pointer instead of 0 (bsc#1152489) Backporting changes: * context fixes - drm/crc-debugfs: Fix memleak in crc_control_write (bsc#1152472) - drm/gma500: fix error check (bsc#1152472) Backporting changes: * context fixes - drm/i915/gem: Avoid implicit vmap for highmem on x86-32 (bsc#1152489) Backporting changes: * context fixes - drm/i915: Fix sha_text population code (bsc#1152489) Backporting changes: * context fixes * adapted I/O functions to old driver - drm/imx: tve remove extraneous type qualifier (bsc#1152489) - drm/mediatek: Add exception handing in mtk_drm_probe() if component (bsc#1152472) - drm/mediatek: Add missing put_device() call in (bsc#1152472) - drm/mediatek: Add missing put_device() call in mtk_drm_kms_init() (bsc#1152472) Backporting changes: * context fixes * adapted to function layout - drm/msm: Avoid div-by-zero in dpu_crtc_atomic_check() (bsc#1152489) - drm/msm: Drop debug print in _dpu_crtc_setup_lm_bounds() (bsc#1152489) Backporting changes: * context fixes - drm/panfrost: Ensure GPU quirks are always initialised (bsc#1152489) - drm/panfrost: increase readl_relaxed_poll_timeout values (bsc#1152472) Backporting changes: * context fixes - drm/radeon: Prefer lower feedback dividers (bsc#1152489) - drm/sun4i: sun8i-csc: Secondary CSC register correction (bsc#1152489) - drm/vc4/vc4_hdmi: fill ASoC card owner (bsc#1152489) - drm/vc4: crtc: Rework a bit the CRTC state code (bsc#1152472) Backporting changes: * context fixes - drm/vc4: hdmi: Avoid sleeping in atomic context (bsc#1152489) Backporting changes: * context fixes - drm/vkms: fix xrgb on compute crc (bsc#1152472) Backporting changes: * changed filename from vkms_composer.c to vkms_crc.c * context fixes - drm: mxsfb: check framebuffer pitch (bsc#1152472) Backporting changes: * context fixes - drm: mxsfb: Remove fbdev leftovers (bsc#1152472) Backporting changes: * context fixes - drm: panel: Fix bpc for OrtusTech COM43H4M85ULC panel (bsc#1152489) - drm: panel: Fix bus format for OrtusTech COM43H4M85ULC panel (bsc#1152472) Backporting changes: * context fixes - drm: rcar-du: Put reference to VSP device (bsc#1152489) - EDAC/amd64: Do not load on family 0x15, model 0x13 (bsc#1179763). - EDAC/i10nm: Use readl() to access MMIO registers (bsc#1152489). - EDAC/mce_amd: Use struct cpuinfo_x86.cpu_die_id for AMD NodeId (bsc#1152489). - epoll: Keep a reference on files added to the check list (bsc#1180031). - ethtool: fix error handling in ethtool_phys_id (git-fixes). - ext4: correctly report "not supported" for {usr,grp}jquota when !CONFIG_QUOTA (bsc#1179672). - ext4: fix bogus warning in ext4_update_dx_flag() (bsc#1179716). - ext4: fix leaking sysfs kobject after failed mount (bsc#1179670). - ext4: limit entries returned when counting fsmap records (bsc#1179671). - ext4: unlock xattr_sem properly in ext4_inline_data_truncate() (bsc#1179673). - extcon: max77693: Fix modalias string (git-fixes). - fail_function: Remove a redundant mutex unlock (bsc#1149032). - fbcon: Remove the superfluous break (bsc#1152472) - firmware: arm_sdei: Document the motivation behind these set_fs() calls (jsc#SLE-16610). - fix regression in "epoll: Keep a reference on files added to the check list" (bsc#1180031, git-fixes). - fs/minix: check return value of sb_getblk() (bsc#1179676). - fs/minix: do not allow getting deleted inodes (bsc#1179677). - fs/minix: fix block limit check for V1 filesystems (bsc#1179680). - fs/minix: reject too-large maximum file size (bsc#1179678). - fs/minix: remove expected error message in block_to_path() (bsc#1179681). - fs/minix: set s_maxbytes correctly (bsc#1179679). - fs/ufs: avoid potential u32 multiplication overflow (bsc#1179682). - fs: Do not invalidate page buffers in block_write_full_page() (bsc#1179711). - ftrace: Fix updating FTRACE_FL_TRAMP (git-fixes). - geneve: pull IP header before ECN decapsulation (git-fixes). - genirq/irqdomain: Add an irq_create_mapping_affinity() function (bsc#1065729). - genirq/matrix: Deal with the sillyness of for_each_cpu() on UP (bsc#1156315). - gpio: mvebu: fix potential user-after-free on probe (git-fixes). - gpio: mvebu: update Armada XP per-CPU comment (git-fixes). - HID: add HID_QUIRK_INCREMENT_USAGE_ON_DUPLICATE for Gamevice devices (git-fixes). - HID: Add Logitech Dinovo Edge battery quirk (git-fixes). - HID: add support for Sega Saturn (git-fixes). - HID: cypress: Support Varmilo Keyboards' media hotkeys (git-fixes). - HID: hid-sensor-hub: Fix issue with devices with no report ID (git-fixes). - HID: i2c-hid: add Vero K147 to descriptor override (git-fixes). - HID: ite: Replace ABS_MISC 120/121 events with touchpad on/off keypresses (git-fixes). - HID: logitech-hidpp: Add HIDPP_CONSUMER_VENDOR_KEYS quirk for the Dinovo Edge (git-fixes). - HID: uclogic: Add ID for Trust Flex Design Tablet (git-fixes). - HMAT: Register memory-side cache after parsing (bsc#1178660). - HMAT: Skip publishing target info for nodes with no online memory (bsc#1178660). - HSI: omap_ssi: Do not jump to free ID in ssi_add_controller() (git-fixes). - i2c: qup: Fix error return code in qup_i2c_bam_schedule_desc() (git-fixes). - IB/isert: Fix unaligned immediate-data handling (bsc#1152489) - IB/mlx4: Add and improve logging (bsc#1152489) - IB/mlx4: Add support for MRA (bsc#1152489) - IB/mlx4: Adjust delayed work when a dup is observed (bsc#1152489) - IB/mlx4: Fix starvation in paravirt mux/demux (bsc#1152489) - IB/mthca: fix return value of error branch in mthca_init_cq() (bsc#1152489) - IB/rdmavt: Fix sizeof mismatch (bsc#1152489) - IB/srpt: Fix memory leak in srpt_add_one (bsc#1152489) - IB/uverbs: Set IOVA on IB MR in uverbs layer (bsc#1152489) - ibmvnic: add some debugs (bsc#1179896 ltc#190255). - ibmvnic: avoid memset null scrq msgs (bsc#1044767 ltc#155231 git-fixes). - ibmvnic: continue fatal error reset after passive init (bsc#1171078 ltc#184239 git-fixes). - ibmvnic: delay next reset if hard reset fails (bsc#1094840 ltc#167098 git-fixes). - ibmvnic: enhance resetting status check during module exit (bsc#1065729). - ibmvnic: fix call_netdevice_notifiers in do_reset (bsc#1115431 ltc#171853 git-fixes). - ibmvnic: fix NULL pointer dereference in reset_sub_crq_queues (bsc#1040855 ltc#155067 git-fixes). - ibmvnic: fix: NULL pointer dereference (bsc#1044767 ltc#155231 git-fixes). - ibmvnic: notify peers when failover and migration happen (bsc#1044120 ltc#155423 git-fixes). - ibmvnic: restore adapter state on failed reset (bsc#1152457 ltc#174432 git-fixes). - iio: adc: rockchip_saradc: fix missing clk_disable_unprepare() on error in rockchip_saradc_resume (git-fixes). - iio: buffer: Fix demux update (git-fixes). - iio:adc:ti-ads124s08: Fix alignment and data leak issues (git-fixes). - iio:adc:ti-ads124s08: Fix buffer being too long (git-fixes). - iio:imu:bmi160: Fix too large a buffer (git-fixes). - iio:light:rpr0521: Fix timestamp alignment and prevent data leak (git-fixes). - iio:light:st_uvis25: Fix timestamp alignment and prevent data leak (git-fixes). - iio:magnetometer:mag3110: Fix alignment and data leak issues (git-fixes). - iio:pressure:mpl3115: Force alignment of buffer (git-fixes). - inet_ecn: Fix endianness of checksum update when setting ECT(1) (git-fixes). - Input: ads7846 - fix integer overflow on Rt calculation (git-fixes). - Input: ads7846 - fix race that causes missing releases (git-fixes). - Input: ads7846 - fix unaligned access on 7845 (git-fixes). - Input: cm109 - do not stomp on control URB (git-fixes). - Input: cros_ec_keyb - send 'scancodes' in addition to key events (git-fixes). - Input: cyapa_gen6 - fix out-of-bounds stack access (git-fixes). - Input: goodix - add upside-down quirk for Teclast X98 Pro tablet (git-fixes). - Input: i8042 - add Acer laptops to the i8042 reset list (git-fixes). - Input: i8042 - add ByteSpeed touchpad to noloop table (git-fixes). - Input: i8042 - allow insmod to succeed on devices without an i8042 controller (git-fixes). - Input: i8042 - fix error return code in i8042_setup_aux() (git-fixes). - Input: omap4-keypad - fix runtime PM error handling (git-fixes). - Input: xpad - support Ardwiino Controllers (git-fixes). - iomap: Clear page error before beginning a write (bsc#1179683). - iomap: Mark read blocks uptodate in write_begin (bsc#1179684). - iomap: Set all uptodate bits for an Uptodate page (bsc#1179685). - iommu/amd: Set DTE[IntTabLen] to represent 512 IRTEs (bsc#1179652). - iwlwifi: mvm: fix kernel panic in case of assert during CSA (git-fixes). - iwlwifi: mvm: hook up missing RX handlers (git-fixes). - iwlwifi: pcie: add one missing entry for AX210 (git-fixes). - iwlwifi: pcie: limit memory read spin time (git-fixes). - jbd2: fix up sparse warnings in checkpoint code (bsc#1179707). - kABI workaround for HD-audio generic parser (git-fixes). - kABI workaround for USB audio driver (bsc#1178203). - kABI: genirq: add back irq_create_mapping (bsc#1065729). - kernel/cpu: add arch override for clear_tasks_mm_cpumask() mm handling (bsc#1055117 ltc#159753 git-fixes bsc#1179888 ltc#190253). - KVM: PPC: Book3S HV: XIVE: Fix possible oops when accessing ESB page (bsc#1156395). - lan743x: fix for potential NULL pointer dereference with bare card (git-fixes). - libfs: fix error cast of negative value in simple_attr_write() (bsc#1179709). - locking/percpu-rwsem: Use this_cpu_{inc,dec}() for read_count (bsc#1149032). - mac80211: do not set set TDLS STA bandwidth wider than possible (git-fixes). - mac80211: mesh: fix mesh_pathtbl_init() error path (git-fixes). - md-cluster: fix rmmod issue when md_cluster convert bitmap to none (bsc#1163727). - md-cluster: fix safemode_delay value when converting to clustered bitmap (bsc#1163727). - md-cluster: fix wild pointer of unlock_all_bitmaps() (bsc#1163727). - md/bitmap: fix memory leak of temporary bitmap (bsc#1163727). - md/bitmap: md_bitmap_get_counter returns wrong blocks (bsc#1163727). - md/bitmap: md_bitmap_read_sb uses wrong bitmap blocks (bsc#1163727). - md/cluster: block reshape with remote resync job (bsc#1163727). - md/cluster: fix deadlock when node is doing resync job (bsc#1163727). - media: gspca: Fix memory leak in probe (git-fixes). - media: imx214: Fix stop streaming (git-fixes). - media: ipu3-cio2: Make the field on subdev format V4L2_FIELD_NONE (git-fixes). - media: ipu3-cio2: Remove traces of returned buffers (git-fixes). - media: ipu3-cio2: Return actual subdev format (git-fixes). - media: ipu3-cio2: Serialise access to pad format (git-fixes). - media: ipu3-cio2: Validate mbus format in setting subdev format (git-fixes). - media: max2175: fix max2175_set_csm_mode() error code (git-fixes). - media: msi2500: assign SPI bus number dynamically (git-fixes). - media: mtk-vcodec: add missing put_device() call in mtk_vcodec_init_dec_pm() (git-fixes). - media: mtk-vcodec: add missing put_device() call in mtk_vcodec_init_enc_pm() (git-fixes). - media: mtk-vcodec: add missing put_device() call in mtk_vcodec_release_dec_pm() (git-fixes). - media: saa7146: fix array overflow in vidioc_s_audio() (git-fixes). - media: siano: fix memory leak of debugfs members in smsdvb_hotplug (git-fixes). - media: solo6x10: fix missing snd_card_free in error handling case (git-fixes). - media: sunxi-cir: ensure IR is handled when it is continuous (git-fixes). - media: tm6000: Fix sizeof() mismatches (git-fixes). - media: uvcvideo: Accept invalid bFormatIndex and bFrameIndex values (bsc#1180117). - memstick: fix a double-free bug in memstick_check (git-fixes). - memstick: r592: Fix error return in r592_probe() (git-fixes). - mfd: rt5033: Fix errorneous defines (git-fixes). - mm,memory_failure: always pin the page in madvise_inject_error (bsc#1180258). - mm/error_inject: Fix allow_error_inject function signatures (bsc#1179710). - mm/memory-failure: Add memory_failure_queue_kick() (jsc#SLE-16610). - mm/memory_hotplug: shrink zones when offlining memory (bsc#1177679). - mm/userfaultfd: do not access vma->vm_mm after calling handle_userfault() (bsc#1179204). - mm: memcg: fix memcg reclaim soft lockup (VM Functionality, bsc#1180056). - mmc: block: Fixup condition for CMD13 polling for RPMB requests (git-fixes). - mmc: pxamci: Fix error return code in pxamci_probe (git-fixes). - mtd: rawnand: gpmi: fix reference count leak in gpmi ops (git-fixes). - mtd: rawnand: gpmi: Fix the random DMA timeout issue (git-fixes). - mtd: rawnand: meson: Fix a resource leak in init (git-fixes). - mtd: rawnand: meson: fix meson_nfc_dma_buffer_release() arguments (git-fixes). - mtd: rawnand: qcom: Fix DMA sync on FLASH_STATUS register read (git-fixes). - mtd: spinand: Fix OOB read (git-fixes). - mwifiex: fix mwifiex_shutdown_sw() causing sw reset failure (git-fixes). - net/x25: prevent a couple of overflows (bsc#1178590). - net: sctp: Rename fallthrough label to unhandled (bsc#1178203). - nfc: s3fwrn5: Release the nfc firmware (git-fixes). - nvme-fabrics: allow to queue requests for live queues (git-fixes). - nvme-fabrics: do not check state NVME_CTRL_NEW for request acceptance (bsc#1179519). - nvme-fc: avoid calling _nvme_fc_abort_outstanding_ios from interrupt context (bsc#1177326). - nvme-fc: cancel async events before freeing event struct (git-fixes). - nvme-fc: eliminate terminate_io use by nvme_fc_error_recovery (bsc#1177326). - nvme-fc: fix error loop in create_hw_io_queues (git-fixes). - nvme-fc: fix io timeout to abort I/O (bsc#1177326). - nvme-fc: remove err_work work item (bsc#1177326). - nvme-fc: remove nvme_fc_terminate_io() (bsc#1177326). - nvme-fc: shorten reconnect delay if possible for FC (git-fixes). - nvme-fc: track error_recovery while connecting (bsc#1177326). - nvme-fc: wait for queues to freeze before calling (git-fixes). - nvme-multipath: fix deadlock between ana_work and scan_work (git-fixes). - nvme-multipath: fix deadlock due to head->lock (git-fixes). - nvme-pci: properly print controller address (git-fixes). - nvme-rdma: avoid race between time out and tear down (bsc#1179519). - nvme-rdma: avoid repeated request completion (bsc#1179519). - nvme-rdma: cancel async events before freeing event struct (git-fixes). - nvme-rdma: fix controller reset hang during traffic (bsc#1179519). - nvme-rdma: fix reset hang if controller died in the middle of a reset (bsc#1179519). - nvme-rdma: fix timeout handler (bsc#1179519). - nvme-rdma: handle unexpected nvme completion data length (bsc#1178612). - nvme-rdma: serialize controller teardown sequences (bsc#1179519). - nvme-tcp: avoid race between time out and tear down (bsc#1179519). - nvme-tcp: avoid repeated request completion (bsc#1179519). - nvme-tcp: avoid scheduling io_work if we are already polling (bsc#1179519). - nvme-tcp: break from io_work loop if recv failed (bsc#1179519). - nvme-tcp: cancel async events before freeing event struct (git-fixes). - nvme-tcp: do not poll a non-live queue (bsc#1179519). - nvme-tcp: fix controller reset hang during traffic (bsc#1179519). - nvme-tcp: fix possible crash in recv error flow (bsc#1179519). - nvme-tcp: fix possible leakage during error flow (git-fixes). - nvme-tcp: fix reset hang if controller died in the middle of a reset (bsc#1179519). - nvme-tcp: fix timeout handler (bsc#1179519). - nvme-tcp: have queue prod/cons send list become a llist (bsc#1179519). - nvme-tcp: leverage request plugging (bsc#1179519). - nvme-tcp: move send failure to nvme_tcp_try_send (bsc#1179519). - nvme-tcp: optimize network stack with setting msg flags (bsc#1179519). - nvme-tcp: optimize queue io_cpu assignment for multiple queue (git-fixes). - nvme-tcp: serialize controller teardown sequences (bsc#1179519). - nvme-tcp: set MSG_SENDPAGE_NOTLAST with MSG_MORE when we have (bsc#1179519). - nvme-tcp: try to send request in queue_rq context (bsc#1179519). - nvme-tcp: use bh_lock in data_ready (bsc#1179519). - nvme: do not protect ns mutation with ns->head->lock (git-fixes). - nvme: have nvme_wait_freeze_timeout return if it timed out (bsc#1179519). - nvme: introduce nvme_sync_io_queues (bsc#1179519). - nvme: Revert: Fix controller creation races with teardown (git-fixes). - nvmet-fc: fix missing check for no hostport struct (bsc#1176942). - nvmet-tcp: fix maxh2cdata icresp parameter (bsc#1179892). - ocfs2: fix unbalanced locking (bsc#1180506). - orinoco: Move context allocation after processing the skb (git-fixes). - PCI: brcmstb: Initialize "tmp" before use (git-fixes). - PCI: Fix overflow in command-line resource alignment requests (git-fixes). - PCI: Fix pci_slot_release() NULL pointer dereference (git-fixes). - PCI: iproc: Fix out-of-bound array accesses (git-fixes). - pinctrl: amd: remove debounce filter setting in IRQ type setting (git-fixes). - pinctrl: aspeed: Fix GPIO requests on pass-through banks (git-fixes). - pinctrl: baytrail: Avoid clearing debounce value when turning it off (git-fixes). - pinctrl: falcon: add missing put_device() call in pinctrl_falcon_probe() (git-fixes). - pinctrl: merrifield: Set default bias in case no particular value given (git-fixes). - platform/chrome: cros_ec_spi: Do not overwrite spi::mode (git-fixes). - platform/x86: acer-wmi: add automatic keyboard background light toggle key as KEY_LIGHTS_TOGGLE (git-fixes). - platform/x86: dell-smbios-base: Fix error return code in dell_smbios_init (git-fixes). - platform/x86: intel-vbtn: Allow switch events on Acer Switch Alpha 12 (git-fixes). - platform/x86: intel-vbtn: Support for tablet mode on HP Pavilion 13 x360 PC (git-fixes). - platform/x86: mlx-platform: Fix item counter assignment for MSN2700, MSN24xx systems (git-fixes). - platform/x86: mlx-platform: remove an unused variable (git-fixes). - platform/x86: mlx-platform: Remove PSU EEPROM from default platform configuration (git-fixes). - platform/x86: mlx-platform: Remove PSU EEPROM from MSN274x platform configuration (git-fixes). - platform/x86: thinkpad_acpi: Add BAT1 is primary battery quirk for Thinkpad Yoga 11e 4th gen (git-fixes). - platform/x86: thinkpad_acpi: Do not report SW_TABLET_MODE on Yoga 11e (git-fixes). - platform/x86: touchscreen_dmi: Add info for the Irbis TW118 tablet (git-fixes). - power: supply: axp288_charger: Fix HP Pavilion x2 10 DMI matching (git-fixes). - power: supply: bq24190_charger: fix reference leak (git-fixes). - powerpc/64: Set up a kernel stack for secondaries before cpu_restore() (bsc#1065729). - powerpc/64s/powernv: Fix memory corruption when saving SLB entries on MCE (jsc#SLE-9246 git-fixes). - powerpc/64s/pseries: Fix hash tlbiel_all_isa300 for guest kernels (bsc#1179888 ltc#190253). - powerpc/64s: Fix allnoconfig build since uaccess flush (bsc#1177666 git-fixes). - powerpc/64s: Fix hash ISA v3.0 TLBIEL instruction generation (bsc#1055117 ltc#159753 git-fixes bsc#1179888 ltc#190253). - powerpc/64s: Trim offlined CPUs from mm_cpumasks (bsc#1055117 ltc#159753 git-fixes bsc#1179888 ltc#190253). - powerpc/bitops: Fix possible undefined behaviour with fls() and fls64() (bsc#1156395). - powerpc/eeh_cache: Fix a possible debugfs deadlock (bsc#1156395). - powerpc/numa: Fix a regression on memoryless node 0 (bsc#1179639 ltc#189002). - powerpc/pci: Remove LSI mappings on device teardown (bsc#1172145 ltc#184630). - powerpc/perf: Fix crash with is_sier_available when pmu is not set (bsc#1179578 ltc#189313). - powerpc/pseries/hibernation: remove redundant cacheinfo update (bsc#1138374 ltc#178199 git-fixes). - powerpc/pseries: Pass MSI affinity to irq_create_mapping() (bsc#1065729). - powerpc/smp: Add __init to init_big_cores() (bsc#1109695 ltc#171067 git-fixes). - powerpc/xmon: Change printk() to pr_cont() (bsc#1065729). - powerpc: Avoid broken GCC __attribute__((optimize)) (bsc#1156395). - powerpc: Fix incorrect stw{, ux, u, x} instructions in __set_pte_at (bsc#1065729). - pwm: lp3943: Dynamically allocate PWM chip base (git-fixes). - pwm: zx: Add missing cleanup in error path (git-fixes). - qede: Notify qedr when mtu has changed (bsc#1152489) - qtnfmac: fix error return code in qtnf_pcie_probe() (git-fixes). - quota: clear padding in v2r1_mem2diskdqb() (bsc#1179714). - RDMA/addr: Fix race with netevent_callback()/rdma_addr_cancel() (bsc#1152489) - RDMA/bnxt_re: Do not add user qps to flushlist (bsc#1152489) - RDMA/bnxt_re: Fix sizeof mismatch for allocation of pbl_tbl. (bsc#1152489) - RDMA/core: Fix bogus WARN_ON during ib_unregister_device_queued() (bsc#1152489) - RDMA/core: Fix reported speed and width (bsc#1152489) - RDMA/core: Fix return error value in _ib_modify_qp() to negative (bsc#1152489) - RDMA/core: Free DIM memory in error unwind (bsc#1152489) - RDMA/core: Stop DIM before destroying CQ (bsc#1152489) - RDMA/counter: Allow manually bind QPs with different pids to same counter (bsc#1152489) - RDMA/counter: Only bind user QPs in auto mode (bsc#1152489) - RDMA/hns: Add check for the validity of sl configuration (bsc#1152489) - RDMA/hns: Bugfix for memory window mtpt configuration (bsc#1152489) - RDMA/hns: Correct typo of hns_roce_create_cq() (bsc#1152489) - RDMA/hns: Fix missing sq_sig_type when querying QP (bsc#1152489) - RDMA/hns: Set the unsupported wr opcode (bsc#1152489) - RDMA/ipoib: Set rtnl_link_ops for ipoib interfaces (bsc#1152489) - RDMA/mlx5: Disable IB_DEVICE_MEM_MGT_EXTENSIONS if IB_WR_REG_MR can't work (bsc#1152489) - RDMA/netlink: Remove CAP_NET_RAW check when dump a raw QP (bsc#1152489) - RDMA/pvrdma: Fix missing kfree() in pvrdma_register_device() (bsc#1152489) - RDMA/qedr: Endianness warnings cleanup (bsc#1152489) - RDMA/qedr: Fix doorbell setting (bsc#1152489) - RDMA/qedr: Fix inline size returned for iWARP (bsc#1152489) - RDMA/qedr: Fix iWARP active mtu display (bsc#1152489) - RDMA/qedr: Fix memory leak in iWARP CM (bsc#1152489) - RDMA/qedr: Fix qp structure memory leak (bsc#1152489) - RDMA/qedr: Fix resource leak in qedr_create_qp (bsc#1152489) - RDMA/qedr: Fix use of uninitialized field (bsc#1152489) - RDMA/qedr: SRQ's bug fixes (bsc#1152489) - RDMA/rxe: Drop pointless checks in rxe_init_ports (bsc#1152489) - RDMA/rxe: Fix memleak in rxe_mem_init_user (bsc#1152489) - RDMA/rxe: Fix skb lifetime in rxe_rcv_mcast_pkt() (bsc#1152489) - RDMA/rxe: Fix the parent sysfs read when the interface has 15 chars (bsc#1152489) - RDMA/rxe: Handle skb_clone() failure in rxe_recv.c (bsc#1152489) - RDMA/rxe: Prevent access to wr->next ptr afrer wr is posted to send queue (bsc#1152489) - RDMA/rxe: Remove unused rxe_mem_map_pages (bsc#1152489) - RDMA/rxe: Return void from rxe_init_port_param() (bsc#1152489) - RDMA/rxe: Return void from rxe_mem_init_dma() (bsc#1152489) - RDMA/rxe: Skip dgid check in loopback mode (bsc#1152489) - RDMA/srpt: Fix typo in srpt_unregister_mad_agent docstring (bsc#1152489) - RDMA/umem: Fix ib_umem_find_best_pgsz() for mappings that cross a page boundary (bsc#1152489) - RDMA/umem: Prevent small pages from being returned by ib_umem_find_best_pgsz() (bsc#1152489) - Re-import the upstream uvcvideo fix; one more fix will be added later (bsc#1180117) - regmap: Remove duplicate `type` field from regmap `regcache_sync` trace event (git-fixes). - regulator: axp20x: Fix DLDO2 voltage control register mask for AXP22x (git-fixes). - regulator: mcp16502: add linear_min_sel (git-fixes). - reiserfs: Fix oops during mount (bsc#1179715). - reiserfs: Initialize inode keys properly (bsc#1179713). - remoteproc: q6v5-mss: fix error handling in q6v5_pds_enable (git-fixes). - remoteproc: qcom: Fix potential NULL dereference in adsp_init_mmio() (git-fixes). - remoteproc: qcom: fix reference leak in adsp_start (git-fixes). - rsi: fix error return code in rsi_reset_card() (git-fixes). - rtc: ep93xx: Fix NULL pointer dereference in ep93xx_rtc_read_time (git-fixes). - rtc: hym8563: enable wakeup when applicable (git-fixes). - rtw88: debug: Fix uninitialized memory in debugfs code (git-fixes). - s390/cpuinfo: show processor physical address (git-fixes). - s390/pci: fix CPU address in MSI for directed IRQ (git-fixes). - s390/qeth: delay draining the TX buffers (git-fixes). - s390/qeth: fix af_iucv notification race (git-fixes). - s390/qeth: fix tear down of async TX buffers (git-fixes). - s390/qeth: make af_iucv TX notification call more robust (bsc#1179604 LTC#190151). - s390: add 3f program exception handler (git-fixes). - samples/bpf: Remove unused test_ipip.sh (bsc#1155518). - samples: bpf: Refactor test_cgrp2_sock2 program with libbpf (bsc#1155518). - sched/fair: Fix overutilized update in enqueue_task_fair() (git-fixes) - sched/fair: Fix race between runtime distribution and (git-fixes) - sched/fair: Fix wrong cpu selecting from isolated domain (git-fixes) - sched/fair: Refill bandwidth before scaling (git-fixes) - sched: correct SD_flags returned by tl->sd_flags() (git-fixes) - scsi: core: Fix VPD LUN ID designator priorities (bsc#1178049). - scsi: core: Return BLK_STS_AGAIN for ALUA transitioning (bsc#1165933, bsc#1171000). - scsi: fnic: Avoid looping in TRANS ETH on unload (bsc#1175079). - scsi: fnic: Change shost_printk() to FNIC_FCS_DBG() (bsc#1175079). - scsi: fnic: Change shost_printk() to FNIC_MAIN_DBG() (bsc#1175079). - scsi: fnic: Set scsi_set_resid() only for underflow (bsc#1175079). - scsi: fnic: Validate io_req before others (bsc#1175079). - scsi: lpfc: Add FDMI Vendor MIB support (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Convert abort handling to SLI-3 and SLI-4 handlers (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Convert SCSI I/O completions to SLI-3 and SLI-4 handlers (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Convert SCSI path to use common I/O submission path (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Correct null ndlp reference on routine exit (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Drop nodelist reference on error in lpfc_gen_req() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Enable common send_io interface for SCSI and NVMe (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Enable common wqe_template support for both SCSI and NVMe (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Enlarge max_sectors in scsi host templates (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Extend the RDF FPIN Registration descriptor for additional events (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix duplicate wq_create_version check (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix fall-through warnings for Clang (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix FLOGI/PLOGI receive race condition in pt2pt discovery (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix initial FLOGI failure due to BBSCN not supported (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix invalid sleeping context in lpfc_sli4_nvmet_alloc() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix memory leak on lcb_context (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix missing prototype for lpfc_nvmet_prep_abort_wqe() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix missing prototype warning for lpfc_fdmi_vendor_attr_mi() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix NPIV discovery and Fabric Node detection (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix NPIV Fabric Node reference counting (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix pointer defereference before it is null checked issue (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix refcounting around SCSI and NVMe transport APIs (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix removal of SCSI transport device get and put on dev structure (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix scheduling call while in softirq context in lpfc_unreg_rpi (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix set but not used warnings from Rework remote port lock handling (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix set but unused variables in lpfc_dev_loss_tmo_handler() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix spelling mistake "Cant" -> "Can't" (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Fix variable 'vport' set but not used in lpfc_sli4_abts_err_handler() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_attr: Demote kernel-doc format for redefined functions (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_attr: Fix-up a bunch of kernel-doc misdemeanours (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_bsg: Provide correct documentation for a bunch of functions (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_debugfs: Fix a couple of function documentation issues (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_nvme: Fix some kernel-doc related issues (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_nvme: Remove unused variable 'phba' (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_nvmet: Fix-up some formatting and doc-rot issues (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: lpfc_scsi: Fix a whole host of kernel-doc issues (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Re-fix use after free in lpfc_rq_buf_free() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Refactor WQE structure definitions for common use (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Reject CT request for MIB commands (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Remove dead code on second !ndlp check (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Remove ndlp when a PLOGI/ADISC/PRLI/REG_RPI ultimately fails (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Remove set but not used 'qp' (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Remove unneeded variable 'status' in lpfc_fcp_cpu_map_store() (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Removed unused macros in lpfc_attr.c (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Rework locations of ndlp reference taking (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Rework remote port lock handling (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Rework remote port ref counting and node freeing (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Unsolicited ELS leaves node in incorrect state while dropping it (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Update changed file copyrights for 2020 (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Update lpfc version to 12.8.0.4 (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Update lpfc version to 12.8.0.5 (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Update lpfc version to 12.8.0.6 (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: lpfc: Use generic power management (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: mpt3sas: A small correction in _base_process_reply_queue (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Add bypass_dirty_port_flag parameter (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Add functions to check if any cmd is outstanding on Target and LUN (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Add module parameter multipath_on_hba (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Allocate memory for hba_port objects (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Bump driver version to 35.101.00.00 (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Cancel the running work during host reset (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Capture IOC data for debugging purposes (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Define hba_port structure (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Detect tampered Aero and Sea adapters (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Disable DIF when prot_mask set to zero (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Do not call disable_irq from IRQ poll handler (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Do not change the DMA coherent mask after allocations (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Dump system registers for debugging (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Fix double free warnings (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Fix error returns in BRM_status_show (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Fix memset() in non-RDPQ mode (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Fix reply queue count in non RDPQ mode (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Fix set but unused variable (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Fix sync irqs (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Fix unlock imbalance (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Get device objects using sas_address & portID (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Get sas_device objects using device's rphy (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Handle RDPQ DMA allocation in same 4G region (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Handle vSES vphy object during HBA reset (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Handling HBA vSES device (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Memset config_cmds.reply buffer with zeros (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Postprocessing of target and LUN reset (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Rearrange _scsih_mark_responding_sas_device() (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Remove NULL check before freeing function (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Remove pci-dma-compat wrapper API (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Remove superfluous memset() (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Rename and export interrupt mask/unmask functions (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Rename function name is_MSB_are_same (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Rename transport_del_phy_from_an_existing_port() (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Separate out RDPQ allocation to new function (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Set valid PhysicalPort in SMPPassThrough (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Update driver version to 35.100.00.00 (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Update hba_port objects after host reset (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Update hba_port's sas_address & phy_mask (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Update mpt3sas version to 33.101.00.00 (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: Use true, false for ioc->use_32bit_dma (jsc#SLE-16914, bsc#1177733). - scsi: mpt3sas: use true,false for bool variables (jsc#SLE-16914, bsc#1177733). - scsi: qla2xxx: Change post del message from debug level to log level (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Convert to DEFINE_SHOW_ATTRIBUTE (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Do not check for fw_started while posting NVMe command (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Do not consume srb greedily (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Drop TARGET_SCF_LOOKUP_LUN_FROM_TAG (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix compilation issue in PPC systems (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix crash during driver load on big endian machines (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix device loss on 4G and older HBAs (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix flash update in 28XX adapters on big endian machines (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix FW initialization error on big endian machines (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix N2N and NVMe connect retry failure (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix return of uninitialized value in rval (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Fix the call trace for flush workqueue (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Handle aborts correctly for port undergoing deletion (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Handle incorrect entry_type entries (bsc#1171688 bsc#1172733). - scsi: qla2xxx: If fcport is undergoing deletion complete I/O with retry (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Initialize variable in qla8044_poll_reg() (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Limit interrupt vectors to number of CPUs (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Move sess cmd list/lock to driver (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Remove in_interrupt() from qla82xx-specific code (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Remove in_interrupt() from qla83xx-specific code (bsc#1171688 bsc#1172733). - scsi: qla2xxx: remove incorrect sparse #ifdef (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Return EBUSY on fcport deletion (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Tear down session if FW say it is down (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Update version to 10.02.00.104-k (bsc#1171688 bsc#1172733). - scsi: qla2xxx: Use constant when it is known (bsc#1171688 bsc#1172733). - scsi: Remove unneeded break statements (bsc#1175480 bsc#1176396 bsc#1176942 bsc#1177500). - scsi: storvsc: Fix error return in storvsc_probe() (git-fixes). - scsi: target: tcm_qla2xxx: Remove BUG_ON(in_interrupt()) (bsc#1171688 bsc#1172733). - scsi_dh_alua: return BLK_STS_AGAIN for ALUA transitioning state (bsc#1165933, bsc#1171000). - scsi_dh_alua: set 'transitioning' state on unit attention (bsc#1171000, bsc#1165933). - selftest/bpf: Add missed ip6ip6 test back (bsc#1155518). - selftests/bpf/test_offload.py: Reset ethtool features after failed setting (bsc#1155518). - selftests/bpf: Fix invalid use of strncat in test_sockmap (bsc#1155518). - selftests/bpf: Print reason when a tester could not run a program (bsc#1155518). - serial: 8250_omap: Avoid FIFO corruption caused by MDR1 access (git-fixes). - serial_core: Check for port state when tty is in error state (git-fixes). - slimbus: qcom-ngd-ctrl: Avoid sending power requests without QMI (git-fixes). - soc/tegra: fuse: Fix index bug in get_process_id (git-fixes). - soc: amlogic: canvas: add missing put_device() call in meson_canvas_get() (git-fixes). - soc: fsl: dpio: Get the cpumask through cpumask_of(cpu) (git-fixes). - soc: mediatek: Check if power domains can be powered on at boot time (git-fixes). - soc: qcom: geni: More properly switch to DMA mode (git-fixes). - soc: qcom: smp2p: Safely acquire spinlock without IRQs (git-fixes). - soc: renesas: rmobile-sysc: Fix some leaks in rmobile_init_pm_domains() (git-fixes). - soc: ti: Fix reference imbalance in knav_dma_probe (git-fixes). - soc: ti: knav_qmss: fix reference leak in knav_queue_probe (git-fixes). - speakup: fix uninitialized flush_lock (git-fixes). - spi: atmel-quadspi: Disable clock in probe error path (git-fixes). - spi: atmel-quadspi: Fix AHB memory accesses (git-fixes). - spi: bcm63xx-hsspi: fix missing clk_disable_unprepare() on error in bcm63xx_hsspi_resume (git-fixes). - spi: davinci: Fix use-after-free on unbind (git-fixes). - spi: fix resource leak for drivers without .remove callback (git-fixes). - spi: img-spfi: fix reference leak in img_spfi_resume (git-fixes). - spi: mt7621: Disable clock in probe error path (git-fixes). - spi: mt7621: fix missing clk_disable_unprepare() on error in mt7621_spi_probe (git-fixes). - spi: mxs: fix reference leak in mxs_spi_probe (git-fixes). - spi: pic32: Do not leak DMA channels in probe error path (git-fixes). - spi: spi-mem: Fix passing zero to 'PTR_ERR' warning (git-fixes). - spi: spi-mem: fix reference leak in spi_mem_access_start (git-fixes). - spi: spi-nxp-fspi: fix fspi panic by unexpected interrupts (git-fixes). - spi: spi-ti-qspi: fix reference leak in ti_qspi_setup (git-fixes). - spi: sprd: fix reference leak in sprd_spi_remove (git-fixes). - spi: st-ssc4: Fix unbalanced pm_runtime_disable() in probe error path (git-fixes). - spi: stm32: fix reference leak in stm32_spi_resume (git-fixes). - spi: synquacer: Disable clock in probe error path (git-fixes). - spi: tegra114: fix reference leak in tegra spi ops (git-fixes). - spi: tegra20-sflash: fix reference leak in tegra_sflash_resume (git-fixes). - spi: tegra20-slink: fix reference leak in slink ops of tegra20 (git-fixes). - staging: comedi: mf6x4: Fix AI end-of-conversion detection (git-fixes). - staging: olpc_dcon: Do not call platform_device_unregister() in dcon_probe() (git-fixes). - thunderbolt: Fix use-after-free in remove_unplugged_switch() (git-fixes). - tty: Fix ->pgrp locking in tiocspgrp() (git-fixes). - tty: Fix ->session locking (bsc#1179745). - ubifs: dent: Fix some potential memory leaks while iterating entries (bsc#1179703). - ubifs: Do not parse authentication mount options in remount process (bsc#1179688). - ubifs: Fix a memleak after dumping authentication mount options (bsc#1179687). - ubifs: Fix wrong orphan node deletion in ubifs_jnl_update|rename (bsc#1179675). - ubifs: journal: Make sure to not dirty twice for auth nodes (bsc#1179704). - ubifs: mount_ubifs: Release authentication resource in error handling path (bsc#1179689). - ubifs: xattr: Fix some potential memory leaks while iterating entries (bsc#1179690). - udf: Fix memory leak when mounting (bsc#1179712). - usb/max3421: fix return error code in max3421_probe() (git-fixes). - usb: add RESET_RESUME quirk for Snapscan 1212 (git-fixes). - usb: chipidea: ci_hdrc_imx: Pass DISABLE_DEVICE_STREAMING flag to imx6ul (git-fixes). - usb: ehci-omap: Fix PM disable depth umbalance in ehci_hcd_omap_probe (git-fixes). - usb: gadget: f_acm: add support for SuperSpeed Plus (git-fixes). - usb: gadget: f_fs: Re-use SS descriptors for SuperSpeedPlus (git-fixes). - usb: gadget: f_fs: Use local copy of descriptors for userspace copy (git-fixes). - usb: gadget: f_midi: setup SuperSpeed Plus descriptors (git-fixes). - usb: gadget: f_rndis: fix bitrate for SuperSpeed and above (git-fixes). - usb: host: ehci-tegra: Fix error handling in tegra_ehci_probe() (git-fixes). - usb: mtu3: fix memory corruption in mtu3_debugfs_regset() (git-fixes). - usb: oxu210hp-hcd: Fix memory leak in oxu_create (git-fixes). - usb: quirks: Add USB_QUIRK_DISCONNECT_SUSPEND quirk for Lenovo A630Z TIO built-in usb-audio card (git-fixes). - usb: serial: ch341: add new Product ID for CH341A (git-fixes). - usb: serial: ch341: sort device-id entries (git-fixes). - usb: serial: digi_acceleport: fix write-wakeup deadlocks (git-fixes). - usb: serial: keyspan_pda: fix dropped unthrottle interrupts (git-fixes). - usb: serial: keyspan_pda: fix stalled writes (git-fixes). - usb: serial: keyspan_pda: fix tx-unthrottle use-after-free (git-fixes). - usb: serial: keyspan_pda: fix write deadlock (git-fixes). - usb: serial: keyspan_pda: fix write unthrottling (git-fixes). - usb: serial: keyspan_pda: fix write-wakeup use-after-free (git-fixes). - usb: serial: kl5kusb105: fix memleak on open (git-fixes). - usb: serial: mos7720: fix parallel-port state restore (git-fixes). - usb: serial: option: add Fibocom NL668 variants (git-fixes). - usb: serial: option: add interface-number sanity check to flag handling (git-fixes). - usb: serial: option: add support for Thales Cinterion EXS82 (git-fixes). - usb: serial: option: fix Quectel BG96 matching (git-fixes). - usb: UAS: introduce a quirk to set no_write_same (git-fixes). - usbnet: ipheth: fix connectivity with iOS 14 (git-fixes). - video: fbdev: radeon: Fix memleak in radeonfb_pci_register (bsc#1152472) - video: fbdev: sis: fix null ptr dereference (bsc#1152472) - watchdog: armada_37xx: Add missing dependency on HAS_IOMEM (git-fixes). - watchdog: coh901327: add COMMON_CLK dependency (git-fixes). - watchdog: Fix potential dereferencing of null pointer (git-fixes). - watchdog: qcom: Avoid context switch in restart handler (git-fixes). - watchdog: sirfsoc: Add missing dependency on HAS_IOMEM (git-fixes). - watchdog: sprd: change to use usleep_range() instead of busy loop (git-fixes). - watchdog: sprd: check busy bit before new loading rather than after that (git-fixes). - watchdog: sprd: remove watchdog disable from resume fail path (git-fixes). - wimax: fix duplicate initializer warning (git-fixes). - x86/apic/vector: Fix ordering in vector assignment (bsc#1156315). - x86/CPU/AMD: Remove amd_get_nb_id() (bsc#1152489). - x86/CPU/AMD: Save AMD NodeId as cpu_die_id (bsc#1152489). - x86/ima: use correct identifier for SetupMode variable (bsc#1152489). - x86/insn-eval: Use new for_each_insn_prefix() macro to loop over prefixes bytes (bsc#1152489). - x86/mce: Do not overwrite no_way_out if mce_end() fails (bsc#1152489). - x86/mm/ident_map: Check for errors from ident_pud_init() (bsc#1152489). - x86/mm/mem_encrypt: Fix definition of PMD_FLAGS_DEC_WP (bsc#1152489). - x86/resctrl: Add necessary kernfs_put() calls to prevent refcount leak (bsc#1152489). - x86/resctrl: Fix AMD L3 QOS CDP enable/disable (bsc#1152489). - x86/resctrl: Fix incorrect local bandwidth when mba_sc is enabled (bsc#1152489). - x86/resctrl: Remove superfluous kernfs_get() calls to prevent refcount leak (bsc#1152489). - x86/resctrl: Remove unused struct mbm_state::chunks_bw (bsc#1152489). - x86/speculation: Fix prctl() when spectre_v2_user={seccomp,prctl},ibpb (bsc#1152489). - x86/topology: Set cpu_die_id only if DIE_TYPE found (bsc#1152489). - x86/uprobes: Do not use prefixes.nbytes when looping over prefixes.bytes (bsc#1152489). - xhci-pci: Allow host runtime PM as default for Intel Alpine Ridge LP (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2021-117=1 - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2021-117=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP2: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2021-117=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-117=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-117=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-117=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): kernel-default-debuginfo-5.3.18-24.46.1 kernel-default-debugsource-5.3.18-24.46.1 kernel-default-extra-5.3.18-24.46.1 kernel-default-extra-debuginfo-5.3.18-24.46.1 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-24.46.1 kernel-default-debugsource-5.3.18-24.46.1 kernel-default-livepatch-5.3.18-24.46.1 kernel-default-livepatch-devel-5.3.18-24.46.1 kernel-livepatch-5_3_18-24_46-default-1-5.3.1 kernel-livepatch-5_3_18-24_46-default-debuginfo-1-5.3.1 kernel-livepatch-SLE15-SP2_Update_9-debugsource-1-5.3.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP2 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-24.46.1 kernel-default-debugsource-5.3.18-24.46.1 reiserfs-kmp-default-5.3.18-24.46.1 reiserfs-kmp-default-debuginfo-5.3.18-24.46.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): kernel-obs-build-5.3.18-24.46.1 kernel-obs-build-debugsource-5.3.18-24.46.1 kernel-syms-5.3.18-24.46.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 x86_64): kernel-preempt-debuginfo-5.3.18-24.46.1 kernel-preempt-debugsource-5.3.18-24.46.1 kernel-preempt-devel-5.3.18-24.46.1 kernel-preempt-devel-debuginfo-5.3.18-24.46.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch): kernel-docs-5.3.18-24.46.1 kernel-source-5.3.18-24.46.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): kernel-default-5.3.18-24.46.1 kernel-default-base-5.3.18-24.46.1.9.19.1 kernel-default-debuginfo-5.3.18-24.46.1 kernel-default-debugsource-5.3.18-24.46.1 kernel-default-devel-5.3.18-24.46.1 kernel-default-devel-debuginfo-5.3.18-24.46.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 x86_64): kernel-preempt-5.3.18-24.46.1 kernel-preempt-debuginfo-5.3.18-24.46.1 kernel-preempt-debugsource-5.3.18-24.46.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): kernel-devel-5.3.18-24.46.1 kernel-macros-5.3.18-24.46.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-24.46.1 cluster-md-kmp-default-debuginfo-5.3.18-24.46.1 dlm-kmp-default-5.3.18-24.46.1 dlm-kmp-default-debuginfo-5.3.18-24.46.1 gfs2-kmp-default-5.3.18-24.46.1 gfs2-kmp-default-debuginfo-5.3.18-24.46.1 kernel-default-debuginfo-5.3.18-24.46.1 kernel-default-debugsource-5.3.18-24.46.1 ocfs2-kmp-default-5.3.18-24.46.1 ocfs2-kmp-default-debuginfo-5.3.18-24.46.1 References: https://www.suse.com/security/cve/CVE-2020-0444.html https://www.suse.com/security/cve/CVE-2020-0465.html https://www.suse.com/security/cve/CVE-2020-0466.html https://www.suse.com/security/cve/CVE-2020-11668.html https://www.suse.com/security/cve/CVE-2020-27068.html https://www.suse.com/security/cve/CVE-2020-27777.html https://www.suse.com/security/cve/CVE-2020-27786.html https://www.suse.com/security/cve/CVE-2020-27825.html https://www.suse.com/security/cve/CVE-2020-27830.html https://www.suse.com/security/cve/CVE-2020-28374.html https://www.suse.com/security/cve/CVE-2020-29370.html https://www.suse.com/security/cve/CVE-2020-29373.html https://www.suse.com/security/cve/CVE-2020-29660.html https://www.suse.com/security/cve/CVE-2020-29661.html https://www.suse.com/security/cve/CVE-2020-36158.html https://bugzilla.suse.com/1040855 https://bugzilla.suse.com/1044120 https://bugzilla.suse.com/1044767 https://bugzilla.suse.com/1055117 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1094840 https://bugzilla.suse.com/1109695 https://bugzilla.suse.com/1115431 https://bugzilla.suse.com/1138374 https://bugzilla.suse.com/1139944 https://bugzilla.suse.com/1149032 https://bugzilla.suse.com/1152457 https://bugzilla.suse.com/1152472 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1155518 https://bugzilla.suse.com/1156315 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1158775 https://bugzilla.suse.com/1161099 https://bugzilla.suse.com/1163727 https://bugzilla.suse.com/1165933 https://bugzilla.suse.com/1167657 https://bugzilla.suse.com/1168952 https://bugzilla.suse.com/1171000 https://bugzilla.suse.com/1171078 https://bugzilla.suse.com/1171688 https://bugzilla.suse.com/1172145 https://bugzilla.suse.com/1172733 https://bugzilla.suse.com/1174486 https://bugzilla.suse.com/1175079 https://bugzilla.suse.com/1175480 https://bugzilla.suse.com/1175995 https://bugzilla.suse.com/1176396 https://bugzilla.suse.com/1176942 https://bugzilla.suse.com/1176956 https://bugzilla.suse.com/1177326 https://bugzilla.suse.com/1177500 https://bugzilla.suse.com/1177666 https://bugzilla.suse.com/1177679 https://bugzilla.suse.com/1177733 https://bugzilla.suse.com/1178049 https://bugzilla.suse.com/1178203 https://bugzilla.suse.com/1178270 https://bugzilla.suse.com/1178372 https://bugzilla.suse.com/1178590 https://bugzilla.suse.com/1178612 https://bugzilla.suse.com/1178634 https://bugzilla.suse.com/1178660 https://bugzilla.suse.com/1178756 https://bugzilla.suse.com/1178780 https://bugzilla.suse.com/1179107 https://bugzilla.suse.com/1179204 https://bugzilla.suse.com/1179419 https://bugzilla.suse.com/1179434 https://bugzilla.suse.com/1179435 https://bugzilla.suse.com/1179519 https://bugzilla.suse.com/1179575 https://bugzilla.suse.com/1179578 https://bugzilla.suse.com/1179601 https://bugzilla.suse.com/1179604 https://bugzilla.suse.com/1179639 https://bugzilla.suse.com/1179652 https://bugzilla.suse.com/1179656 https://bugzilla.suse.com/1179670 https://bugzilla.suse.com/1179671 https://bugzilla.suse.com/1179672 https://bugzilla.suse.com/1179673 https://bugzilla.suse.com/1179675 https://bugzilla.suse.com/1179676 https://bugzilla.suse.com/1179677 https://bugzilla.suse.com/1179678 https://bugzilla.suse.com/1179679 https://bugzilla.suse.com/1179680 https://bugzilla.suse.com/1179681 https://bugzilla.suse.com/1179682 https://bugzilla.suse.com/1179683 https://bugzilla.suse.com/1179684 https://bugzilla.suse.com/1179685 https://bugzilla.suse.com/1179687 https://bugzilla.suse.com/1179688 https://bugzilla.suse.com/1179689 https://bugzilla.suse.com/1179690 https://bugzilla.suse.com/1179703 https://bugzilla.suse.com/1179704 https://bugzilla.suse.com/1179707 https://bugzilla.suse.com/1179709 https://bugzilla.suse.com/1179710 https://bugzilla.suse.com/1179711 https://bugzilla.suse.com/1179712 https://bugzilla.suse.com/1179713 https://bugzilla.suse.com/1179714 https://bugzilla.suse.com/1179715 https://bugzilla.suse.com/1179716 https://bugzilla.suse.com/1179745 https://bugzilla.suse.com/1179763 https://bugzilla.suse.com/1179888 https://bugzilla.suse.com/1179892 https://bugzilla.suse.com/1179896 https://bugzilla.suse.com/1179960 https://bugzilla.suse.com/1179963 https://bugzilla.suse.com/1180027 https://bugzilla.suse.com/1180029 https://bugzilla.suse.com/1180031 https://bugzilla.suse.com/1180052 https://bugzilla.suse.com/1180056 https://bugzilla.suse.com/1180086 https://bugzilla.suse.com/1180117 https://bugzilla.suse.com/1180258 https://bugzilla.suse.com/1180261 https://bugzilla.suse.com/1180506 https://bugzilla.suse.com/1180541 https://bugzilla.suse.com/1180559 https://bugzilla.suse.com/1180566 From sle-updates at lists.suse.com Thu Jan 14 01:28:44 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Jan 2021 09:28:44 +0100 (CET) Subject: SUSE-SU-2021:0118-1: important: Security update for the Linux Kernel Message-ID: <20210114082844.B4F58FEDA@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0118-1 Rating: important References: #1040855 #1044120 #1044767 #1050242 #1050536 #1050545 #1055117 #1056653 #1056657 #1056787 #1064802 #1065729 #1066129 #1094840 #1103990 #1103992 #1104389 #1104393 #1109695 #1109837 #1110096 #1112178 #1112374 #1115431 #1118657 #1129770 #1136460 #1136461 #1138374 #1139944 #1144912 #1152457 #1163727 #1164780 #1171078 #1172145 #1172538 #1172694 #1174784 #1174852 #1176558 #1176559 #1176956 #1178270 #1178372 #1178401 #1178590 #1178634 #1178762 #1179014 #1179015 #1179045 #1179082 #1179107 #1179142 #1179204 #1179419 #1179444 #1179520 #1179578 #1179601 #1179663 #1179666 #1179670 #1179671 #1179672 #1179673 #1179711 #1179713 #1179714 #1179715 #1179716 #1179722 #1179723 #1179724 #1179745 #1179810 #1179888 #1179895 #1179896 #1179960 #1179963 #1180027 #1180029 #1180031 #1180052 #1180086 #1180117 #1180258 #1180506 #1180559 Cross-References: CVE-2018-20669 CVE-2019-20934 CVE-2020-0444 CVE-2020-0465 CVE-2020-0466 CVE-2020-27068 CVE-2020-27777 CVE-2020-27786 CVE-2020-27825 CVE-2020-28374 CVE-2020-29660 CVE-2020-29661 CVE-2020-36158 CVE-2020-4788 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Module for Legacy Software 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that solves 14 vulnerabilities and has 77 fixes is now available. Description: The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-28374: Fixed a Linux SCSI target issue (bsc#1178372). - CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559). - CVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960). - CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031). - CVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086). - CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029). - CVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027). - CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745). - CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745). - CVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107). - CVE-2019-20934: Fixed a use-after-free in show_numa_stats() because NUMA fault statistics were inappropriately freed, aka CID-16d51a590a8c (bsc#1179663). - CVE-2020-27786: Fixed a use after free in kernel midi subsystem snd_rawmidi_kernel_read1() (bsc#1179601). The following non-security bugs were fixed: - ACPI: PNP: compare the string length in the matching_id() (git-fixes). - ACPICA: Disassembler: create buffer fields in ACPI_PARSE_LOAD_PASS1 (git-fixes). - ACPICA: Do not increment operation_region reference counts for field units (git-fixes). - ALSA: ca0106: fix error code handling (git-fixes). - ALSA: ctl: allow TLV read operation for callback type of element in locked case (git-fixes). - ALSA: hda - Fix silent audio output and corrupted input on MSI X570-A PRO (git-fixes). - ALSA: hda/ca0132 - Change Input Source enum strings (git-fixes). - ALSA: hda/ca0132 - Fix AE-5 rear headphone pincfg (git-fixes). - ALSA: hda/generic: Add option to enforce preferred_dacs pairs (git-fixes). - ALSA: hda/hdmi: always check pin power status in i915 pin fixup (git-fixes). - ALSA: hda/realtek - Add new codec supported for ALC897 (git-fixes). - ALSA: hda/realtek - Couldn't detect Mic if booting with headset plugged (git-fixes). - ALSA: hda/realtek - Enable headset mic of ASUS Q524UQK with ALC255 (git-fixes). - ALSA: hda/realtek: Add mute LED quirk to yet another HP x360 model (git-fixes). - ALSA: hda/realtek: Add some Clove SSID in the ALC293(ALC1220) (git-fixes). - ALSA: hda/realtek: Enable front panel headset LED on Lenovo ThinkStation P520 (git-fixes). - ALSA: hda/realtek: Enable headset of ASUS UX482EG & B9400CEA with ALC294 (git-fixes). - ALSA: hda: Add NVIDIA codec IDs 9a & 9d through a0 to patch table (git-fixes). - ALSA: hda: Fix potential race in unsol event handler (git-fixes). - ALSA: hda: Fix regressions on clear and reconfig sysfs (git-fixes). - ALSA: info: Drop WARN_ON() from buffer NULL sanity check (git-fixes). - ALSA: isa/wavefront: prevent out of bounds write in ioctl (git-fixes). - ALSA: line6: Perform sanity check for each URB creation (git-fixes). - ALSA: pcm: oss: Fix a few more UBSAN fixes (git-fixes). - ALSA: pcm: oss: Fix potential out-of-bounds shift (git-fixes). - ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw sanity check (git-fixes). - ALSA: timer: Limit max amount of slave instances (git-fixes). - ALSA: usb-audio: Add delay quirk for all Logitech USB devices (git-fixes). - ALSA: usb-audio: Add delay quirk for H570e USB headsets (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for MODX (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for Qu-16 (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for Zoom UAC-2 (git-fixes). - ALSA: usb-audio: add quirk for Denon DCD-1500RE (git-fixes). - ALSA: usb-audio: add quirk for Samsung USBC Headset (AKG) (git-fixes). - ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Alpha S (git-fixes). - ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Flight S (git-fixes). - ALSA: usb-audio: add usb vendor id as DSD-capable for Khadas devices (git-fixes). - ALSA: usb-audio: Disable sample read check if firmware does not give back (git-fixes). - ALSA: usb-audio: Fix control 'access overflow' errors from chmap (git-fixes). - ALSA: usb-audio: Fix OOB access of mixer element list (git-fixes). - ALSA: usb-audio: Fix potential out-of-bounds shift (git-fixes). - ALSA: usb-audio: Fix race against the error recovery URB submission (git-fixes). - ALSA: usb-audio: US16x08: fix value count for level meters (git-fixes). - ASoC: arizona: Fix a wrong free in wm8997_probe (git-fixes). - ASoC: cx2072x: Fix doubly definitions of Playback and Capture streams (git-fixes). - ASoC: fsl_asrc_dma: Fix dma_chan leak when config DMA channel failed (git-fixes). - ASoC: jz4740-i2s: add missed checks for clk_get() (git-fixes). - ASoC: pcm3168a: The codec does not support S32_LE (git-fixes). - ASoC: pcm: DRAIN support reactivation (git-fixes). - ASoC: rt5677: Mark reg RT5677_PWR_ANLG2 as volatile (git-fixes). - ASoC: sti: fix possible sleep-in-atomic (git-fixes). - ASoC: wm8904: fix regcache handling (git-fixes). - ASoC: wm8998: Fix PM disable depth imbalance on error (git-fixes). - ASoC: wm_adsp: Do not generate kcontrols without READ flags (git-fixes). - ASoC: wm_adsp: remove "ctl" from list on error in wm_adsp_create_control() (git-fixes). - ata/libata: Fix usage of page address by page_address in ata_scsi_mode_select_xlat function (git-fixes). - ath10k: Fix an error handling path (git-fixes). - ath10k: fix backtrace on coredump (git-fixes). - ath10k: fix get invalid tx rate for Mesh metric (git-fixes). - ath10k: fix offchannel tx failure when no ath10k_mac_tx_frm_has_freq (git-fixes). - ath10k: Release some resources in an error handling path (git-fixes). - ath10k: Remove msdu from idr when management pkt send fails (git-fixes). - ath6kl: fix enum-conversion warning (git-fixes). - ath9k_htc: Discard undersized packets (git-fixes). - ath9k_htc: Modify byte order for an error message (git-fixes). - ath9k_htc: Silence undersized packet warnings (git-fixes). - ath9k_htc: Use appropriate rs_datalen type (git-fixes). - Avoid a GCC warning about "/*" within a comment. - backlight: lp855x: Ensure regulators are disabled on probe failure (git-fixes). - Bluetooth: add a mutex lock to avoid UAF in do_enale_set (git-fixes). - Bluetooth: btusb: Fix detection of some fake CSR controllers with a bcdDevice val of 0x0134 (git-fixes). - Bluetooth: Fix advertising duplicated flags (git-fixes). - Bluetooth: Fix null pointer dereference in hci_event_packet() (git-fixes). - Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt() (git-fixes). - bnxt_en: Fix race when modifying pause settings (bsc#1050242 ). - bnxt_en: Protect bnxt_set_eee() and bnxt_set_pauseparam() with mutex (bsc#1050242). - btmrvl: Fix firmware filename for sd8997 chipset (bsc#1172694). - btrfs: fix use-after-free on readahead extent after failure to create it (bsc#1179963). - btrfs: qgroup: do not commit transaction when we already hold the handle (bsc#1178634). - btrfs: remove a BUG_ON() from merge_reloc_roots() (bsc#1174784). - bus: fsl-mc: fix error return code in fsl_mc_object_allocate() (git-fixes). - can: mcp251x: add error check when wq alloc failed (git-fixes). - can: softing: softing_netdev_open(): fix error handling (git-fixes). - cfg80211: initialize rekey_data (git-fixes). - cfg80211: regulatory: Fix inconsistent format argument (git-fixes). - cifs: add NULL check for ses->tcon_ipc (bsc#1178270). - cifs: allow syscalls to be restarted in __smb_send_rqst() (bsc#1176956). - cifs: fix check of tcon dfs in smb1 (bsc#1178270). - cifs: fix potential use-after-free in cifs_echo_request() (bsc#1139944). - cirrus: cs89x0: remove set but not used variable 'lp' (git-fixes). - cirrus: cs89x0: use devm_platform_ioremap_resource() to simplify code (git-fixes). - clk: at91: usb: continue if clk_hw_round_rate() return zero (git-fixes). - clk: mvebu: a3700: fix the XTAL MODE pin to MPP1_9 (git-fixes). - clk: qcom: Allow constant ratio freq tables for rcg (git-fixes). - clk: qcom: msm8916: Fix the address location of pll->config_reg (git-fixes). - clk: s2mps11: Fix a resource leak in error handling paths in the probe function (git-fixes). - clk: samsung: exynos5433: Add IGNORE_UNUSED flag to sclk_i2s1 (git-fixes). - clk: sunxi-ng: Make sure divider tables have sentinel (git-fixes). - clk: tegra: Fix duplicated SE clock entry (git-fixes). - clk: tegra: Fix Tegra PMC clock out parents (git-fixes). - clk: ti: composite: fix memory leak (git-fixes). - clk: ti: dra7-atl-clock: Remove ti_clk_add_alias call (git-fixes). - clk: ti: Fix memleak in ti_fapll_synth_setup (git-fixes). - clocksource/drivers/asm9260: Add a check for of_clk_get (git-fixes). - coredump: fix core_pattern parse error (git-fixes). - cpufreq: highbank: Add missing MODULE_DEVICE_TABLE (git-fixes). - cpufreq: loongson1: Add missing MODULE_ALIAS (git-fixes). - cpufreq: scpi: Add missing MODULE_ALIAS (git-fixes). - cpufreq: st: Add missing MODULE_DEVICE_TABLE (git-fixes). - crypto: af_alg - avoid undefined behavior accessing salg_name (git-fixes). - crypto: omap-aes - Fix PM disable depth imbalance in omap_aes_probe (git-fixes). - crypto: qat - fix status check in qat_hal_put_rel_rd_xfer() (git-fixes). - crypto: talitos - Fix return type of current_desc_hdr() (git-fixes). - cw1200: fix missing destroy_workqueue() on error in cw1200_init_common (git-fixes). - cxgb4: Fix offset when clearing filter byte counters (bsc#1064802 bsc#1066129). - drivers: base: Fix NULL pointer exception in __platform_driver_probe() if a driver developer is foolish (git-fixes). - drivers: soc: ti: knav_qmss_queue: Fix error return code in knav_queue_probe (git-fixes). - drm/amd/display: remove useless if/else (git-fixes). - drm/amdgpu: fix build_coefficients() argument (git-fixes). - drm/dp_aux_dev: check aux_dev before use in drm_dp_aux_dev_get_by_minor() (git-fixes). - drm/gma500: fix double free of gma_connector (git-fixes). - drm/gma500: Fix out-of-bounds access to struct drm_device.vblank[] (bsc#1129770) - drm/meson: dw-hdmi: Register a callback to disable the regulator (git-fixes). - drm/msm/dpu: Add newline to printks (git-fixes). - drm/msm/dsi_phy_10nm: implement PHY disabling (git-fixes). - drm/omap: dmm_tiler: fix return error code in omap_dmm_probe() (git-fixes). - drm/rockchip: Avoid uninitialized use of endpoint id in LVDS (git-fixes). - epoll: Keep a reference on files added to the check list (bsc#1180031). - ext4: correctly report "not supported" for {usr,grp}jquota when !CONFIG_QUOTA (bsc#1179672). - ext4: fix bogus warning in ext4_update_dx_flag() (bsc#1179716). - ext4: fix error handling code in add_new_gdb (bsc#1179722). - ext4: fix invalid inode checksum (bsc#1179723). - ext4: fix leaking sysfs kobject after failed mount (bsc#1179670). - ext4: limit entries returned when counting fsmap records (bsc#1179671). - ext4: unlock xattr_sem properly in ext4_inline_data_truncate() (bsc#1179673). - extcon: max77693: Fix modalias string (git-fixes). - fbcon: Fix user font detection test at fbcon_resize(). (bsc#1112178) Backporting changes: * updated path drivers/video/fbcon/core to drivers/video/console - fbcon: Remove the superfluous break (bsc#1129770) Backporting changes: * updated path drivers/video/fbcon/core to drivers/video/console * context changes - firmware: qcom: scm: Ensure 'a0' status code is treated as signed (git-fixes). - fix regression in "epoll: Keep a reference on files added to the check list" (bsc#1180031, git-fixes). - forcedeth: use per cpu to collect xmit/recv statistics (git-fixes). - fs: Do not invalidate page buffers in block_write_full_page() (bsc#1179711). - geneve: change from tx_error to tx_dropped on missing metadata (git-fixes). - genirq/irqdomain: Add an irq_create_mapping_affinity() function (bsc#1065729). - gpio: arizona: handle pm_runtime_get_sync failure case (git-fixes). - gpio: gpio-grgpio: fix possible sleep-in-atomic-context bugs in grgpio_irq_map/unmap() (git-fixes). - gpio: max77620: Add missing dependency on GPIOLIB_IRQCHIP (git-fixes). - gpio: max77620: Fixup debounce delays (git-fixes). - gpio: max77620: Use correct unit for debounce times (git-fixes). - gpio: mpc8xxx: Add platform device to gpiochip->parent (git-fixes). - gpio: mvebu: fix potential user-after-free on probe (git-fixes). - gpiolib: acpi: Add honor_wakeup module-option + quirk mechanism (git-fixes). - gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2 10 BYT + AXP288 model (git-fixes). - gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2 10 CHT + AXP288 model (git-fixes). - gpiolib: acpi: Correct comment for HP x2 10 honor_wakeup quirk (git-fixes). - gpiolib: acpi: Rework honor_wakeup option into an ignore_wake option (git-fixes). - gpiolib: acpi: Turn dmi_system_id table into a generic quirk table (git-fixes). - gpiolib: fix up emulated open drain outputs (git-fixes). - HID: Add another Primax PIXART OEM mouse quirk (git-fixes). - HID: apple: Disable Fn-key key-re-mapping on clone keyboards (git-fixes). - HID: core: check whether Usage Page item is after Usage ID items (git-fixes). - HID: core: Correctly handle ReportSize being zero (git-fixes). - HID: cypress: Support Varmilo Keyboards' media hotkeys (git-fixes). - HID: Fix slab-out-of-bounds read in hid_field_extract (bsc#1180052). - HID: hid-sensor-hub: Fix issue with devices with no report ID (git-fixes). - HID: Improve Windows Precision Touchpad detection (git-fixes). - HID: intel-ish-hid: fix wrong error handling in ishtp_cl_alloc_tx_ring() (git-fixes). - HID: logitech-hidpp: Silence intermittent get_battery_capacity errors (git-fixes). - HSI: omap_ssi: Do not jump to free ID in ssi_add_controller() (git-fixes). - hwmon: (aspeed-pwm-tacho) Avoid possible buffer overflow (git-fixes). - hwmon: (jc42) Fix name to have no illegal characters (git-fixes). - i2c: algo: pca: Reapply i2c bus settings after reset (git-fixes). - i2c: i801: Fix resume bug (git-fixes). - i2c: piix4: Detect secondary SMBus controller on AMD AM4 chipsets (git-fixes). - i2c: pxa: clear all master action bits in i2c_pxa_stop_message() (git-fixes). - i2c: pxa: fix i2c_pxa_scream_blue_murder() debug output (git-fixes). - i2c: qup: Fix error return code in qup_i2c_bam_schedule_desc() (git-fixes). - ibmvnic: add some debugs (bsc#1179896 ltc#190255). - ibmvnic: avoid memset null scrq msgs (bsc#1044767 ltc#155231 git-fixes). - ibmvnic: continue fatal error reset after passive init (bsc#1171078 ltc#184239 git-fixes). - ibmvnic: delay next reset if hard reset fails (bsc#1094840 ltc#167098 git-fixes). - ibmvnic: enhance resetting status check during module exit (bsc#1065729). - ibmvnic: fix call_netdevice_notifiers in do_reset (bsc#1115431 ltc#171853 git-fixes). - ibmvnic: fix NULL pointer dereference in reset_sub_crq_queues (bsc#1040855 ltc#155067 git-fixes). - ibmvnic: fix: NULL pointer dereference (bsc#1044767 ltc#155231 git-fixes). - ibmvnic: notify peers when failover and migration happen (bsc#1044120 ltc#155423 git-fixes). - ibmvnic: restore adapter state on failed reset (bsc#1152457 ltc#174432 git-fixes). - igc: Fix returning wrong statistics (bsc#1118657). - iio: adc: max1027: Reset the device at probe time (git-fixes). - iio: adc: rockchip_saradc: fix missing clk_disable_unprepare() on error in rockchip_saradc_resume (git-fixes). - iio: bmp280: fix compensation of humidity (git-fixes). - iio: buffer: Fix demux update (git-fixes). - iio: dac: ad5592r: fix unbalanced mutex unlocks in ad5592r_read_raw() (git-fixes). - iio: fix center temperature of bmc150-accel-core (git-fixes). - iio: humidity: hdc100x: fix IIO_HUMIDITYRELATIVE channel reporting (git-fixes). - iio: light: bh1750: Resolve compiler warning and make code more readable (git-fixes). - iio: srf04: fix wrong limitation in distance measuring (git-fixes). - iio:imu:bmi160: Fix too large a buffer (git-fixes). - iio:pressure:mpl3115: Force alignment of buffer (git-fixes). - inet_ecn: Fix endianness of checksum update when setting ECT(1) (git-fixes). - Input: ads7846 - fix integer overflow on Rt calculation (git-fixes). - Input: ads7846 - fix race that causes missing releases (git-fixes). - Input: ads7846 - fix unaligned access on 7845 (git-fixes). - Input: atmel_mxt_ts - disable IRQ across suspend (git-fixes). - Input: cm109 - do not stomp on control URB (git-fixes). - Input: cros_ec_keyb - send 'scancodes' in addition to key events (git-fixes). - Input: cyapa_gen6 - fix out-of-bounds stack access (git-fixes). - Input: goodix - add upside-down quirk for Teclast X98 Pro tablet (git-fixes). - Input: i8042 - add Acer laptops to the i8042 reset list (git-fixes). - Input: i8042 - add ByteSpeed touchpad to noloop table (git-fixes). - Input: i8042 - add Entroware Proteus EL07R4 to nomux and reset lists (git-fixes). - Input: i8042 - allow insmod to succeed on devices without an i8042 controller (git-fixes). - Input: i8042 - fix error return code in i8042_setup_aux() (git-fixes). - Input: omap4-keypad - fix runtime PM error handling (git-fixes). - Input: synaptics - enable InterTouch for ThinkPad X1E 1st gen (git-fixes). - Input: trackpoint - add new trackpoint variant IDs (git-fixes). - Input: trackpoint - enable Synaptics trackpoints (git-fixes). - Input: xpad - support Ardwiino Controllers (git-fixes). - ipw2x00: Fix -Wcast-function-type (git-fixes). - irqchip/alpine-msi: Fix freeing of interrupts on allocation error path (git-fixes). - iwlwifi: mvm: fix kernel panic in case of assert during CSA (git-fixes). - iwlwifi: mvm: fix unaligned read of rx_pkt_status (git-fixes). - iwlwifi: pcie: limit memory read spin time (git-fixes). - kABI fix for g2d (git-fixes). - kABI workaround for dsa/b53 changes (git-fixes). - kABI workaround for HD-audio generic parser (git-fixes). - kABI workaround for net/ipvlan changes (git-fixes). - kABI: ath10k: move a new structure member to the end (git-fixes). - kABI: genirq: add back irq_create_mapping (bsc#1065729). - kernel-source.spec: Fix build with rpm 4.16 (boo#1179015). RPM_BUILD_ROOT is cleared before %%install. Do the unpack into RPM_BUILD_ROOT in %%install - kernel-{binary,source}.spec.in: do not create loop symlinks (bsc#1179082) - kgdb: Fix spurious true from in_dbg_master() (git-fixes). - KVM: x86: reinstate vendor-agnostic check on SPEC_CTRL cpuid bits (bsc#1112178). - mac80211: allow rx of mesh eapol frames with default rx key (git-fixes). - mac80211: Check port authorization in the ieee80211_tx_dequeue() case (git-fixes). - mac80211: do not set set TDLS STA bandwidth wider than possible (git-fixes). - mac80211: fix authentication with iwlwifi/mvm (git-fixes). - mac80211: fix use of skb payload instead of header (git-fixes). - mac80211: mesh: fix mesh_pathtbl_init() error path (git-fixes). - matroxfb: avoid -Warray-bounds warning (git-fixes). - md-cluster: fix rmmod issue when md_cluster convert bitmap to none (bsc#1163727). - md-cluster: fix safemode_delay value when converting to clustered bitmap (bsc#1163727). - md-cluster: fix wild pointer of unlock_all_bitmaps() (bsc#1163727). - md/bitmap: fix memory leak of temporary bitmap (bsc#1163727). - md/bitmap: md_bitmap_get_counter returns wrong blocks (bsc#1163727). - md/bitmap: md_bitmap_read_sb uses wrong bitmap blocks (bsc#1163727). - md/cluster: block reshape with remote resync job (bsc#1163727). - md/cluster: fix deadlock when node is doing resync job (bsc#1163727). - md/raid5: fix oops during stripe resizing (git-fixes). - media: am437x-vpfe: Setting STD to current value is not an error (git-fixes). - media: cec-funcs.h: add status_req checks (git-fixes). - media: cx88: Fix some error handling path in 'cx8800_initdev()' (git-fixes). - media: gspca: Fix memory leak in probe (git-fixes). - media: i2c: mt9v032: fix enum mbus codes and frame sizes (git-fixes). - media: i2c: ov2659: Fix missing 720p register config (git-fixes). - media: i2c: ov2659: fix s_stream return value (git-fixes). - media: msi2500: assign SPI bus number dynamically (git-fixes). - media: mtk-mdp: Fix a refcounting bug on error in init (git-fixes). - media: mtk-vcodec: add missing put_device() call in mtk_vcodec_release_dec_pm() (git-fixes). - media: platform: add missing put_device() call in mtk_jpeg_probe() and mtk_jpeg_remove() (git-patches). - media: pvrusb2: Fix oops on tear-down when radio support is not present (git-fixes). - media: s5p-g2d: Fix a memory leak in an error handling path in 'g2d_probe()' (git-fixes). - media: saa7146: fix array overflow in vidioc_s_audio() (git-fixes). - media: si470x-i2c: add missed operations in remove (git-fixes). - media: siano: fix memory leak of debugfs members in smsdvb_hotplug (git-fixes). - media: solo6x10: fix missing snd_card_free in error handling case (git-fixes). - media: sti: bdisp: fix a possible sleep-in-atomic-context bug in bdisp_device_run() (git-fixes). - media: sunxi-cir: ensure IR is handled when it is continuous (git-fixes). - media: ti-vpe: vpe: ensure buffers are cleaned up properly in abort cases (git-fixes). - media: ti-vpe: vpe: fix a v4l2-compliance failure about frame sequence number (git-fixes). - media: ti-vpe: vpe: fix a v4l2-compliance failure about invalid sizeimage (git-fixes). - media: ti-vpe: vpe: fix a v4l2-compliance failure causing a kernel panic (git-fixes). - media: ti-vpe: vpe: fix a v4l2-compliance warning about invalid pixel format (git-fixes). - media: ti-vpe: vpe: Make sure YUYV is set as default format (git-fixes). - media: uvcvideo: Set media controller entity functions (git-fixes). - media: uvcvideo: Silence shift-out-of-bounds warning (git-fixes). - media: v4l2-async: Fix trivial documentation typo (git-fixes). - media: v4l2-core: fix touch support in v4l_g_fmt (git-fixes). - media: v4l2-device.h: Explicitly compare grp{id,mask} to zero in v4l2_device macros (git-fixes). - mei: bus: do not clean driver pointer (git-fixes). - mei: protect mei_cl_mtu from null dereference (git-fixes). - memstick: fix a double-free bug in memstick_check (git-fixes). - memstick: r592: Fix error return in r592_probe() (git-fixes). - mfd: rt5033: Fix errorneous defines (git-fixes). - mfd: wm8994: Fix driver operation if loaded as modules (git-fixes). - mlxsw: core: Fix memory leak on module removal (bsc#1112374). - mm,memory_failure: always pin the page in madvise_inject_error (bsc#1180258). - mm/userfaultfd: do not access vma->vm_mm after calling handle_userfault() (bsc#1179204). - mwifiex: fix mwifiex_shutdown_sw() causing sw reset failure (git-fixes). - net/smc: fix valid DMBE buffer sizes (git-fixes). - net/tls: Fix kmap usage (bsc#1109837). - net/tls: missing received data after fast remote close (bsc#1109837). - net/x25: prevent a couple of overflows (bsc#1178590). - net: aquantia: Fix aq_vec_isr_legacy() return value (git-fixes). - net: aquantia: fix LRO with FCS error (git-fixes). - net: DCB: Validate DCB_ATTR_DCB_BUFFER argument (bsc#1103990 ). - net: dsa: b53: Always use dev->vlan_enabled in b53_configure_vlan() (git-fixes). - net: dsa: b53: Ensure the default VID is untagged (git-fixes). - net: dsa: b53: Fix default VLAN ID (git-fixes). - net: dsa: b53: Properly account for VLAN filtering (git-fixes). - net: dsa: bcm_sf2: Do not assume DSA master supports WoL (git-fixes). - net: dsa: bcm_sf2: potential array overflow in bcm_sf2_sw_suspend() (git-fixes). - net: dsa: qca8k: remove leftover phy accessors (git-fixes). - net: ena: fix packet's addresses for rx_offset feature (bsc#1174852). - net: ena: handle bad request id in ena_netdev (git-fixes). - net: ethernet: ti: cpsw: fix runtime_pm while add/kill vlan (git-fixes). - net: hisilicon: Fix signedness bug in hix5hd2_dev_probe() (git-fixes). - net: macb: add missing barriers when reading descriptors (git-fixes). - net: macb: fix dropped RX frames due to a race (git-fixes). - net: macb: fix error format in dev_err() (git-fixes). - net: macb: fix random memory corruption on RX with 64-bit DMA (git-fixes). - net: pasemi: fix an use-after-free in pasemi_mac_phy_init() (git-fixes). - net: phy: Avoid multiple suspends (git-fixes). - net: qed: fix "maybe uninitialized" warning (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - net: qed: fix async event callbacks unregistering (bsc#1104393 bsc#1104389). - net: qede: fix PTP initialization on recovery (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - net: qede: fix use-after-free on recovery and AER handling (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - net: seeq: Fix the function used to release some memory in an error handling path (git-fixes). - net: sh_eth: fix a missing check of of_get_phy_mode (git-fixes). - net: sonic: replace dev_kfree_skb in sonic_send_packet (git-fixes). - net: sonic: return NETDEV_TX_OK if failed to map buffer (git-fixes). - net: stmmac: fix csr_clk can't be zero issue (git-fixes). - net: stmmac: Fix reception of Broadcom switches tags (git-fixes). - net: thunderx: use spin_lock_bh in nicvf_set_rx_mode_task() (bsc#1110096). - net: usb: sr9800: fix uninitialized local variable (git-fixes). - net:ethernet:aquantia: Extra spinlocks removed (git-fixes). - net_sched: fix a memory leak in atm_tc_init() (bsc#1056657 bsc#1056653 bsc#1056787). - nfc: s3fwrn5: add missing release on skb in s3fwrn5_recv_frame (git-fixes). - nfc: s3fwrn5: Release the nfc firmware (git-fixes). - nfc: st95hf: Fix memleak in st95hf_in_send_cmd (git-fixes). - nfp: use correct define to return NONE fec (bsc#1109837). - NFS: fix nfs_path in case of a rename retry (git-fixes). - NFSD: Add missing NFSv2 .pc_func methods (git-fixes). - NFSv4.2: fix client's attribute cache management for copy_file_range (git-fixes). - NFSv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag (git-fixes). - ocfs2: fix unbalanced locking (bsc#1180506). - ocfs2: initialize ip_next_orphan (bsc#1179724). - orinoco: Move context allocation after processing the skb (git-fixes). - parport: load lowlevel driver if ports not found (git-fixes). - PCI/ASPM: Allow ASPM on links to PCIe-to-PCI/PCI-X Bridges (git-fixes). - PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge (git-fixes). - PCI: Do not disable decoding when mmio_always_on is set (git-fixes). - PCI: Fix pci_slot_release() NULL pointer dereference (git-fixes). - phy: Revert toggling reset changes (git-fixes). - pinctrl: amd: fix __iomem annotation in amd_gpio_irq_handler() (git-fixes). - pinctrl: amd: fix npins for uart0 in kerncz_groups (git-fixes). - pinctrl: amd: remove debounce filter setting in IRQ type setting (git-fixes). - pinctrl: baytrail: Avoid clearing debounce value when turning it off (git-fixes). - pinctrl: falcon: add missing put_device() call in pinctrl_falcon_probe() (git-fixes). - pinctrl: merrifield: Set default bias in case no particular value given (git-fixes). - pinctrl: sh-pfc: sh7734: Fix duplicate TCLK1_B (git-fixes). - platform/x86: acer-wmi: add automatic keyboard background light toggle key as KEY_LIGHTS_TOGGLE (git-fixes). - platform/x86: dell-smbios-base: Fix error return code in dell_smbios_init (git-fixes). - platform/x86: mlx-platform: Fix item counter assignment for MSN2700, MSN24xx systems (git-fixes). - platform/x86: mlx-platform: remove an unused variable (git-fixes). - platform/x86: mlx-platform: Remove PSU EEPROM from default platform configuration (git-fixes). - platform/x86: mlx-platform: Remove PSU EEPROM from MSN274x platform configuration (git-fixes). - PM / hibernate: memory_bm_find_bit(): Tighten node optimisation (git-fixes). - PM: ACPI: Output correct message on target power state (git-fixes). - PM: hibernate: Freeze kernel threads in software_resume() (git-fixes). - PM: hibernate: remove the bogus call to get_gendisk() in software_resume() (git-fixes). - pNFS/flexfiles: Fix list corruption if the mirror count changes (git-fixes). - power: supply: bq24190_charger: fix reference leak (git-fixes). - power: supply: bq27xxx_battery: Silence deferred-probe error (git-fixes). - powerpc/64: Set up a kernel stack for secondaries before cpu_restore() (bsc#1065729). - powerpc/64s/pseries: Fix hash tlbiel_all_isa300 for guest kernels (bsc#1179888 ltc#190253). - powerpc/64s: Fix hash ISA v3.0 TLBIEL instruction generation (bsc#1055117 ltc#159753 git-fixes bsc#1179888 ltc#190253). - powerpc/pci: Fix broken INTx configuration via OF (bsc#1172145 ltc#184630). - powerpc/pci: Remove legacy debug code (bsc#1172145 ltc#184630 git-fixes). - powerpc/pci: Remove LSI mappings on device teardown (bsc#1172145 ltc#184630). - powerpc/pci: Use of_irq_parse_and_map_pci() helper (bsc#1172145 ltc#184630). - powerpc/perf: Fix crash with is_sier_available when pmu is not set (bsc#1179578 ltc#189313). - powerpc/pseries/hibernation: remove redundant cacheinfo update (bsc#1138374 ltc#178199 git-fixes). - powerpc/pseries: Pass MSI affinity to irq_create_mapping() (bsc#1065729). - powerpc/smp: Add __init to init_big_cores() (bsc#1109695 ltc#171067 git-fixes). - powerpc/xmon: Change printk() to pr_cont() (bsc#1065729). - powerpc: Convert to using %pOF instead of full_name (bsc#1172145 ltc#184630). - powerpc: Fix incorrect stw{, ux, u, x} instructions in __set_pte_at (bsc#1065729). - ppp: remove the PPPIOCDETACH ioctl (git-fixes). - pwm: lp3943: Dynamically allocate PWM chip base (git-fixes). - qed: fix error return code in qed_iwarp_ll2_start() (bsc#1050536 bsc#1050545). - qed: suppress "do not support RoCE & iWARP" flooding on HW init (bsc#1050536 bsc#1050545). - qed: suppress false-positives interrupt error messages on HW init (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - quota: clear padding in v2r1_mem2diskdqb() (bsc#1179714). - radeon: insert 10ms sleep in dce5_crtc_load_lut (git-fixes). - ravb: Fix use-after-free ravb_tstamp_skb (git-fixes). - RDMA/qedr: Fix KASAN: use-after-free in ucma_event_handler+0x532 (bsc#1050545). - RDMA/qedr: Fix memory leak in iWARP CM (bsc#1050545 ). - regmap: debugfs: check count when read regmap file (git-fixes). - regmap: dev_get_regmap_match(): fix string comparison (git-fixes). - regmap: Remove duplicate `type` field from regmap `regcache_sync` trace event (git-fixes). - regulator: max8907: Fix the usage of uninitialized variable in max8907_regulator_probe() (git-fixes). - regulator: pfuze100-regulator: Variable "val" in pfuze100_regulator_probe() could be uninitialized (git-fixes). - regulator: ti-abb: Fix timeout in ti_abb_wait_txdone/ti_abb_clear_all_txdone (git-fixes). - reiserfs: Fix oops during mount (bsc#1179715). - reiserfs: Initialize inode keys properly (bsc#1179713). - remoteproc: Fix wrong rvring index computation (git-fixes). - rfkill: Fix incorrect check to avoid NULL pointer dereference (git-fixes). - rtc: 88pm860x: fix possible race condition (git-fixes). - rtc: hym8563: enable wakeup when applicable (git-fixes). - rtl8xxxu: fix RTL8723BU connection failure issue after warm reboot (git-fixes). - rtlwifi: fix memory leak in rtl92c_set_fw_rsvdpagepkt() (git-fixes). - s390/bpf: Fix multiple tail calls (git-fixes). - s390/cpuinfo: show processor physical address (git-fixes). - s390/cpum_sf.c: fix file permission for cpum_sfb_size (git-fixes). - s390/dasd: fix hanging device offline processing (bsc#1144912). - s390/dasd: fix null pointer dereference for ERP requests (git-fixes). - s390/pci: fix CPU address in MSI for directed IRQ (git-fixes). - s390/qeth: fix af_iucv notification race (git-fixes). - s390/qeth: fix tear down of async TX buffers (git-fixes). - s390/qeth: make af_iucv TX notification call more robust (git-fixes). - s390/stp: add locking to sysfs functions (git-fixes). - s390/zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl (git-fixes). - scripts/lib/SUSE/MyBS.pm: properly close prjconf Macros: section - scsi: lpfc: Add FDMI Vendor MIB support (bsc#1164780). - scsi: lpfc: Convert abort handling to SLI-3 and SLI-4 handlers (bsc#1164780). - scsi: lpfc: Convert SCSI I/O completions to SLI-3 and SLI-4 handlers (bsc#1164780). - scsi: lpfc: Convert SCSI path to use common I/O submission path (bsc#1164780). - scsi: lpfc: Correct null ndlp reference on routine exit (bsc#1164780). - scsi: lpfc: Drop nodelist reference on error in lpfc_gen_req() (bsc#1164780). - scsi: lpfc: Enable common send_io interface for SCSI and NVMe (bsc#1164780). - scsi: lpfc: Enable common wqe_template support for both SCSI and NVMe (bsc#1164780). - scsi: lpfc: Enlarge max_sectors in scsi host templates (bsc#1164780). - scsi: lpfc: Extend the RDF FPIN Registration descriptor for additional events (bsc#1164780). - scsi: lpfc: Fix duplicate wq_create_version check (bsc#1164780). - scsi: lpfc: Fix fall-through warnings for Clang (bsc#1164780). - scsi: lpfc: Fix FLOGI/PLOGI receive race condition in pt2pt discovery (bsc#1164780). - scsi: lpfc: Fix invalid sleeping context in lpfc_sli4_nvmet_alloc() (bsc#1164780). - scsi: lpfc: Fix memory leak on lcb_context (bsc#1164780). - scsi: lpfc: Fix missing prototype for lpfc_nvmet_prep_abort_wqe() (bsc#1164780). - scsi: lpfc: Fix missing prototype warning for lpfc_fdmi_vendor_attr_mi() (bsc#1164780). - scsi: lpfc: Fix NPIV discovery and Fabric Node detection (bsc#1164780). - scsi: lpfc: Fix NPIV Fabric Node reference counting (bsc#1164780). - scsi: lpfc: Fix pointer defereference before it is null checked issue (bsc#1164780). - scsi: lpfc: Fix refcounting around SCSI and NVMe transport APIs (bsc#1164780). - scsi: lpfc: Fix removal of SCSI transport device get and put on dev structure (bsc#1164780). - scsi: lpfc: Fix scheduling call while in softirq context in lpfc_unreg_rpi (bsc#1164780). - scsi: lpfc: Fix set but not used warnings from Rework remote port lock handling (bsc#1164780). - scsi: lpfc: Fix set but unused variables in lpfc_dev_loss_tmo_handler() (bsc#1164780). - scsi: lpfc: Fix spelling mistake "Cant" -> "Can't" (bsc#1164780). - scsi: lpfc: Fix variable 'vport' set but not used in lpfc_sli4_abts_err_handler() (bsc#1164780). - scsi: lpfc: lpfc_attr: Demote kernel-doc format for redefined functions (bsc#1164780). - scsi: lpfc: lpfc_attr: Fix-up a bunch of kernel-doc misdemeanours (bsc#1164780). - scsi: lpfc: lpfc_debugfs: Fix a couple of function documentation issues (bsc#1164780). - scsi: lpfc: lpfc_scsi: Fix a whole host of kernel-doc issues (bsc#1164780). - scsi: lpfc: Refactor WQE structure definitions for common use (bsc#1164780). - scsi: lpfc: Reject CT request for MIB commands (bsc#1164780). - scsi: lpfc: Remove dead code on second !ndlp check (bsc#1164780). - scsi: lpfc: Remove ndlp when a PLOGI/ADISC/PRLI/REG_RPI ultimately fails (bsc#1164780). - scsi: lpfc: Remove set but not used 'qp' (bsc#1164780). - scsi: lpfc: Remove unneeded variable 'status' in lpfc_fcp_cpu_map_store() (bsc#1164780). - scsi: lpfc: Removed unused macros in lpfc_attr.c (bsc#1164780). - scsi: lpfc: Rework locations of ndlp reference taking (bsc#1164780). - scsi: lpfc: Rework remote port lock handling (bsc#1164780). - scsi: lpfc: Rework remote port ref counting and node freeing (bsc#1164780). - scsi: lpfc: Unsolicited ELS leaves node in incorrect state while dropping it (bsc#1164780). - scsi: lpfc: Update changed file copyrights for 2020 (bsc#1164780). - scsi: lpfc: Update lpfc version to 12.8.0.4 (bsc#1164780). - scsi: lpfc: Update lpfc version to 12.8.0.5 (bsc#1164780). - scsi: lpfc: Update lpfc version to 12.8.0.6 (bsc#1164780). - scsi: lpfc: Use generic power management (bsc#1164780). - scsi: qla2xxx: Change post del message from debug level to log level (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Convert to DEFINE_SHOW_ATTRIBUTE (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Do not check for fw_started while posting NVMe command (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Do not consume srb greedily (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Drop TARGET_SCF_LOOKUP_LUN_FROM_TAG (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix compilation issue in PPC systems (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix crash during driver load on big endian machines (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix device loss on 4G and older HBAs (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix flash update in 28XX adapters on big endian machines (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix FW initialization error on big endian machines (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix N2N and NVMe connect retry failure (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix return of uninitialized value in rval (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix the call trace for flush workqueue (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Handle aborts correctly for port undergoing deletion (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Handle incorrect entry_type entries (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: If fcport is undergoing deletion complete I/O with retry (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Initialize variable in qla8044_poll_reg() (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Limit interrupt vectors to number of CPUs (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Move sess cmd list/lock to driver (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Remove in_interrupt() from qla82xx-specific code (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Remove in_interrupt() from qla83xx-specific code (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: remove incorrect sparse #ifdef (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Remove trailing semicolon in macro definition (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Return EBUSY on fcport deletion (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Tear down session if FW say it is down (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Update version to 10.02.00.104-k (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Use constant when it is known (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: Remove unneeded break statements (bsc#1164780). - scsi: storvsc: Fix error return in storvsc_probe() (git-fixes). - scsi: target: tcm_qla2xxx: Remove BUG_ON(in_interrupt()) (bsc#1172538 bsc#1179142 bsc#1179810). - serial: 8250_omap: Avoid FIFO corruption caused by MDR1 access (git-fixes). - serial: 8250_pci: Add Realtek 816a and 816b (git-fixes). - serial: amba-pl011: Make sure we initialize the port.lock spinlock (git-fixes). - serial: ar933x_uart: set UART_CS_{RX,TX}_READY_ORIDE (git-fixes). - serial: txx9: add missing platform_driver_unregister() on error in serial_txx9_init (git-fixes). - serial_core: Check for port state when tty is in error state (git-fixes). - SMB3: Honor 'handletimeout' flag for multiuser mounts (bsc#1176558). - SMB3: Honor 'posix' flag for multiuser mounts (bsc#1176559). - SMB3: Honor lease disabling for multiuser mounts (git-fixes). - soc/tegra: fuse: Fix index bug in get_process_id (git-fixes). - soc: imx: gpc: fix power up sequencing (git-fixes). - soc: mediatek: Check if power domains can be powered on at boot time (git-fixes). - soc: qcom: smp2p: Safely acquire spinlock without IRQs (git-fixes). - soc: ti: Fix reference imbalance in knav_dma_probe (git-fixes). - soc: ti: knav_qmss: fix reference leak in knav_queue_probe (git-fixes). - spi: Add call to spi_slave_abort() function when spidev driver is released (git-fixes). - spi: bcm63xx-hsspi: fix missing clk_disable_unprepare() on error in bcm63xx_hsspi_resume (git-fixes). - spi: davinci: Fix use-after-free on unbind (git-fixes). - spi: dw: Enable interrupts in accordance with DMA xfer mode (git-fixes). - spi: dw: Fix Rx-only DMA transfers (git-fixes). - spi: dw: Return any value retrieved from the dma_transfer callback (git-fixes). - spi: Fix memory leak on splited transfers (git-fixes). - spi: img-spfi: fix potential double release (git-fixes). - spi: img-spfi: fix reference leak in img_spfi_resume (git-fixes). - spi: pic32: Do not leak DMA channels in probe error path (git-fixes). - spi: pxa2xx: Add missed security checks (git-fixes). - spi: spi-cavium-thunderx: Add missing pci_release_regions() (git-fixes). - spi: spi-loopback-test: Fix out-of-bounds read (git-fixes). - spi: spi-mem: Fix passing zero to 'PTR_ERR' warning (git-fixes). - spi: spi-mem: fix reference leak in spi_mem_access_start (git-fixes). - spi: spi-ti-qspi: fix reference leak in ti_qspi_setup (git-fixes). - spi: spidev: fix a potential use-after-free in spidev_release() (git-fixes). - spi: st-ssc4: add missed pm_runtime_disable (git-fixes). - spi: st-ssc4: Fix unbalanced pm_runtime_disable() in probe error path (git-fixes). - spi: tegra114: fix reference leak in tegra spi ops (git-fixes). - spi: tegra20-sflash: fix reference leak in tegra_sflash_resume (git-fixes). - spi: tegra20-slink: add missed clk_unprepare (git-fixes). - spi: tegra20-slink: fix reference leak in slink ops of tegra20 (git-fixes). - splice: only read in as much information as there is pipe buffer space (bsc#1179520). - staging: comedi: check validity of wMaxPacketSize of usb endpoints found (git-fixes). - staging: comedi: gsc_hpdi: check dma_alloc_coherent() return value (git-fixes). - staging: comedi: mf6x4: Fix AI end-of-conversion detection (git-fixes). - staging: olpc_dcon: add a missing dependency (git-fixes). - staging: olpc_dcon: Do not call platform_device_unregister() in dcon_probe() (git-fixes). - staging: rtl8188eu: Add device code for TP-Link TL-WN727N v5.21 (git-fixes). - staging: rtl8188eu: Add device id for MERCUSYS MW150US v2 (git-fixes). - staging: rtl8188eu: fix possible null dereference (git-fixes). - staging: rtl8192u: fix multiple memory leaks on error path (git-fixes). - staging: vt6656: set usb_set_intfdata on driver fail (git-fixes). - staging: wlan-ng: fix out of bounds read in prism2sta_probe_usb() (git-fixes). - staging: wlan-ng: properly check endpoint types (git-fixes). - sunrpc: fix copying of multiple pages in gss_read_proxy_verf() (bsc#1103992). - sunrpc: fixed rollback in rpc_gssd_dummy_populate() (git-fixes). - sunrpc: Properly set the @subbuf parameter of xdr_buf_subsegment() (git-fixes). - sunrpc: The RDMA back channel mustn't disappear while requests are outstanding (git-fixes). - svcrdma: fix bounce buffers for unaligned offsets and multiple pages (bsc#1103992). - svcrdma: Fix page leak in svc_rdma_recv_read_chunk() (bsc#1103992). - tcp: Set INET_ECN_xmit configuration in tcp_reinit_congestion_control (bsc#1109837). - thunderbolt: Use 32-bit writes when writing ring producer/consumer (git-fixes). - timer: Fix wheel index calculation on last level (git fixes) - timer: Prevent base->clk from moving backward (git-fixes) - tty: always relink the port (git-fixes). - tty: Fix ->pgrp locking in tiocspgrp() (git-fixes). - tty: link tty and port before configuring it as console (git-fixes). - tty: synclink_gt: Adjust indentation in several functions (git-fixes). - tty: synclinkmp: Adjust indentation in several functions (git-fixes). - tty:serial:mvebu-uart:fix a wrong return (git-fixes). - uapi/if_ether.h: move __UAPI_DEF_ETHHDR libc define (git-fixes). - uapi/if_ether.h: prevent redefinition of struct ethhdr (git-fixes). - usb: add RESET_RESUME quirk for Snapscan 1212 (git-fixes). - usb: chipidea: ci_hdrc_imx: Pass DISABLE_DEVICE_STREAMING flag to imx6ul (git-fixes). - usb: dummy-hcd: Fix uninitialized array use in init() (git-fixes). - usb: dwc2: Fix IN FIFO allocation (git-fixes). - usb: dwc3: remove the call trace of USBx_GFLADJ (git-fixes). - usb: ehci-omap: Fix PM disable depth umbalance in ehci_hcd_omap_probe (git-fixes). - usb: Fix: Do not skip endpoint descriptors with maxpacket=0 (git-fixes). - usb: fsl: Check memory resource before releasing it (git-fixes). - usb: gadget: composite: Fix possible double free memory bug (git-fixes). - usb: gadget: configfs: fix concurrent issue between composite APIs (git-fixes). - usb: gadget: configfs: Fix missing spin_lock_init() (git-fixes). - usb: gadget: f_acm: add support for SuperSpeed Plus (git-fixes). - usb: gadget: f_fs: Use local copy of descriptors for userspace copy (git-fixes). - usb: gadget: f_midi: setup SuperSpeed Plus descriptors (git-fixes). - usb: gadget: f_rndis: fix bitrate for SuperSpeed and above (git-fixes). - usb: gadget: ffs: ffs_aio_cancel(): Save/restore IRQ flags (git-fixes). - usb: gadget: fix wrong endpoint desc (git-fixes). - usb: gadget: goku_udc: fix potential crashes in probe (git-fixes). - usb: gadget: net2280: fix memory leak on probe error handling paths (git-fixes). - usb: gadget: serial: fix Tx stall after buffer overflow (git-fixes). - usb: gadget: udc: fix possible sleep-in-atomic-context bugs in gr_probe() (git-fixes). - usb: gadget: udc: gr_udc: fix memleak on error handling path in gr_ep_init() (git-fixes). - usb: hso: Fix debug compile warning on sparc32 (git-fixes). - usb: ldusb: use unsigned size format specifiers (git-fixes). - usb: musb: omap2430: Get rid of musb .set_vbus for omap2430 glue (git-fixes). - usb: oxu210hp-hcd: Fix memory leak in oxu_create (git-fixes). - usb: serial: ch341: add new Product ID for CH341A (git-fixes). - usb: serial: ch341: sort device-id entries (git-fixes). - usb: serial: digi_acceleport: clean up modem-control handling (git-fixes). - usb: serial: digi_acceleport: clean up set_termios (git-fixes). - usb: serial: digi_acceleport: fix write-wakeup deadlocks (git-fixes). - usb: serial: digi_acceleport: remove in_interrupt() usage. - usb: serial: digi_acceleport: remove redundant assignment to pointer priv (git-fixes). - usb: serial: digi_acceleport: rename tty flag variable (git-fixes). - usb: serial: digi_acceleport: use irqsave() in USB's complete callback (git-fixes). - usb: serial: keyspan_pda: fix dropped unthrottle interrupts (git-fixes). - usb: serial: keyspan_pda: fix stalled writes (git-fixes). - usb: serial: keyspan_pda: fix tx-unthrottle use-after-free (git-fixes). - usb: serial: keyspan_pda: fix write deadlock (git-fixes). - usb: serial: keyspan_pda: fix write unthrottling (git-fixes). - usb: serial: keyspan_pda: fix write-wakeup use-after-free (git-fixes). - usb: serial: kl5kusb105: fix memleak on open (git-fixes). - usb: serial: mos7720: fix parallel-port state restore (git-fixes). - usb: serial: option: add Fibocom NL668 variants (git-fixes). - usb: serial: option: add interface-number sanity check to flag handling (git-fixes). - usb: serial: option: add support for Thales Cinterion EXS82 (git-fixes). - usb: serial: option: fix Quectel BG96 matching (git-fixes). - usb: Skip endpoints with 0 maxpacket length (git-fixes). - usb: UAS: introduce a quirk to set no_write_same (git-fixes). - usb: usbfs: Suppress problematic bind and unbind uevents (git-fixes). - usblp: poison URBs upon disconnect (git-fixes). - usbnet: ipheth: fix connectivity with iOS 14 (git-fixes). - video: fbdev: neofb: fix memory leak in neo_scan_monitor() (git-fixes). - vt: do not hardcode the mem allocation upper bound (git-fixes). - vt: Reject zero-sized screen buffer size (git-fixes). - watchdog: coh901327: add COMMON_CLK dependency (git-fixes). - watchdog: da9062: do not ping the hw during stop() (git-fixes). - watchdog: da9062: No need to ping manually before setting timeout (git-fixes). - watchdog: qcom: Avoid context switch in restart handler (git-fixes). - watchdog: sirfsoc: Add missing dependency on HAS_IOMEM (git-fixes). - wimax: fix duplicate initializer warning (git-fixes). - wireless: Use linux/stddef.h instead of stddef.h (git-fixes). - wireless: Use offsetof instead of custom macro (git-fixes). - x86/apic: Fix integer overflow on 10 bit left shift of cpu_khz (bsc#1112178). - x86/insn-eval: Use new for_each_insn_prefix() macro to loop over prefixes bytes (bsc#1112178). - x86/mm/ident_map: Check for errors from ident_pud_init() (bsc#1112178). - x86/mm/mem_encrypt: Fix definition of PMD_FLAGS_DEC_WP (bsc#1112178). - x86/resctrl: Add necessary kernfs_put() calls to prevent refcount leak (bsc#1112178). - x86/resctrl: Fix incorrect local bandwidth when mba_sc is enabled (bsc#1112178). - x86/resctrl: Remove superfluous kernfs_get() calls to prevent refcount leak (bsc#1112178). - x86/resctrl: Remove unused struct mbm_state::chunks_bw (bsc#1112178). - x86/speculation: Fix prctl() when spectre_v2_user={seccomp,prctl},ibpb (bsc#1112178). - x86/tracing: Introduce a static key for exception tracing (bsc#1179895). - x86/traps: Simplify pagefault tracing logic (bsc#1179895). - x86/uprobes: Do not use prefixes.nbytes when looping over prefixes.bytes (bsc#1112178). - xhci: Give USB2 ports time to enter U3 in bus suspend (git-fixes). - xprtrdma: fix incorrect header size calculations (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2021-118=1 - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2021-118=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2021-118=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2021-118=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2021-118=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2021-118=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): kernel-default-debuginfo-4.12.14-197.78.1 kernel-default-debugsource-4.12.14-197.78.1 kernel-default-extra-4.12.14-197.78.1 kernel-default-extra-debuginfo-4.12.14-197.78.1 - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-197.78.1 kernel-default-debugsource-4.12.14-197.78.1 kernel-default-livepatch-4.12.14-197.78.1 kernel-default-livepatch-devel-4.12.14-197.78.1 kernel-livepatch-4_12_14-197_78-default-1-3.3.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-197.78.1 kernel-default-debugsource-4.12.14-197.78.1 reiserfs-kmp-default-4.12.14-197.78.1 reiserfs-kmp-default-debuginfo-4.12.14-197.78.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-197.78.1 kernel-obs-build-debugsource-4.12.14-197.78.1 kernel-syms-4.12.14-197.78.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (noarch): kernel-docs-4.12.14-197.78.1 kernel-source-4.12.14-197.78.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-197.78.1 kernel-default-base-4.12.14-197.78.1 kernel-default-base-debuginfo-4.12.14-197.78.1 kernel-default-debuginfo-4.12.14-197.78.1 kernel-default-debugsource-4.12.14-197.78.1 kernel-default-devel-4.12.14-197.78.1 kernel-default-devel-debuginfo-4.12.14-197.78.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): kernel-devel-4.12.14-197.78.1 kernel-macros-4.12.14-197.78.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (s390x): kernel-default-man-4.12.14-197.78.1 kernel-zfcpdump-debuginfo-4.12.14-197.78.1 kernel-zfcpdump-debugsource-4.12.14-197.78.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-197.78.1 cluster-md-kmp-default-debuginfo-4.12.14-197.78.1 dlm-kmp-default-4.12.14-197.78.1 dlm-kmp-default-debuginfo-4.12.14-197.78.1 gfs2-kmp-default-4.12.14-197.78.1 gfs2-kmp-default-debuginfo-4.12.14-197.78.1 kernel-default-debuginfo-4.12.14-197.78.1 kernel-default-debugsource-4.12.14-197.78.1 ocfs2-kmp-default-4.12.14-197.78.1 ocfs2-kmp-default-debuginfo-4.12.14-197.78.1 References: https://www.suse.com/security/cve/CVE-2018-20669.html https://www.suse.com/security/cve/CVE-2019-20934.html https://www.suse.com/security/cve/CVE-2020-0444.html https://www.suse.com/security/cve/CVE-2020-0465.html https://www.suse.com/security/cve/CVE-2020-0466.html https://www.suse.com/security/cve/CVE-2020-27068.html https://www.suse.com/security/cve/CVE-2020-27777.html https://www.suse.com/security/cve/CVE-2020-27786.html https://www.suse.com/security/cve/CVE-2020-27825.html https://www.suse.com/security/cve/CVE-2020-28374.html https://www.suse.com/security/cve/CVE-2020-29660.html https://www.suse.com/security/cve/CVE-2020-29661.html https://www.suse.com/security/cve/CVE-2020-36158.html https://www.suse.com/security/cve/CVE-2020-4788.html https://bugzilla.suse.com/1040855 https://bugzilla.suse.com/1044120 https://bugzilla.suse.com/1044767 https://bugzilla.suse.com/1050242 https://bugzilla.suse.com/1050536 https://bugzilla.suse.com/1050545 https://bugzilla.suse.com/1055117 https://bugzilla.suse.com/1056653 https://bugzilla.suse.com/1056657 https://bugzilla.suse.com/1056787 https://bugzilla.suse.com/1064802 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1066129 https://bugzilla.suse.com/1094840 https://bugzilla.suse.com/1103990 https://bugzilla.suse.com/1103992 https://bugzilla.suse.com/1104389 https://bugzilla.suse.com/1104393 https://bugzilla.suse.com/1109695 https://bugzilla.suse.com/1109837 https://bugzilla.suse.com/1110096 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1112374 https://bugzilla.suse.com/1115431 https://bugzilla.suse.com/1118657 https://bugzilla.suse.com/1129770 https://bugzilla.suse.com/1136460 https://bugzilla.suse.com/1136461 https://bugzilla.suse.com/1138374 https://bugzilla.suse.com/1139944 https://bugzilla.suse.com/1144912 https://bugzilla.suse.com/1152457 https://bugzilla.suse.com/1163727 https://bugzilla.suse.com/1164780 https://bugzilla.suse.com/1171078 https://bugzilla.suse.com/1172145 https://bugzilla.suse.com/1172538 https://bugzilla.suse.com/1172694 https://bugzilla.suse.com/1174784 https://bugzilla.suse.com/1174852 https://bugzilla.suse.com/1176558 https://bugzilla.suse.com/1176559 https://bugzilla.suse.com/1176956 https://bugzilla.suse.com/1178270 https://bugzilla.suse.com/1178372 https://bugzilla.suse.com/1178401 https://bugzilla.suse.com/1178590 https://bugzilla.suse.com/1178634 https://bugzilla.suse.com/1178762 https://bugzilla.suse.com/1179014 https://bugzilla.suse.com/1179015 https://bugzilla.suse.com/1179045 https://bugzilla.suse.com/1179082 https://bugzilla.suse.com/1179107 https://bugzilla.suse.com/1179142 https://bugzilla.suse.com/1179204 https://bugzilla.suse.com/1179419 https://bugzilla.suse.com/1179444 https://bugzilla.suse.com/1179520 https://bugzilla.suse.com/1179578 https://bugzilla.suse.com/1179601 https://bugzilla.suse.com/1179663 https://bugzilla.suse.com/1179666 https://bugzilla.suse.com/1179670 https://bugzilla.suse.com/1179671 https://bugzilla.suse.com/1179672 https://bugzilla.suse.com/1179673 https://bugzilla.suse.com/1179711 https://bugzilla.suse.com/1179713 https://bugzilla.suse.com/1179714 https://bugzilla.suse.com/1179715 https://bugzilla.suse.com/1179716 https://bugzilla.suse.com/1179722 https://bugzilla.suse.com/1179723 https://bugzilla.suse.com/1179724 https://bugzilla.suse.com/1179745 https://bugzilla.suse.com/1179810 https://bugzilla.suse.com/1179888 https://bugzilla.suse.com/1179895 https://bugzilla.suse.com/1179896 https://bugzilla.suse.com/1179960 https://bugzilla.suse.com/1179963 https://bugzilla.suse.com/1180027 https://bugzilla.suse.com/1180029 https://bugzilla.suse.com/1180031 https://bugzilla.suse.com/1180052 https://bugzilla.suse.com/1180086 https://bugzilla.suse.com/1180117 https://bugzilla.suse.com/1180258 https://bugzilla.suse.com/1180506 https://bugzilla.suse.com/1180559 From sle-updates at lists.suse.com Thu Jan 14 07:18:29 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Jan 2021 15:18:29 +0100 (CET) Subject: SUSE-RU-2021:0120-1: important: Recommended update for gnome-packagekit Message-ID: <20210114141829.B4E08FEDA@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnome-packagekit ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0120-1 Rating: important References: #1180247 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gnome-packagekit fixes the following issue: - Fix the logout support after an update. (bsc#1180247) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-120=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): gnome-packagekit-3.32.0-3.3.1 gnome-packagekit-debuginfo-3.32.0-3.3.1 gnome-packagekit-debugsource-3.32.0-3.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (noarch): gnome-packagekit-lang-3.32.0-3.3.1 References: https://bugzilla.suse.com/1180247 From sle-updates at lists.suse.com Thu Jan 14 07:19:30 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Jan 2021 15:19:30 +0100 (CET) Subject: SUSE-SU-2021:0121-1: moderate: Security update for nodejs8 Message-ID: <20210114141930.835B9FEDA@maintenance.suse.de> SUSE Security Update: Security update for nodejs8 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0121-1 Rating: moderate References: #1180554 Cross-References: CVE-2020-8287 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for nodejs8 fixes the following issue: - CVE-2020-8287: Fixed an HTTP request smuggling vulnerability (bsc#1180554). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP2: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP2-2021-121=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP2 (aarch64 ppc64le s390x x86_64): nodejs8-8.17.0-10.6.1 nodejs8-debuginfo-8.17.0-10.6.1 nodejs8-debugsource-8.17.0-10.6.1 nodejs8-devel-8.17.0-10.6.1 npm8-8.17.0-10.6.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP2 (noarch): nodejs8-docs-8.17.0-10.6.1 References: https://www.suse.com/security/cve/CVE-2020-8287.html https://bugzilla.suse.com/1180554 From sle-updates at lists.suse.com Thu Jan 14 07:20:29 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Jan 2021 15:20:29 +0100 (CET) Subject: SUSE-SU-2021:0122-1: important: Security update for MozillaThunderbird Message-ID: <20210114142029.A73C5FEDA@maintenance.suse.de> SUSE Security Update: Security update for MozillaThunderbird ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0122-1 Rating: important References: #1180623 Cross-References: CVE-2020-16044 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 78.6.1 * changed: MailExtensions: browserAction, composeAction, and messageDisplayAction toolbar buttons now support label and default_label properties (bmo#1583478) * fixed: Running a quicksearch that returned no results did not offer to re-run as a global search (bmo#1663153) * fixed: Message search toolbar fixes (bmo#1681010) * fixed: Very long subject lines distorted the message compose and display windows, making them unusable (bmo#77806) * fixed: Compose window: Recipient addresses that had not yet been autocompleted were lost when clicking Send button (bmo#1674054) * fixed: Compose window: New message is no longer marked as "changed" just from tabbing out of the recipient field without editing anything (bmo#1681389) * fixed: Account autodiscover fixes when using MS Exchange servers (bmo#1679759) * fixed: LDAP address book stability fix (bmo#1680914) * fixed: Messages with invalid vcard attachments were not marked as read when viewed in the preview window (bmo#1680468) * fixed: Chat: Could not add TLS certificate exceptions for XMPP connections (bmo#1590471) * fixed: Calendar: System timezone was not always properly detected (bmo#1678839) * fixed: Calendar: Descriptions were sometimes blank when editing a single occurrence of a repeating event (bmo#1664731) * fixed: Various printing bugfixes (bmo#1676166) * fixed: Visual consistency and theme improvements (bmo#1682808) MFSA 2021-02 (bsc#1180623) * CVE-2020-16044 (bmo#1683964) Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2021-122=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): MozillaThunderbird-78.6.1-3.116.1 MozillaThunderbird-debuginfo-78.6.1-3.116.1 MozillaThunderbird-debugsource-78.6.1-3.116.1 MozillaThunderbird-translations-common-78.6.1-3.116.1 MozillaThunderbird-translations-other-78.6.1-3.116.1 References: https://www.suse.com/security/cve/CVE-2020-16044.html https://bugzilla.suse.com/1180623 From sle-updates at lists.suse.com Thu Jan 14 07:21:29 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Jan 2021 15:21:29 +0100 (CET) Subject: SUSE-SU-2021:0127-1: important: Security update for open-iscsi Message-ID: <20210114142129.BFB39FEDA@maintenance.suse.de> SUSE Security Update: Security update for open-iscsi ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0127-1 Rating: important References: #1179440 #1179908 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for open-iscsi fixes the following issues: - Updated to upstream version 2.1.3 as 2.1.3-suse, for bsc#1179908, including: * uip: check for TCP urgent pointer past end of frame * uip: check for u8 overflow when processing TCP options * uip: check for header length underflow during checksum calculation * fwparam_ppc: Fix memory leak in fwparam_ppc.c * iscsiuio: Remove unused macro IFNAMSIZ defined in iscsid_ipc.c * fwparam_ppc: Fix illegal memory access in fwparam_ppc.c * sysfs: Verify parameter of sysfs_device_get() * fwparam_ppc: Fix NULL pointer dereference in find_devtree() * open-iscsi: Clean user_param list when process exit * iscsi_net_util: Fix NULL pointer dereference in find_vlan_dev() * open-iscsi: Fix NULL pointer dereference in mgmt_ipc_read_req() * open-iscsi: Fix invalid pointer deference in find_initiator() * iscsiuio: Fix invalid parameter when call fstat() * iscsi-iname: Verify open() return value before calling read() * iscsi_sysfs: Fix NULL pointer deference in iscsi_sysfs_read_iface - Updatged to latest upstream, including: * iscsiadm: Optimize the the verification of mode paramters * iscsid: Poll timeout value to 1 minute for iscsid * iscsiadm: fix host stats mode coredump * iscsid: fix logging level when starting and shutting down daemon * Updated iscsiadm man page. * Fix memory leak in sysfs_get_str * libopeniscsiusr: Compare with max int instead of max long - Systemd unit files should not depend on network.target (bsc#1179440). - Updated to latest upstream, including async login ability: * Implement login "no_wait" for iscsiadm NODE mode * iscsiadm buffer overflow regression when discovering many targets at once * iscsid: Check Invalid Session id for stop connection * Add ability to attempt target logins asynchronously - %service_del_postun_without_restart is now available on SLE More accurately it's been introduced in SLE12-SP2+ and SLE15+ Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-127=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): iscsiuio-0.7.8.6-22.6.1 iscsiuio-debuginfo-0.7.8.6-22.6.1 libopeniscsiusr0_2_0-2.1.3-22.6.1 libopeniscsiusr0_2_0-debuginfo-2.1.3-22.6.1 open-iscsi-2.1.3-22.6.1 open-iscsi-debuginfo-2.1.3-22.6.1 open-iscsi-debugsource-2.1.3-22.6.1 open-iscsi-devel-2.1.3-22.6.1 References: https://bugzilla.suse.com/1179440 https://bugzilla.suse.com/1179908 From sle-updates at lists.suse.com Thu Jan 14 07:22:36 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Jan 2021 15:22:36 +0100 (CET) Subject: SUSE-RU-2021:0119-1: moderate: Recommended update for bcache-tools Message-ID: <20210114142236.3DA24FEDA@maintenance.suse.de> SUSE Recommended Update: Recommended update for bcache-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0119-1 Rating: moderate References: SLE-9807 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for bcache-tools fixes the following issues: - Fix typo from `SUUP` to `SUPP` (jsc#SLE-9807) - change from `BCH_FEATURE_COMPAT_SUUP` to `BCH_FEATURE_COMPAT_SUPP` - change from `BCH_FEATURE_INCOMPAT_SUUP` to `BCH_FEATURE_INCOMPAT_SUPP` - change from `BCH_FEATURE_INCOMPAT_SUUP` to `BCH_FEATURE_RO_COMPAT_SUPP` - Call `set_bucket_size()` only for cache device (jsc#SLE-9807) - Add `BCH_FEATURE_INCOMPAT_LARGE_BUCKET` to `BCH_FEATURE_INCOMPAT_SUPP` (jsc#SLE-9807) - `BCH_FEATURE_INCOMPAT_LARGE_BUCKET` is a feature to support 32bits bucket size, which is incompatible feature for existing on-disk layout. This fix adds this feature bit to `BCH_FEATURE_INCOMPAT_SUPP` feature set. - Check for incompatible feature set (jsc#SLE-9807) - Introduce `BCH_FEATURE_INCOMPAT_LOG_LARGE_BUCKET_SIZE` for large bucket (jsc#SLE-9807) - Display obsoleted bucket size configuration (jsc#SLE-9807) - Recover the missing `sb.csum` for showing `bcache` device super block (jsc#SLE-9807) - Call `to_cache_sb()` only for `bcache` device in `may_add_item()` (jsc#SLE-9807) - Improve column alignment for `bcache show -m` output (jsc#SLE-9807) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-119=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): bcache-tools-1.1-3.9.1 bcache-tools-debuginfo-1.1-3.9.1 bcache-tools-debugsource-1.1-3.9.1 References: From sle-updates at lists.suse.com Thu Jan 14 07:23:36 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Jan 2021 15:23:36 +0100 (CET) Subject: SUSE-SU-2021:0128-1: moderate: Security update for openldap2 Message-ID: <20210114142336.829DCFEDA@maintenance.suse.de> SUSE Security Update: Security update for openldap2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0128-1 Rating: moderate References: #1178909 Cross-References: CVE-2020-25709 CVE-2020-25710 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for openldap2 fixes the following issues: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-128=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-128=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): openldap2-back-perl-2.4.41-18.80.1 openldap2-back-perl-debuginfo-2.4.41-18.80.1 openldap2-debuginfo-2.4.41-18.80.1 openldap2-debugsource-2.4.41-18.80.1 openldap2-devel-2.4.41-18.80.1 openldap2-devel-static-2.4.41-18.80.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libldap-2_4-2-2.4.41-18.80.1 libldap-2_4-2-debuginfo-2.4.41-18.80.1 openldap2-2.4.41-18.80.1 openldap2-back-meta-2.4.41-18.80.1 openldap2-back-meta-debuginfo-2.4.41-18.80.1 openldap2-client-2.4.41-18.80.1 openldap2-client-debuginfo-2.4.41-18.80.1 openldap2-debuginfo-2.4.41-18.80.1 openldap2-debugsource-2.4.41-18.80.1 openldap2-ppolicy-check-password-1.2-18.80.1 openldap2-ppolicy-check-password-debuginfo-1.2-18.80.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libldap-2_4-2-32bit-2.4.41-18.80.1 libldap-2_4-2-debuginfo-32bit-2.4.41-18.80.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): openldap2-doc-2.4.41-18.80.1 References: https://www.suse.com/security/cve/CVE-2020-25709.html https://www.suse.com/security/cve/CVE-2020-25710.html https://bugzilla.suse.com/1178909 From sle-updates at lists.suse.com Thu Jan 14 07:24:40 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Jan 2021 15:24:40 +0100 (CET) Subject: SUSE-SU-2021:0124-1: moderate: Security update for php7 Message-ID: <20210114142440.B3A22FF14@maintenance.suse.de> SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0124-1 Rating: moderate References: #1180706 Cross-References: CVE-2020-7071 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for php7 fixes the following issue: - CVE-2020-7071: Fixed an insufficient filter in parse_url() that accepted URLs with invalid userinfo (bsc#1180706). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP2: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP2-2021-124=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-124=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP2 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.4.6-3.14.2 apache2-mod_php7-debuginfo-7.4.6-3.14.2 php7-7.4.6-3.14.2 php7-bcmath-7.4.6-3.14.2 php7-bcmath-debuginfo-7.4.6-3.14.2 php7-bz2-7.4.6-3.14.2 php7-bz2-debuginfo-7.4.6-3.14.2 php7-calendar-7.4.6-3.14.2 php7-calendar-debuginfo-7.4.6-3.14.2 php7-ctype-7.4.6-3.14.2 php7-ctype-debuginfo-7.4.6-3.14.2 php7-curl-7.4.6-3.14.2 php7-curl-debuginfo-7.4.6-3.14.2 php7-dba-7.4.6-3.14.2 php7-dba-debuginfo-7.4.6-3.14.2 php7-debuginfo-7.4.6-3.14.2 php7-debugsource-7.4.6-3.14.2 php7-devel-7.4.6-3.14.2 php7-dom-7.4.6-3.14.2 php7-dom-debuginfo-7.4.6-3.14.2 php7-enchant-7.4.6-3.14.2 php7-enchant-debuginfo-7.4.6-3.14.2 php7-exif-7.4.6-3.14.2 php7-exif-debuginfo-7.4.6-3.14.2 php7-fastcgi-7.4.6-3.14.2 php7-fastcgi-debuginfo-7.4.6-3.14.2 php7-fileinfo-7.4.6-3.14.2 php7-fileinfo-debuginfo-7.4.6-3.14.2 php7-fpm-7.4.6-3.14.2 php7-fpm-debuginfo-7.4.6-3.14.2 php7-ftp-7.4.6-3.14.2 php7-ftp-debuginfo-7.4.6-3.14.2 php7-gd-7.4.6-3.14.2 php7-gd-debuginfo-7.4.6-3.14.2 php7-gettext-7.4.6-3.14.2 php7-gettext-debuginfo-7.4.6-3.14.2 php7-gmp-7.4.6-3.14.2 php7-gmp-debuginfo-7.4.6-3.14.2 php7-iconv-7.4.6-3.14.2 php7-iconv-debuginfo-7.4.6-3.14.2 php7-intl-7.4.6-3.14.2 php7-intl-debuginfo-7.4.6-3.14.2 php7-json-7.4.6-3.14.2 php7-json-debuginfo-7.4.6-3.14.2 php7-ldap-7.4.6-3.14.2 php7-ldap-debuginfo-7.4.6-3.14.2 php7-mbstring-7.4.6-3.14.2 php7-mbstring-debuginfo-7.4.6-3.14.2 php7-mysql-7.4.6-3.14.2 php7-mysql-debuginfo-7.4.6-3.14.2 php7-odbc-7.4.6-3.14.2 php7-odbc-debuginfo-7.4.6-3.14.2 php7-opcache-7.4.6-3.14.2 php7-opcache-debuginfo-7.4.6-3.14.2 php7-openssl-7.4.6-3.14.2 php7-openssl-debuginfo-7.4.6-3.14.2 php7-pcntl-7.4.6-3.14.2 php7-pcntl-debuginfo-7.4.6-3.14.2 php7-pdo-7.4.6-3.14.2 php7-pdo-debuginfo-7.4.6-3.14.2 php7-pgsql-7.4.6-3.14.2 php7-pgsql-debuginfo-7.4.6-3.14.2 php7-phar-7.4.6-3.14.2 php7-phar-debuginfo-7.4.6-3.14.2 php7-posix-7.4.6-3.14.2 php7-posix-debuginfo-7.4.6-3.14.2 php7-readline-7.4.6-3.14.2 php7-readline-debuginfo-7.4.6-3.14.2 php7-shmop-7.4.6-3.14.2 php7-shmop-debuginfo-7.4.6-3.14.2 php7-snmp-7.4.6-3.14.2 php7-snmp-debuginfo-7.4.6-3.14.2 php7-soap-7.4.6-3.14.2 php7-soap-debuginfo-7.4.6-3.14.2 php7-sockets-7.4.6-3.14.2 php7-sockets-debuginfo-7.4.6-3.14.2 php7-sodium-7.4.6-3.14.2 php7-sodium-debuginfo-7.4.6-3.14.2 php7-sqlite-7.4.6-3.14.2 php7-sqlite-debuginfo-7.4.6-3.14.2 php7-sysvmsg-7.4.6-3.14.2 php7-sysvmsg-debuginfo-7.4.6-3.14.2 php7-sysvsem-7.4.6-3.14.2 php7-sysvsem-debuginfo-7.4.6-3.14.2 php7-sysvshm-7.4.6-3.14.2 php7-sysvshm-debuginfo-7.4.6-3.14.2 php7-tidy-7.4.6-3.14.2 php7-tidy-debuginfo-7.4.6-3.14.2 php7-tokenizer-7.4.6-3.14.2 php7-tokenizer-debuginfo-7.4.6-3.14.2 php7-xmlreader-7.4.6-3.14.2 php7-xmlreader-debuginfo-7.4.6-3.14.2 php7-xmlrpc-7.4.6-3.14.2 php7-xmlrpc-debuginfo-7.4.6-3.14.2 php7-xmlwriter-7.4.6-3.14.2 php7-xmlwriter-debuginfo-7.4.6-3.14.2 php7-xsl-7.4.6-3.14.2 php7-xsl-debuginfo-7.4.6-3.14.2 php7-zip-7.4.6-3.14.2 php7-zip-debuginfo-7.4.6-3.14.2 php7-zlib-7.4.6-3.14.2 php7-zlib-debuginfo-7.4.6-3.14.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.4.6-3.14.2 php7-debugsource-7.4.6-3.14.2 php7-embed-7.4.6-3.14.2 php7-embed-debuginfo-7.4.6-3.14.2 References: https://www.suse.com/security/cve/CVE-2020-7071.html https://bugzilla.suse.com/1180706 From sle-updates at lists.suse.com Thu Jan 14 07:25:46 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Jan 2021 15:25:46 +0100 (CET) Subject: SUSE-SU-2021:0125-1: moderate: Security update for php72 Message-ID: <20210114142546.E69C2FF14@maintenance.suse.de> SUSE Security Update: Security update for php72 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0125-1 Rating: moderate References: #1180706 Cross-References: CVE-2020-7071 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for php72 fixes the following issue: - CVE-2020-7071: Fixed an insufficient filter in parse_url() that accepted URLs with invalid userinfo (bsc#1180706). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-125=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2021-125=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): php72-debuginfo-7.2.5-1.57.1 php72-debugsource-7.2.5-1.57.1 php72-devel-7.2.5-1.57.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php72-7.2.5-1.57.1 apache2-mod_php72-debuginfo-7.2.5-1.57.1 php72-7.2.5-1.57.1 php72-bcmath-7.2.5-1.57.1 php72-bcmath-debuginfo-7.2.5-1.57.1 php72-bz2-7.2.5-1.57.1 php72-bz2-debuginfo-7.2.5-1.57.1 php72-calendar-7.2.5-1.57.1 php72-calendar-debuginfo-7.2.5-1.57.1 php72-ctype-7.2.5-1.57.1 php72-ctype-debuginfo-7.2.5-1.57.1 php72-curl-7.2.5-1.57.1 php72-curl-debuginfo-7.2.5-1.57.1 php72-dba-7.2.5-1.57.1 php72-dba-debuginfo-7.2.5-1.57.1 php72-debuginfo-7.2.5-1.57.1 php72-debugsource-7.2.5-1.57.1 php72-dom-7.2.5-1.57.1 php72-dom-debuginfo-7.2.5-1.57.1 php72-enchant-7.2.5-1.57.1 php72-enchant-debuginfo-7.2.5-1.57.1 php72-exif-7.2.5-1.57.1 php72-exif-debuginfo-7.2.5-1.57.1 php72-fastcgi-7.2.5-1.57.1 php72-fastcgi-debuginfo-7.2.5-1.57.1 php72-fileinfo-7.2.5-1.57.1 php72-fileinfo-debuginfo-7.2.5-1.57.1 php72-fpm-7.2.5-1.57.1 php72-fpm-debuginfo-7.2.5-1.57.1 php72-ftp-7.2.5-1.57.1 php72-ftp-debuginfo-7.2.5-1.57.1 php72-gd-7.2.5-1.57.1 php72-gd-debuginfo-7.2.5-1.57.1 php72-gettext-7.2.5-1.57.1 php72-gettext-debuginfo-7.2.5-1.57.1 php72-gmp-7.2.5-1.57.1 php72-gmp-debuginfo-7.2.5-1.57.1 php72-iconv-7.2.5-1.57.1 php72-iconv-debuginfo-7.2.5-1.57.1 php72-imap-7.2.5-1.57.1 php72-imap-debuginfo-7.2.5-1.57.1 php72-intl-7.2.5-1.57.1 php72-intl-debuginfo-7.2.5-1.57.1 php72-json-7.2.5-1.57.1 php72-json-debuginfo-7.2.5-1.57.1 php72-ldap-7.2.5-1.57.1 php72-ldap-debuginfo-7.2.5-1.57.1 php72-mbstring-7.2.5-1.57.1 php72-mbstring-debuginfo-7.2.5-1.57.1 php72-mysql-7.2.5-1.57.1 php72-mysql-debuginfo-7.2.5-1.57.1 php72-odbc-7.2.5-1.57.1 php72-odbc-debuginfo-7.2.5-1.57.1 php72-opcache-7.2.5-1.57.1 php72-opcache-debuginfo-7.2.5-1.57.1 php72-openssl-7.2.5-1.57.1 php72-openssl-debuginfo-7.2.5-1.57.1 php72-pcntl-7.2.5-1.57.1 php72-pcntl-debuginfo-7.2.5-1.57.1 php72-pdo-7.2.5-1.57.1 php72-pdo-debuginfo-7.2.5-1.57.1 php72-pgsql-7.2.5-1.57.1 php72-pgsql-debuginfo-7.2.5-1.57.1 php72-phar-7.2.5-1.57.1 php72-phar-debuginfo-7.2.5-1.57.1 php72-posix-7.2.5-1.57.1 php72-posix-debuginfo-7.2.5-1.57.1 php72-pspell-7.2.5-1.57.1 php72-pspell-debuginfo-7.2.5-1.57.1 php72-readline-7.2.5-1.57.1 php72-readline-debuginfo-7.2.5-1.57.1 php72-shmop-7.2.5-1.57.1 php72-shmop-debuginfo-7.2.5-1.57.1 php72-snmp-7.2.5-1.57.1 php72-snmp-debuginfo-7.2.5-1.57.1 php72-soap-7.2.5-1.57.1 php72-soap-debuginfo-7.2.5-1.57.1 php72-sockets-7.2.5-1.57.1 php72-sockets-debuginfo-7.2.5-1.57.1 php72-sodium-7.2.5-1.57.1 php72-sodium-debuginfo-7.2.5-1.57.1 php72-sqlite-7.2.5-1.57.1 php72-sqlite-debuginfo-7.2.5-1.57.1 php72-sysvmsg-7.2.5-1.57.1 php72-sysvmsg-debuginfo-7.2.5-1.57.1 php72-sysvsem-7.2.5-1.57.1 php72-sysvsem-debuginfo-7.2.5-1.57.1 php72-sysvshm-7.2.5-1.57.1 php72-sysvshm-debuginfo-7.2.5-1.57.1 php72-tidy-7.2.5-1.57.1 php72-tidy-debuginfo-7.2.5-1.57.1 php72-tokenizer-7.2.5-1.57.1 php72-tokenizer-debuginfo-7.2.5-1.57.1 php72-wddx-7.2.5-1.57.1 php72-wddx-debuginfo-7.2.5-1.57.1 php72-xmlreader-7.2.5-1.57.1 php72-xmlreader-debuginfo-7.2.5-1.57.1 php72-xmlrpc-7.2.5-1.57.1 php72-xmlrpc-debuginfo-7.2.5-1.57.1 php72-xmlwriter-7.2.5-1.57.1 php72-xmlwriter-debuginfo-7.2.5-1.57.1 php72-xsl-7.2.5-1.57.1 php72-xsl-debuginfo-7.2.5-1.57.1 php72-zip-7.2.5-1.57.1 php72-zip-debuginfo-7.2.5-1.57.1 php72-zlib-7.2.5-1.57.1 php72-zlib-debuginfo-7.2.5-1.57.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): php72-pear-7.2.5-1.57.1 php72-pear-Archive_Tar-7.2.5-1.57.1 References: https://www.suse.com/security/cve/CVE-2020-7071.html https://bugzilla.suse.com/1180706 From sle-updates at lists.suse.com Thu Jan 14 07:26:49 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Jan 2021 15:26:49 +0100 (CET) Subject: SUSE-SU-2021:0123-1: important: Security update for MozillaThunderbird Message-ID: <20210114142649.3761EFF14@maintenance.suse.de> SUSE Security Update: Security update for MozillaThunderbird ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0123-1 Rating: important References: #1180623 Cross-References: CVE-2020-16044 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 78.6.1 * changed: MailExtensions: browserAction, composeAction, and messageDisplayAction toolbar buttons now support label and default_label properties (bmo#1583478) * fixed: Running a quicksearch that returned no results did not offer to re-run as a global search (bmo#1663153) * fixed: Message search toolbar fixes (bmo#1681010) * fixed: Very long subject lines distorted the message compose and display windows, making them unusable (bmo#77806) * fixed: Compose window: Recipient addresses that had not yet been autocompleted were lost when clicking Send button (bmo#1674054) * fixed: Compose window: New message is no longer marked as "changed" just from tabbing out of the recipient field without editing anything (bmo#1681389) * fixed: Account autodiscover fixes when using MS Exchange servers (bmo#1679759) * fixed: LDAP address book stability fix (bmo#1680914) * fixed: Messages with invalid vcard attachments were not marked as read when viewed in the preview window (bmo#1680468) * fixed: Chat: Could not add TLS certificate exceptions for XMPP connections (bmo#1590471) * fixed: Calendar: System timezone was not always properly detected (bmo#1678839) * fixed: Calendar: Descriptions were sometimes blank when editing a single occurrence of a repeating event (bmo#1664731) * fixed: Various printing bugfixes (bmo#1676166) * fixed: Visual consistency and theme improvements (bmo#1682808) MFSA 2021-02 (bsc#1180623) * CVE-2020-16044 (bmo#1683964) Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2021-123=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): MozillaThunderbird-78.6.1-8.6.1 MozillaThunderbird-debuginfo-78.6.1-8.6.1 MozillaThunderbird-debugsource-78.6.1-8.6.1 MozillaThunderbird-translations-common-78.6.1-8.6.1 MozillaThunderbird-translations-other-78.6.1-8.6.1 References: https://www.suse.com/security/cve/CVE-2020-16044.html https://bugzilla.suse.com/1180623 From sle-updates at lists.suse.com Thu Jan 14 07:27:50 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Jan 2021 15:27:50 +0100 (CET) Subject: SUSE-SU-2021:0126-1: moderate: Security update for php74 Message-ID: <20210114142750.ED4A1FF14@maintenance.suse.de> SUSE Security Update: Security update for php74 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0126-1 Rating: moderate References: #1180706 Cross-References: CVE-2020-7071 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for php74 fixes the following issue: - CVE-2020-7071: Fixed an insufficient filter in parse_url() that accepted URLs with invalid userinfo (bsc#1180706). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-126=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2021-126=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): php74-debuginfo-7.4.6-1.16.1 php74-debugsource-7.4.6-1.16.1 php74-devel-7.4.6-1.16.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php74-7.4.6-1.16.1 apache2-mod_php74-debuginfo-7.4.6-1.16.1 php74-7.4.6-1.16.1 php74-bcmath-7.4.6-1.16.1 php74-bcmath-debuginfo-7.4.6-1.16.1 php74-bz2-7.4.6-1.16.1 php74-bz2-debuginfo-7.4.6-1.16.1 php74-calendar-7.4.6-1.16.1 php74-calendar-debuginfo-7.4.6-1.16.1 php74-ctype-7.4.6-1.16.1 php74-ctype-debuginfo-7.4.6-1.16.1 php74-curl-7.4.6-1.16.1 php74-curl-debuginfo-7.4.6-1.16.1 php74-dba-7.4.6-1.16.1 php74-dba-debuginfo-7.4.6-1.16.1 php74-debuginfo-7.4.6-1.16.1 php74-debugsource-7.4.6-1.16.1 php74-dom-7.4.6-1.16.1 php74-dom-debuginfo-7.4.6-1.16.1 php74-enchant-7.4.6-1.16.1 php74-enchant-debuginfo-7.4.6-1.16.1 php74-exif-7.4.6-1.16.1 php74-exif-debuginfo-7.4.6-1.16.1 php74-fastcgi-7.4.6-1.16.1 php74-fastcgi-debuginfo-7.4.6-1.16.1 php74-fileinfo-7.4.6-1.16.1 php74-fileinfo-debuginfo-7.4.6-1.16.1 php74-fpm-7.4.6-1.16.1 php74-fpm-debuginfo-7.4.6-1.16.1 php74-ftp-7.4.6-1.16.1 php74-ftp-debuginfo-7.4.6-1.16.1 php74-gd-7.4.6-1.16.1 php74-gd-debuginfo-7.4.6-1.16.1 php74-gettext-7.4.6-1.16.1 php74-gettext-debuginfo-7.4.6-1.16.1 php74-gmp-7.4.6-1.16.1 php74-gmp-debuginfo-7.4.6-1.16.1 php74-iconv-7.4.6-1.16.1 php74-iconv-debuginfo-7.4.6-1.16.1 php74-intl-7.4.6-1.16.1 php74-intl-debuginfo-7.4.6-1.16.1 php74-json-7.4.6-1.16.1 php74-json-debuginfo-7.4.6-1.16.1 php74-ldap-7.4.6-1.16.1 php74-ldap-debuginfo-7.4.6-1.16.1 php74-mbstring-7.4.6-1.16.1 php74-mbstring-debuginfo-7.4.6-1.16.1 php74-mysql-7.4.6-1.16.1 php74-mysql-debuginfo-7.4.6-1.16.1 php74-odbc-7.4.6-1.16.1 php74-odbc-debuginfo-7.4.6-1.16.1 php74-opcache-7.4.6-1.16.1 php74-opcache-debuginfo-7.4.6-1.16.1 php74-openssl-7.4.6-1.16.1 php74-openssl-debuginfo-7.4.6-1.16.1 php74-pcntl-7.4.6-1.16.1 php74-pcntl-debuginfo-7.4.6-1.16.1 php74-pdo-7.4.6-1.16.1 php74-pdo-debuginfo-7.4.6-1.16.1 php74-pgsql-7.4.6-1.16.1 php74-pgsql-debuginfo-7.4.6-1.16.1 php74-phar-7.4.6-1.16.1 php74-phar-debuginfo-7.4.6-1.16.1 php74-posix-7.4.6-1.16.1 php74-posix-debuginfo-7.4.6-1.16.1 php74-readline-7.4.6-1.16.1 php74-readline-debuginfo-7.4.6-1.16.1 php74-shmop-7.4.6-1.16.1 php74-shmop-debuginfo-7.4.6-1.16.1 php74-snmp-7.4.6-1.16.1 php74-snmp-debuginfo-7.4.6-1.16.1 php74-soap-7.4.6-1.16.1 php74-soap-debuginfo-7.4.6-1.16.1 php74-sockets-7.4.6-1.16.1 php74-sockets-debuginfo-7.4.6-1.16.1 php74-sodium-7.4.6-1.16.1 php74-sodium-debuginfo-7.4.6-1.16.1 php74-sqlite-7.4.6-1.16.1 php74-sqlite-debuginfo-7.4.6-1.16.1 php74-sysvmsg-7.4.6-1.16.1 php74-sysvmsg-debuginfo-7.4.6-1.16.1 php74-sysvsem-7.4.6-1.16.1 php74-sysvsem-debuginfo-7.4.6-1.16.1 php74-sysvshm-7.4.6-1.16.1 php74-sysvshm-debuginfo-7.4.6-1.16.1 php74-tidy-7.4.6-1.16.1 php74-tidy-debuginfo-7.4.6-1.16.1 php74-tokenizer-7.4.6-1.16.1 php74-tokenizer-debuginfo-7.4.6-1.16.1 php74-xmlreader-7.4.6-1.16.1 php74-xmlreader-debuginfo-7.4.6-1.16.1 php74-xmlrpc-7.4.6-1.16.1 php74-xmlrpc-debuginfo-7.4.6-1.16.1 php74-xmlwriter-7.4.6-1.16.1 php74-xmlwriter-debuginfo-7.4.6-1.16.1 php74-xsl-7.4.6-1.16.1 php74-xsl-debuginfo-7.4.6-1.16.1 php74-zip-7.4.6-1.16.1 php74-zip-debuginfo-7.4.6-1.16.1 php74-zlib-7.4.6-1.16.1 php74-zlib-debuginfo-7.4.6-1.16.1 References: https://www.suse.com/security/cve/CVE-2020-7071.html https://bugzilla.suse.com/1180706 From sle-updates at lists.suse.com Thu Jan 14 07:28:54 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Jan 2021 15:28:54 +0100 (CET) Subject: SUSE-SU-2021:0129-1: moderate: Security update for openldap2 Message-ID: <20210114142854.69A1FFEDA@maintenance.suse.de> SUSE Security Update: Security update for openldap2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0129-1 Rating: moderate References: #1178909 #1179503 Cross-References: CVE-2020-25709 CVE-2020-25710 Affected Products: SUSE Linux Enterprise Module for Legacy Software 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 15-SP2: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2021-129=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-129=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-129=1 Package List: - SUSE Linux Enterprise Module for Legacy Software 15-SP2 (aarch64 ppc64le s390x x86_64): openldap2-2.4.46-9.45.1 openldap2-back-meta-2.4.46-9.45.1 openldap2-back-meta-debuginfo-2.4.46-9.45.1 openldap2-back-perl-2.4.46-9.45.1 openldap2-back-perl-debuginfo-2.4.46-9.45.1 openldap2-debuginfo-2.4.46-9.45.1 openldap2-debugsource-2.4.46-9.45.1 openldap2-ppolicy-check-password-1.2-9.45.1 openldap2-ppolicy-check-password-debuginfo-1.2-9.45.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (x86_64): openldap2-debugsource-2.4.46-9.45.1 openldap2-devel-32bit-2.4.46-9.45.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libldap-2_4-2-2.4.46-9.45.1 libldap-2_4-2-debuginfo-2.4.46-9.45.1 openldap2-client-2.4.46-9.45.1 openldap2-client-debuginfo-2.4.46-9.45.1 openldap2-debugsource-2.4.46-9.45.1 openldap2-devel-2.4.46-9.45.1 openldap2-devel-static-2.4.46-9.45.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): libldap-data-2.4.46-9.45.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libldap-2_4-2-32bit-2.4.46-9.45.1 libldap-2_4-2-32bit-debuginfo-2.4.46-9.45.1 References: https://www.suse.com/security/cve/CVE-2020-25709.html https://www.suse.com/security/cve/CVE-2020-25710.html https://bugzilla.suse.com/1178909 https://bugzilla.suse.com/1179503 From sle-updates at lists.suse.com Thu Jan 14 10:16:24 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Jan 2021 18:16:24 +0100 (CET) Subject: SUSE-SU-2021:14597-1: moderate: Security update for openldap2 Message-ID: <20210114171624.13900FEDA@maintenance.suse.de> SUSE Security Update: Security update for openldap2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14597-1 Rating: moderate References: #1178909 Cross-References: CVE-2020-25709 CVE-2020-25710 Affected Products: SUSE Linux Enterprise Server 11-SECURITY ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for openldap2 fixes the following issues: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-openldap2-14597=1 Package List: - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): libldap-openssl1-2_4-2-2.4.26-0.74.19.1 openldap2-client-openssl1-2.4.26-0.74.19.1 openldap2-openssl1-2.4.26-0.74.19.1 - SUSE Linux Enterprise Server 11-SECURITY (ppc64 s390x x86_64): libldap-openssl1-2_4-2-32bit-2.4.26-0.74.19.1 - SUSE Linux Enterprise Server 11-SECURITY (ia64): libldap-openssl1-2_4-2-x86-2.4.26-0.74.19.1 References: https://www.suse.com/security/cve/CVE-2020-25709.html https://www.suse.com/security/cve/CVE-2020-25710.html https://bugzilla.suse.com/1178909 From sle-updates at lists.suse.com Thu Jan 14 10:18:19 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Jan 2021 18:18:19 +0100 (CET) Subject: SUSE-RU-2021:0130-1: moderate: Recommended update for aide Message-ID: <20210114171819.C0E18FEDA@maintenance.suse.de> SUSE Recommended Update: Recommended update for aide ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0130-1 Rating: moderate References: #1180165 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for aide fixes the following issue: - Add a `syslog_format` to Advanced Intrusion Detection Environment (AIDE). (bsc#1180165) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-130=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2021-130=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): aide-0.16-3.6.1 aide-debuginfo-0.16-3.6.1 aide-debugsource-0.16-3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): aide-0.16-3.6.1 aide-debuginfo-0.16-3.6.1 aide-debugsource-0.16-3.6.1 References: https://bugzilla.suse.com/1180165 From sle-updates at lists.suse.com Thu Jan 14 23:57:42 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Jan 2021 07:57:42 +0100 (CET) Subject: SUSE-CU-2021:22-1: Security update of suse/sles12sp5 Message-ID: <20210115065742.B6DDEFEDA@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:22-1 Container Tags : suse/sles12sp5:6.5.118 , suse/sles12sp5:latest Container Release : 6.5.118 Severity : moderate Type : security References : 1178909 CVE-2020-25709 CVE-2020-25710 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:128-1 Released: Thu Jan 14 11:01:24 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). From sle-updates at lists.suse.com Fri Jan 15 00:13:20 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Jan 2021 08:13:20 +0100 (CET) Subject: SUSE-CU-2021:23-1: Security update of suse/sle15 Message-ID: <20210115071320.47D36FEDA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:23-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.326 Container Release : 4.22.326 Severity : moderate Type : security References : 1178909 1179503 CVE-2020-25709 CVE-2020-25710 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:129-1 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) From sle-updates at lists.suse.com Fri Jan 15 00:26:42 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Jan 2021 08:26:42 +0100 (CET) Subject: SUSE-CU-2021:24-1: Security update of suse/sle15 Message-ID: <20210115072642.F23EFFEDA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:24-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.379 Container Release : 6.2.379 Severity : moderate Type : security References : 1178909 1179503 CVE-2020-25709 CVE-2020-25710 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:129-1 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) From sle-updates at lists.suse.com Fri Jan 15 03:57:09 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Jan 2021 11:57:09 +0100 (CET) Subject: SUSE-CU-2021:25-1: Security update of suse/sle15 Message-ID: <20210115105709.06E66FEDA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:25-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.8.2.823 Container Release : 8.2.823 Severity : moderate Type : security References : 1178909 1179503 CVE-2020-25709 CVE-2020-25710 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:129-1 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) From sle-updates at lists.suse.com Fri Jan 15 04:17:02 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Jan 2021 12:17:02 +0100 (CET) Subject: SUSE-SU-2021:0133-1: important: Security update for the Linux Kernel Message-ID: <20210115111702.26F78FEDA@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0133-1 Rating: important References: #1040855 #1044120 #1044767 #1050242 #1050536 #1050545 #1055117 #1056653 #1056657 #1056787 #1064802 #1065729 #1066129 #1094840 #1103990 #1103992 #1104389 #1104393 #1109695 #1109837 #1110096 #1112178 #1112374 #1114648 #1115431 #1118657 #1122971 #1129770 #1136460 #1136461 #1138374 #1139944 #1144912 #1152457 #1163727 #1164780 #1171078 #1172145 #1172538 #1172694 #1174784 #1174852 #1176558 #1176559 #1176956 #1177666 #1178270 #1178372 #1178401 #1178590 #1178634 #1178762 #1179014 #1179015 #1179045 #1179082 #1179107 #1179142 #1179204 #1179403 #1179406 #1179418 #1179419 #1179421 #1179444 #1179520 #1179578 #1179601 #1179616 #1179663 #1179666 #1179670 #1179671 #1179672 #1179673 #1179711 #1179713 #1179714 #1179715 #1179716 #1179722 #1179723 #1179724 #1179745 #1179810 #1179888 #1179895 #1179896 #1179960 #1179963 #1180027 #1180029 #1180031 #1180052 #1180086 #1180117 #1180258 #1180506 #1180559 Cross-References: CVE-2018-20669 CVE-2019-20934 CVE-2020-0444 CVE-2020-0465 CVE-2020-0466 CVE-2020-27068 CVE-2020-27777 CVE-2020-27786 CVE-2020-27825 CVE-2020-28374 CVE-2020-29660 CVE-2020-29661 CVE-2020-36158 CVE-2020-4788 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise High Availability 12-SP5 ______________________________________________________________________________ An update that solves 14 vulnerabilities and has 85 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-28374: Fixed a LIO security issue (bsc#1178372). - CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559). - CVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960). - CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031). - CVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086). - CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029). - CVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027). - CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745). - CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745). - CVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107). - CVE-2019-20934: Fixed a use-after-free in show_numa_stats() because NUMA fault statistics were inappropriately freed, aka CID-16d51a590a8c (bsc#1179663). - CVE-2020-27786: Fixed a use after free in kernel midi subsystem snd_rawmidi_kernel_read1() (bsc#1179601). - CVE-2020-4788: Fixed an issue with IBM Power9 processors could have allowed a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances (bsc#1177666). - CVE-2018-20669: Fixed an improper check i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c (bsc#1122971). The following non-security bugs were fixed: - ACPI: PNP: compare the string length in the matching_id() (git-fixes). - ACPICA: Disassembler: create buffer fields in ACPI_PARSE_LOAD_PASS1 (git-fixes). - ACPICA: Do not increment operation_region reference counts for field units (git-fixes). - ALSA: ca0106: fix error code handling (git-fixes). - ALSA: ctl: allow TLV read operation for callback type of element in locked case (git-fixes). - ALSA: hda - Fix silent audio output and corrupted input on MSI X570-A PRO (git-fixes). - ALSA: hda/ca0132 - Change Input Source enum strings (git-fixes). - ALSA: hda/ca0132 - Fix AE-5 rear headphone pincfg (git-fixes). - ALSA: hda/generic: Add option to enforce preferred_dacs pairs (git-fixes). - ALSA: hda/hdmi: always check pin power status in i915 pin fixup (git-fixes). - ALSA: hda/realtek - Add new codec supported for ALC897 (git-fixes). - ALSA: hda/realtek - Couldn't detect Mic if booting with headset plugged (git-fixes). - ALSA: hda/realtek - Enable headset mic of ASUS Q524UQK with ALC255 (git-fixes). - ALSA: hda/realtek: Add mute LED quirk to yet another HP x360 model (git-fixes). - ALSA: hda/realtek: Add some Clove SSID in the ALC293(ALC1220) (git-fixes). - ALSA: hda/realtek: Enable front panel headset LED on Lenovo ThinkStation P520 (git-fixes). - ALSA: hda/realtek: Enable headset of ASUS UX482EG & B9400CEA with ALC294 (git-fixes). - ALSA: hda: Add NVIDIA codec IDs 9a & 9d through a0 to patch table (git-fixes). - ALSA: hda: Fix potential race in unsol event handler (git-fixes). - ALSA: hda: Fix regressions on clear and reconfig sysfs (git-fixes). - ALSA: info: Drop WARN_ON() from buffer NULL sanity check (git-fixes). - ALSA: isa/wavefront: prevent out of bounds write in ioctl (git-fixes). - ALSA: line6: Perform sanity check for each URB creation (git-fixes). - ALSA: pcm: oss: Fix a few more UBSAN fixes (git-fixes). - ALSA: pcm: oss: Fix potential out-of-bounds shift (git-fixes). - ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw sanity check (git-fixes). - ALSA: timer: Limit max amount of slave instances (git-fixes). - ALSA: usb-audio: Add delay quirk for all Logitech USB devices (git-fixes). - ALSA: usb-audio: Add delay quirk for H570e USB headsets (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for MODX (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for Qu-16 (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for Zoom UAC-2 (git-fixes). - ALSA: usb-audio: add quirk for Denon DCD-1500RE (git-fixes). - ALSA: usb-audio: add quirk for Samsung USBC Headset (AKG) (git-fixes). - ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Alpha S (git-fixes). - ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Flight S (git-fixes). - ALSA: usb-audio: add usb vendor id as DSD-capable for Khadas devices (git-fixes). - ALSA: usb-audio: Disable sample read check if firmware does not give back (git-fixes). - ALSA: usb-audio: Fix control 'access overflow' errors from chmap (git-fixes). - ALSA: usb-audio: Fix OOB access of mixer element list (git-fixes). - ALSA: usb-audio: Fix potential out-of-bounds shift (git-fixes). - ALSA: usb-audio: Fix race against the error recovery URB submission (git-fixes). - ALSA: usb-audio: US16x08: fix value count for level meters (git-fixes). - ASoC: arizona: Fix a wrong free in wm8997_probe (git-fixes). - ASoC: cx2072x: Fix doubly definitions of Playback and Capture streams (git-fixes). - ASoC: fsl_asrc_dma: Fix dma_chan leak when config DMA channel failed (git-fixes). - ASoC: jz4740-i2s: add missed checks for clk_get() (git-fixes). - ASoC: pcm3168a: The codec does not support S32_LE (git-fixes). - ASoC: pcm: DRAIN support reactivation (git-fixes). - ASoC: rt5677: Mark reg RT5677_PWR_ANLG2 as volatile (git-fixes). - ASoC: sti: fix possible sleep-in-atomic (git-fixes). - ASoC: wm8904: fix regcache handling (git-fixes). - ASoC: wm8998: Fix PM disable depth imbalance on error (git-fixes). - ASoC: wm_adsp: Do not generate kcontrols without READ flags (git-fixes). - ASoC: wm_adsp: remove "ctl" from list on error in wm_adsp_create_control() (git-fixes). - ata/libata: Fix usage of page address by page_address in ata_scsi_mode_select_xlat function (git-fixes). - ath10k: Fix an error handling path (git-fixes). - ath10k: fix backtrace on coredump (git-fixes). - ath10k: fix get invalid tx rate for Mesh metric (git-fixes). - ath10k: fix offchannel tx failure when no ath10k_mac_tx_frm_has_freq (git-fixes). - ath10k: Release some resources in an error handling path (git-fixes). - ath10k: Remove msdu from idr when management pkt send fails (git-fixes). - ath6kl: fix enum-conversion warning (git-fixes). - ath9k_htc: Discard undersized packets (git-fixes). - ath9k_htc: Modify byte order for an error message (git-fixes). - ath9k_htc: Silence undersized packet warnings (git-fixes). - ath9k_htc: Use appropriate rs_datalen type (git-fixes). - Avoid a GCC warning about "/*" within a comment. - backlight: lp855x: Ensure regulators are disabled on probe failure (git-fixes). - Bluetooth: add a mutex lock to avoid UAF in do_enale_set (git-fixes). - Bluetooth: btusb: Fix detection of some fake CSR controllers with a bcdDevice val of 0x0134 (git-fixes). - Bluetooth: Fix advertising duplicated flags (git-fixes). - Bluetooth: Fix null pointer dereference in hci_event_packet() (git-fixes). - Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt() (git-fixes). - bnxt_en: Fix race when modifying pause settings (bsc#1050242 ). - bnxt_en: Protect bnxt_set_eee() and bnxt_set_pauseparam() with mutex (bsc#1050242). - btmrvl: Fix firmware filename for sd8997 chipset (bsc#1172694). - btrfs: fix use-after-free on readahead extent after failure to create it (bsc#1179963). - btrfs: qgroup: do not commit transaction when we already hold the handle (bsc#1178634). - btrfs: remove a BUG_ON() from merge_reloc_roots() (bsc#1174784). - bus: fsl-mc: fix error return code in fsl_mc_object_allocate() (git-fixes). - can: mcp251x: add error check when wq alloc failed (git-fixes). - can: softing: softing_netdev_open(): fix error handling (git-fixes). - cfg80211: initialize rekey_data (git-fixes). - cfg80211: regulatory: Fix inconsistent format argument (git-fixes). - cifs: add NULL check for ses->tcon_ipc (bsc#1178270). - cifs: allow syscalls to be restarted in __smb_send_rqst() (bsc#1176956). - cifs: fix check of tcon dfs in smb1 (bsc#1178270). - cifs: fix potential use-after-free in cifs_echo_request() (bsc#1139944). - cirrus: cs89x0: remove set but not used variable 'lp' (git-fixes). - cirrus: cs89x0: use devm_platform_ioremap_resource() to simplify code (git-fixes). - clk: at91: usb: continue if clk_hw_round_rate() return zero (git-fixes). - clk: mvebu: a3700: fix the XTAL MODE pin to MPP1_9 (git-fixes). - clk: qcom: Allow constant ratio freq tables for rcg (git-fixes). - clk: qcom: msm8916: Fix the address location of pll->config_reg (git-fixes). - clk: s2mps11: Fix a resource leak in error handling paths in the probe function (git-fixes). - clk: samsung: exynos5433: Add IGNORE_UNUSED flag to sclk_i2s1 (git-fixes). - clk: sunxi-ng: Make sure divider tables have sentinel (git-fixes). - clk: tegra: Fix duplicated SE clock entry (git-fixes). - clk: tegra: Fix Tegra PMC clock out parents (git-fixes). - clk: ti: composite: fix memory leak (git-fixes). - clk: ti: dra7-atl-clock: Remove ti_clk_add_alias call (git-fixes). - clk: ti: Fix memleak in ti_fapll_synth_setup (git-fixes). - clocksource/drivers/asm9260: Add a check for of_clk_get (git-fixes). - coredump: fix core_pattern parse error (git-fixes). - cpufreq: highbank: Add missing MODULE_DEVICE_TABLE (git-fixes). - cpufreq: loongson1: Add missing MODULE_ALIAS (git-fixes). - cpufreq: scpi: Add missing MODULE_ALIAS (git-fixes). - cpufreq: st: Add missing MODULE_DEVICE_TABLE (git-fixes). - crypto: af_alg - avoid undefined behavior accessing salg_name (git-fixes). - crypto: omap-aes - Fix PM disable depth imbalance in omap_aes_probe (git-fixes). - crypto: qat - fix status check in qat_hal_put_rel_rd_xfer() (git-fixes). - crypto: talitos - Fix return type of current_desc_hdr() (git-fixes). - cw1200: fix missing destroy_workqueue() on error in cw1200_init_common (git-fixes). - cxgb4: Fix offset when clearing filter byte counters (bsc#1064802 bsc#1066129). - drivers: base: Fix NULL pointer exception in __platform_driver_probe() if a driver developer is foolish (git-fixes). - drivers: soc: ti: knav_qmss_queue: Fix error return code in knav_queue_probe (git-fixes). - drm/amd/display: remove useless if/else (git-fixes). - drm/amdgpu: fix build_coefficients() argument (git-fixes). - drm/dp_aux_dev: check aux_dev before use in drm_dp_aux_dev_get_by_minor() (git-fixes). - drm/gma500: fix double free of gma_connector (git-fixes). - drm/gma500: Fix out-of-bounds access to struct drm_device.vblank[] (bsc#1129770) - drm/meson: dw-hdmi: Register a callback to disable the regulator (git-fixes). - drm/msm/dpu: Add newline to printks (git-fixes). - drm/msm/dsi_phy_10nm: implement PHY disabling (git-fixes). - drm/omap: dmm_tiler: fix return error code in omap_dmm_probe() (git-fixes). - drm/rockchip: Avoid uninitialized use of endpoint id in LVDS (git-fixes). - EDAC/i10nm: Use readl() to access MMIO registers (12sp5). - epoll: Keep a reference on files added to the check list (bsc#1180031). - ext4: correctly report "not supported" for {usr,grp}jquota when !CONFIG_QUOTA (bsc#1179672). - ext4: fix bogus warning in ext4_update_dx_flag() (bsc#1179716). - ext4: fix error handling code in add_new_gdb (bsc#1179722). - ext4: fix invalid inode checksum (bsc#1179723). - ext4: fix leaking sysfs kobject after failed mount (bsc#1179670). - ext4: limit entries returned when counting fsmap records (bsc#1179671). - ext4: unlock xattr_sem properly in ext4_inline_data_truncate() (bsc#1179673). - extcon: max77693: Fix modalias string (git-fixes). - fbcon: Fix user font detection test at fbcon_resize(). (bsc#1112178) Backporting changes: * updated path drivers/video/fbcon/core to drivers/video/console - fbcon: Remove the superfluous break (bsc#1129770) Backporting changes: * updated path drivers/video/fbcon/core to drivers/video/console * context changes - firmware: qcom: scm: Ensure 'a0' status code is treated as signed (git-fixes). - fix regression in "epoll: Keep a reference on files added to the check list" (bsc#1180031, git-fixes). - forcedeth: use per cpu to collect xmit/recv statistics (git-fixes). - fs: Do not invalidate page buffers in block_write_full_page() (bsc#1179711). - geneve: change from tx_error to tx_dropped on missing metadata (git-fixes). - genirq/irqdomain: Add an irq_create_mapping_affinity() function (bsc#1065729). - gpio: arizona: handle pm_runtime_get_sync failure case (git-fixes). - gpio: gpio-grgpio: fix possible sleep-in-atomic-context bugs in grgpio_irq_map/unmap() (git-fixes). - gpio: max77620: Add missing dependency on GPIOLIB_IRQCHIP (git-fixes). - gpio: max77620: Fixup debounce delays (git-fixes). - gpio: max77620: Use correct unit for debounce times (git-fixes). - gpio: mpc8xxx: Add platform device to gpiochip->parent (git-fixes). - gpio: mvebu: fix potential user-after-free on probe (git-fixes). - gpiolib: acpi: Add honor_wakeup module-option + quirk mechanism (git-fixes). - gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2 10 BYT + AXP288 model (git-fixes). - gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2 10 CHT + AXP288 model (git-fixes). - gpiolib: acpi: Correct comment for HP x2 10 honor_wakeup quirk (git-fixes). - gpiolib: acpi: Rework honor_wakeup option into an ignore_wake option (git-fixes). - gpiolib: acpi: Turn dmi_system_id table into a generic quirk table (git-fixes). - gpiolib: fix up emulated open drain outputs (git-fixes). - HID: Add another Primax PIXART OEM mouse quirk (git-fixes). - HID: apple: Disable Fn-key key-re-mapping on clone keyboards (git-fixes). - HID: core: check whether Usage Page item is after Usage ID items (git-fixes). - HID: core: Correctly handle ReportSize being zero (git-fixes). - HID: cypress: Support Varmilo Keyboards' media hotkeys (git-fixes). - HID: Fix slab-out-of-bounds read in hid_field_extract (bsc#1180052). - HID: hid-sensor-hub: Fix issue with devices with no report ID (git-fixes). - HID: Improve Windows Precision Touchpad detection (git-fixes). - HID: intel-ish-hid: fix wrong error handling in ishtp_cl_alloc_tx_ring() (git-fixes). - HID: logitech-hidpp: Silence intermittent get_battery_capacity errors (git-fixes). - HSI: omap_ssi: Do not jump to free ID in ssi_add_controller() (git-fixes). - hwmon: (aspeed-pwm-tacho) Avoid possible buffer overflow (git-fixes). - hwmon: (jc42) Fix name to have no illegal characters (git-fixes). - i2c: algo: pca: Reapply i2c bus settings after reset (git-fixes). - i2c: i801: Fix resume bug (git-fixes). - i2c: piix4: Detect secondary SMBus controller on AMD AM4 chipsets (git-fixes). - i2c: pxa: clear all master action bits in i2c_pxa_stop_message() (git-fixes). - i2c: pxa: fix i2c_pxa_scream_blue_murder() debug output (git-fixes). - i2c: qup: Fix error return code in qup_i2c_bam_schedule_desc() (git-fixes). - ibmvnic: add some debugs (bsc#1179896 ltc#190255). - ibmvnic: avoid memset null scrq msgs (bsc#1044767 ltc#155231 git-fixes). - ibmvnic: continue fatal error reset after passive init (bsc#1171078 ltc#184239 git-fixes). - ibmvnic: delay next reset if hard reset fails (bsc#1094840 ltc#167098 git-fixes). - ibmvnic: enhance resetting status check during module exit (bsc#1065729). - ibmvnic: fix call_netdevice_notifiers in do_reset (bsc#1115431 ltc#171853 git-fixes). - ibmvnic: fix NULL pointer dereference in reset_sub_crq_queues (bsc#1040855 ltc#155067 git-fixes). - ibmvnic: fix: NULL pointer dereference (bsc#1044767 ltc#155231 git-fixes). - ibmvnic: notify peers when failover and migration happen (bsc#1044120 ltc#155423 git-fixes). - ibmvnic: restore adapter state on failed reset (bsc#1152457 ltc#174432 git-fixes). - igc: Fix returning wrong statistics (bsc#1118657). - iio: adc: max1027: Reset the device at probe time (git-fixes). - iio: adc: rockchip_saradc: fix missing clk_disable_unprepare() on error in rockchip_saradc_resume (git-fixes). - iio: bmp280: fix compensation of humidity (git-fixes). - iio: buffer: Fix demux update (git-fixes). - iio: dac: ad5592r: fix unbalanced mutex unlocks in ad5592r_read_raw() (git-fixes). - iio: fix center temperature of bmc150-accel-core (git-fixes). - iio: humidity: hdc100x: fix IIO_HUMIDITYRELATIVE channel reporting (git-fixes). - iio: light: bh1750: Resolve compiler warning and make code more readable (git-fixes). - iio: srf04: fix wrong limitation in distance measuring (git-fixes). - iio:imu:bmi160: Fix too large a buffer (git-fixes). - iio:pressure:mpl3115: Force alignment of buffer (git-fixes). - inet_ecn: Fix endianness of checksum update when setting ECT(1) (git-fixes). - Input: ads7846 - fix integer overflow on Rt calculation (git-fixes). - Input: ads7846 - fix race that causes missing releases (git-fixes). - Input: ads7846 - fix unaligned access on 7845 (git-fixes). - Input: atmel_mxt_ts - disable IRQ across suspend (git-fixes). - Input: cm109 - do not stomp on control URB (git-fixes). - Input: cros_ec_keyb - send 'scancodes' in addition to key events (git-fixes). - Input: cyapa_gen6 - fix out-of-bounds stack access (git-fixes). - Input: goodix - add upside-down quirk for Teclast X98 Pro tablet (git-fixes). - Input: i8042 - add Acer laptops to the i8042 reset list (git-fixes). - Input: i8042 - add ByteSpeed touchpad to noloop table (git-fixes). - Input: i8042 - add Entroware Proteus EL07R4 to nomux and reset lists (git-fixes). - Input: i8042 - allow insmod to succeed on devices without an i8042 controller (git-fixes). - Input: i8042 - fix error return code in i8042_setup_aux() (git-fixes). - Input: omap4-keypad - fix runtime PM error handling (git-fixes). - Input: synaptics - enable InterTouch for ThinkPad X1E 1st gen (git-fixes). - Input: trackpoint - add new trackpoint variant IDs (git-fixes). - Input: trackpoint - enable Synaptics trackpoints (git-fixes). - Input: xpad - support Ardwiino Controllers (git-fixes). - ipw2x00: Fix -Wcast-function-type (git-fixes). - irqchip/alpine-msi: Fix freeing of interrupts on allocation error path (git-fixes). - iwlwifi: mvm: fix kernel panic in case of assert during CSA (git-fixes). - iwlwifi: mvm: fix unaligned read of rx_pkt_status (git-fixes). - iwlwifi: pcie: limit memory read spin time (git-fixes). - kABI fix for g2d (git-fixes). - kABI workaround for dsa/b53 changes (git-fixes). - kABI workaround for HD-audio generic parser (git-fixes). - kABI workaround for net/ipvlan changes (git-fixes). - kABI workaround for usermodehelper changes (bsc#1179406). - kABI: ath10k: move a new structure member to the end (git-fixes). - kABI: genirq: add back irq_create_mapping (bsc#1065729). - kernel-source.spec: Fix build with rpm 4.16 (boo#1179015). RPM_BUILD_ROOT is cleared before %%install. Do the unpack into RPM_BUILD_ROOT in %%install - kernel-{binary,source}.spec.in: do not create loop symlinks (bsc#1179082) - kernel/cpu: add arch override for clear_tasks_mm_cpumask() mm handling (bsc#1055117 ltc#159753 git-fixes bsc#1179888 ltc#190253). - kgdb: Fix spurious true from in_dbg_master() (git-fixes). - KVM: x86: reinstate vendor-agnostic check on SPEC_CTRL cpuid bits (bsc#1112178). - mac80211: allow rx of mesh eapol frames with default rx key (git-fixes). - mac80211: Check port authorization in the ieee80211_tx_dequeue() case (git-fixes). - mac80211: do not set set TDLS STA bandwidth wider than possible (git-fixes). - mac80211: fix authentication with iwlwifi/mvm (git-fixes). - mac80211: fix use of skb payload instead of header (git-fixes). - mac80211: mesh: fix mesh_pathtbl_init() error path (git-fixes). - matroxfb: avoid -Warray-bounds warning (git-fixes). - md-cluster: fix rmmod issue when md_cluster convert bitmap to none (bsc#1163727). - md-cluster: fix safemode_delay value when converting to clustered bitmap (bsc#1163727). - md-cluster: fix wild pointer of unlock_all_bitmaps() (bsc#1163727). - md/bitmap: fix memory leak of temporary bitmap (bsc#1163727). - md/bitmap: md_bitmap_get_counter returns wrong blocks (bsc#1163727). - md/bitmap: md_bitmap_read_sb uses wrong bitmap blocks (bsc#1163727). - md/cluster: block reshape with remote resync job (bsc#1163727). - md/cluster: fix deadlock when node is doing resync job (bsc#1163727). - md/raid5: fix oops during stripe resizing (git-fixes). - media: am437x-vpfe: Setting STD to current value is not an error (git-fixes). - media: cec-funcs.h: add status_req checks (git-fixes). - media: cx88: Fix some error handling path in 'cx8800_initdev()' (git-fixes). - media: gspca: Fix memory leak in probe (git-fixes). - media: i2c: mt9v032: fix enum mbus codes and frame sizes (git-fixes). - media: i2c: ov2659: Fix missing 720p register config (git-fixes). - media: i2c: ov2659: fix s_stream return value (git-fixes). - media: msi2500: assign SPI bus number dynamically (git-fixes). - media: mtk-mdp: Fix a refcounting bug on error in init (git-fixes). - media: mtk-vcodec: add missing put_device() call in mtk_vcodec_release_dec_pm() (git-fixes). - media: platform: add missing put_device() call in mtk_jpeg_probe() and mtk_jpeg_remove() (git-patches). - media: pvrusb2: Fix oops on tear-down when radio support is not present (git-fixes). - media: s5p-g2d: Fix a memory leak in an error handling path in 'g2d_probe()' (git-fixes). - media: saa7146: fix array overflow in vidioc_s_audio() (git-fixes). - media: si470x-i2c: add missed operations in remove (git-fixes). - media: siano: fix memory leak of debugfs members in smsdvb_hotplug (git-fixes). - media: solo6x10: fix missing snd_card_free in error handling case (git-fixes). - media: sti: bdisp: fix a possible sleep-in-atomic-context bug in bdisp_device_run() (git-fixes). - media: sunxi-cir: ensure IR is handled when it is continuous (git-fixes). - media: ti-vpe: vpe: ensure buffers are cleaned up properly in abort cases (git-fixes). - media: ti-vpe: vpe: fix a v4l2-compliance failure about frame sequence number (git-fixes). - media: ti-vpe: vpe: fix a v4l2-compliance failure about invalid sizeimage (git-fixes). - media: ti-vpe: vpe: fix a v4l2-compliance failure causing a kernel panic (git-fixes). - media: ti-vpe: vpe: fix a v4l2-compliance warning about invalid pixel format (git-fixes). - media: ti-vpe: vpe: Make sure YUYV is set as default format (git-fixes). - media: uvcvideo: Set media controller entity functions (git-fixes). - media: uvcvideo: Silence shift-out-of-bounds warning (git-fixes). - media: v4l2-async: Fix trivial documentation typo (git-fixes). - media: v4l2-core: fix touch support in v4l_g_fmt (git-fixes). - media: v4l2-device.h: Explicitly compare grp{id,mask} to zero in v4l2_device macros (git-fixes). - mei: bus: do not clean driver pointer (git-fixes). - mei: protect mei_cl_mtu from null dereference (git-fixes). - memstick: fix a double-free bug in memstick_check (git-fixes). - memstick: r592: Fix error return in r592_probe() (git-fixes). - mfd: rt5033: Fix errorneous defines (git-fixes). - mfd: wm8994: Fix driver operation if loaded as modules (git-fixes). - mlxsw: core: Fix memory leak on module removal (bsc#1112374). - mm,memory_failure: always pin the page in madvise_inject_error (bsc#1180258). - mm/userfaultfd: do not access vma->vm_mm after calling handle_userfault() (bsc#1179204). - Move upstreamed bt fixes into sorted section - mwifiex: fix mwifiex_shutdown_sw() causing sw reset failure (git-fixes). - net/smc: fix valid DMBE buffer sizes (git-fixes). - net/tls: Fix kmap usage (bsc#1109837). - net/tls: missing received data after fast remote close (bsc#1109837). - net/x25: prevent a couple of overflows (bsc#1178590). - net: aquantia: Fix aq_vec_isr_legacy() return value (git-fixes). - net: aquantia: fix LRO with FCS error (git-fixes). - net: DCB: Validate DCB_ATTR_DCB_BUFFER argument (bsc#1103990 ). - net: dsa: b53: Always use dev->vlan_enabled in b53_configure_vlan() (git-fixes). - net: dsa: b53: Ensure the default VID is untagged (git-fixes). - net: dsa: b53: Fix default VLAN ID (git-fixes). - net: dsa: b53: Properly account for VLAN filtering (git-fixes). - net: dsa: bcm_sf2: Do not assume DSA master supports WoL (git-fixes). - net: dsa: bcm_sf2: potential array overflow in bcm_sf2_sw_suspend() (git-fixes). - net: dsa: qca8k: remove leftover phy accessors (git-fixes). - net: ena: fix packet's addresses for rx_offset feature (bsc#1174852). - net: ena: handle bad request id in ena_netdev (git-fixes). - net: ethernet: ti: cpsw: clear all entries when delete vid (git-fixes). - net: ethernet: ti: cpsw: fix runtime_pm while add/kill vlan (git-fixes). - net: hisilicon: Fix signedness bug in hix5hd2_dev_probe() (git-fixes). - net: macb: add missing barriers when reading descriptors (git-fixes). - net: macb: fix dropped RX frames due to a race (git-fixes). - net: macb: fix error format in dev_err() (git-fixes). - net: macb: fix random memory corruption on RX with 64-bit DMA (git-fixes). - net: pasemi: fix an use-after-free in pasemi_mac_phy_init() (git-fixes). - net: phy: Avoid multiple suspends (git-fixes). - net: qed: fix "maybe uninitialized" warning (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - net: qed: fix async event callbacks unregistering (bsc#1104393 bsc#1104389). - net: qede: fix PTP initialization on recovery (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - net: qede: fix use-after-free on recovery and AER handling (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - net: seeq: Fix the function used to release some memory in an error handling path (git-fixes). - net: sh_eth: fix a missing check of of_get_phy_mode (git-fixes). - net: sonic: replace dev_kfree_skb in sonic_send_packet (git-fixes). - net: sonic: return NETDEV_TX_OK if failed to map buffer (git-fixes). - net: stmmac: fix csr_clk can't be zero issue (git-fixes). - net: stmmac: Fix reception of Broadcom switches tags (git-fixes). - net: thunderx: use spin_lock_bh in nicvf_set_rx_mode_task() (bsc#1110096). - net: usb: sr9800: fix uninitialized local variable (git-fixes). - net:ethernet:aquantia: Extra spinlocks removed (git-fixes). - net_sched: fix a memory leak in atm_tc_init() (bsc#1056657 bsc#1056653 bsc#1056787). - nfc: s3fwrn5: add missing release on skb in s3fwrn5_recv_frame (git-fixes). - nfc: s3fwrn5: Release the nfc firmware (git-fixes). - nfc: st95hf: Fix memleak in st95hf_in_send_cmd (git-fixes). - nfp: use correct define to return NONE fec (bsc#1109837). - NFS: fix nfs_path in case of a rename retry (git-fixes). - NFSD: Add missing NFSv2 .pc_func methods (git-fixes). - NFSv4.2: fix client's attribute cache management for copy_file_range (git-fixes). - NFSv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag (git-fixes). - ocfs2: fix unbalanced locking (bsc#1180506). - ocfs2: initialize ip_next_orphan (bsc#1179724). - orinoco: Move context allocation after processing the skb (git-fixes). - parport: load lowlevel driver if ports not found (git-fixes). - PCI/ASPM: Allow ASPM on links to PCIe-to-PCI/PCI-X Bridges (git-fixes). - PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge (git-fixes). - PCI: Do not disable decoding when mmio_always_on is set (git-fixes). - PCI: Fix pci_slot_release() NULL pointer dereference (git-fixes). - phy: Revert toggling reset changes (git-fixes). - pinctrl: amd: fix __iomem annotation in amd_gpio_irq_handler() (git-fixes). - pinctrl: amd: fix npins for uart0 in kerncz_groups (git-fixes). - pinctrl: amd: remove debounce filter setting in IRQ type setting (git-fixes). - pinctrl: aspeed: Fix GPIO requests on pass-through banks (git-fixes). - pinctrl: baytrail: Avoid clearing debounce value when turning it off (git-fixes). - pinctrl: falcon: add missing put_device() call in pinctrl_falcon_probe() (git-fixes). - pinctrl: merrifield: Set default bias in case no particular value given (git-fixes). - pinctrl: sh-pfc: sh7734: Fix duplicate TCLK1_B (git-fixes). - platform/x86: acer-wmi: add automatic keyboard background light toggle key as KEY_LIGHTS_TOGGLE (git-fixes). - platform/x86: dell-smbios-base: Fix error return code in dell_smbios_init (git-fixes). - platform/x86: mlx-platform: Fix item counter assignment for MSN2700, MSN24xx systems (git-fixes). - platform/x86: mlx-platform: remove an unused variable (git-fixes). - platform/x86: mlx-platform: Remove PSU EEPROM from default platform configuration (git-fixes). - platform/x86: mlx-platform: Remove PSU EEPROM from MSN274x platform configuration (git-fixes). - PM / hibernate: memory_bm_find_bit(): Tighten node optimisation (git-fixes). - PM: ACPI: Output correct message on target power state (git-fixes). - PM: hibernate: Freeze kernel threads in software_resume() (git-fixes). - PM: hibernate: remove the bogus call to get_gendisk() in software_resume() (git-fixes). - pNFS/flexfiles: Fix list corruption if the mirror count changes (git-fixes). - power: supply: bq24190_charger: fix reference leak (git-fixes). - power: supply: bq27xxx_battery: Silence deferred-probe error (git-fixes). - powerpc/64: Set up a kernel stack for secondaries before cpu_restore() (bsc#1065729). - powerpc/64s/pseries: Fix hash tlbiel_all_isa300 for guest kernels (bsc#1179888 ltc#190253). - powerpc/64s: Fix hash ISA v3.0 TLBIEL instruction generation (bsc#1055117 ltc#159753 git-fixes bsc#1179888 ltc#190253). - powerpc/64s: Trim offlined CPUs from mm_cpumasks (bsc#1055117 ltc#159753 git-fixes bsc#1179888 ltc#190253). - powerpc/pci: Fix broken INTx configuration via OF (bsc#1172145 ltc#184630). - powerpc/pci: Remove legacy debug code (bsc#1172145 ltc#184630 git-fixes). - powerpc/pci: Remove LSI mappings on device teardown (bsc#1172145 ltc#184630). - powerpc/pci: Use of_irq_parse_and_map_pci() helper (bsc#1172145 ltc#184630). - powerpc/perf: Fix crash with is_sier_available when pmu is not set (bsc#1179578 ltc#189313). - powerpc/pseries/hibernation: remove redundant cacheinfo update (bsc#1138374 ltc#178199 git-fixes). - powerpc/pseries: Pass MSI affinity to irq_create_mapping() (bsc#1065729). - powerpc/smp: Add __init to init_big_cores() (bsc#1109695 ltc#171067 git-fixes). - powerpc/xmon: Change printk() to pr_cont() (bsc#1065729). - powerpc: Convert to using %pOF instead of full_name (bsc#1172145 ltc#184630). - powerpc: Fix incorrect stw{, ux, u, x} instructions in __set_pte_at (bsc#1065729). - ppp: remove the PPPIOCDETACH ioctl (git-fixes). - pwm: lp3943: Dynamically allocate PWM chip base (git-fixes). - qed: fix error return code in qed_iwarp_ll2_start() (bsc#1050536 bsc#1050545). - qed: suppress "do not support RoCE & iWARP" flooding on HW init (bsc#1050536 bsc#1050545). - qed: suppress false-positives interrupt error messages on HW init (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692). - quota: clear padding in v2r1_mem2diskdqb() (bsc#1179714). - radeon: insert 10ms sleep in dce5_crtc_load_lut (git-fixes). - ravb: Fix use-after-free ravb_tstamp_skb (git-fixes). - RDMA/qedr: Fix KASAN: use-after-free in ucma_event_handler+0x532 (bsc#1050545). - RDMA/qedr: Fix memory leak in iWARP CM (bsc#1050545 ). - reboot: fix overflow parsing reboot cpu number (bsc#1179421). - regmap: debugfs: check count when read regmap file (git-fixes). - regmap: dev_get_regmap_match(): fix string comparison (git-fixes). - regmap: Remove duplicate `type` field from regmap `regcache_sync` trace event (git-fixes). - regulator: max8907: Fix the usage of uninitialized variable in max8907_regulator_probe() (git-fixes). - regulator: pfuze100-regulator: Variable "val" in pfuze100_regulator_probe() could be uninitialized (git-fixes). - regulator: ti-abb: Fix timeout in ti_abb_wait_txdone/ti_abb_clear_all_txdone (git-fixes). - reiserfs: Fix oops during mount (bsc#1179715). - reiserfs: Initialize inode keys properly (bsc#1179713). - remoteproc: Fix wrong rvring index computation (git-fixes). - rfkill: Fix incorrect check to avoid NULL pointer dereference (git-fixes). - rtc: 88pm860x: fix possible race condition (git-fixes). - rtc: hym8563: enable wakeup when applicable (git-fixes). - rtl8xxxu: fix RTL8723BU connection failure issue after warm reboot (git-fixes). - rtlwifi: fix memory leak in rtl92c_set_fw_rsvdpagepkt() (git-fixes). - s390/bpf: Fix multiple tail calls (git-fixes). - s390/cpuinfo: show processor physical address (git-fixes). - s390/cpum_sf.c: fix file permission for cpum_sfb_size (git-fixes). - s390/dasd: fix hanging device offline processing (bsc#1144912). - s390/dasd: fix null pointer dereference for ERP requests (git-fixes). - s390/pci: fix CPU address in MSI for directed IRQ (git-fixes). - s390/qeth: fix af_iucv notification race (git-fixes). - s390/qeth: fix tear down of async TX buffers (git-fixes). - s390/qeth: make af_iucv TX notification call more robust (git-fixes). - s390/stp: add locking to sysfs functions (git-fixes). - s390/zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl (git-fixes). - scripts/lib/SUSE/MyBS.pm: properly close prjconf Macros: section - scsi: lpfc: Add FDMI Vendor MIB support (bsc#1164780). - scsi: lpfc: Convert abort handling to SLI-3 and SLI-4 handlers (bsc#1164780). - scsi: lpfc: Convert SCSI I/O completions to SLI-3 and SLI-4 handlers (bsc#1164780). - scsi: lpfc: Convert SCSI path to use common I/O submission path (bsc#1164780). - scsi: lpfc: Correct null ndlp reference on routine exit (bsc#1164780). - scsi: lpfc: Drop nodelist reference on error in lpfc_gen_req() (bsc#1164780). - scsi: lpfc: Enable common send_io interface for SCSI and NVMe (bsc#1164780). - scsi: lpfc: Enable common wqe_template support for both SCSI and NVMe (bsc#1164780). - scsi: lpfc: Enlarge max_sectors in scsi host templates (bsc#1164780). - scsi: lpfc: Extend the RDF FPIN Registration descriptor for additional events (bsc#1164780). - scsi: lpfc: Fix duplicate wq_create_version check (bsc#1164780). - scsi: lpfc: Fix fall-through warnings for Clang (bsc#1164780). - scsi: lpfc: Fix FLOGI/PLOGI receive race condition in pt2pt discovery (bsc#1164780). - scsi: lpfc: Fix invalid sleeping context in lpfc_sli4_nvmet_alloc() (bsc#1164780). - scsi: lpfc: Fix memory leak on lcb_context (bsc#1164780). - scsi: lpfc: Fix missing prototype for lpfc_nvmet_prep_abort_wqe() (bsc#1164780). - scsi: lpfc: Fix missing prototype warning for lpfc_fdmi_vendor_attr_mi() (bsc#1164780). - scsi: lpfc: Fix NPIV discovery and Fabric Node detection (bsc#1164780). - scsi: lpfc: Fix NPIV Fabric Node reference counting (bsc#1164780). - scsi: lpfc: Fix pointer defereference before it is null checked issue (bsc#1164780). - scsi: lpfc: Fix refcounting around SCSI and NVMe transport APIs (bsc#1164780). - scsi: lpfc: Fix removal of SCSI transport device get and put on dev structure (bsc#1164780). - scsi: lpfc: Fix scheduling call while in softirq context in lpfc_unreg_rpi (bsc#1164780). - scsi: lpfc: Fix set but not used warnings from Rework remote port lock handling (bsc#1164780). - scsi: lpfc: Fix set but unused variables in lpfc_dev_loss_tmo_handler() (bsc#1164780). - scsi: lpfc: Fix spelling mistake "Cant" -> "Can't" (bsc#1164780). - scsi: lpfc: Fix variable 'vport' set but not used in lpfc_sli4_abts_err_handler() (bsc#1164780). - scsi: lpfc: lpfc_attr: Demote kernel-doc format for redefined functions (bsc#1164780). - scsi: lpfc: lpfc_attr: Fix-up a bunch of kernel-doc misdemeanours (bsc#1164780). - scsi: lpfc: lpfc_debugfs: Fix a couple of function documentation issues (bsc#1164780). - scsi: lpfc: lpfc_scsi: Fix a whole host of kernel-doc issues (bsc#1164780). - scsi: lpfc: Refactor WQE structure definitions for common use (bsc#1164780). - scsi: lpfc: Reject CT request for MIB commands (bsc#1164780). - scsi: lpfc: Remove dead code on second !ndlp check (bsc#1164780). - scsi: lpfc: Remove ndlp when a PLOGI/ADISC/PRLI/REG_RPI ultimately fails (bsc#1164780). - scsi: lpfc: Remove set but not used 'qp' (bsc#1164780). - scsi: lpfc: Remove unneeded variable 'status' in lpfc_fcp_cpu_map_store() (bsc#1164780). - scsi: lpfc: Removed unused macros in lpfc_attr.c (bsc#1164780). - scsi: lpfc: Rework locations of ndlp reference taking (bsc#1164780). - scsi: lpfc: Rework remote port lock handling (bsc#1164780). - scsi: lpfc: Rework remote port ref counting and node freeing (bsc#1164780). - scsi: lpfc: Unsolicited ELS leaves node in incorrect state while dropping it (bsc#1164780). - scsi: lpfc: Update changed file copyrights for 2020 (bsc#1164780). - scsi: lpfc: Update lpfc version to 12.8.0.4 (bsc#1164780). - scsi: lpfc: Update lpfc version to 12.8.0.5 (bsc#1164780). - scsi: lpfc: Update lpfc version to 12.8.0.6 (bsc#1164780). - scsi: lpfc: Use generic power management (bsc#1164780). - scsi: qla2xxx: Change post del message from debug level to log level (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Convert to DEFINE_SHOW_ATTRIBUTE (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Do not check for fw_started while posting NVMe command (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Do not consume srb greedily (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Drop TARGET_SCF_LOOKUP_LUN_FROM_TAG (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix compilation issue in PPC systems (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix crash during driver load on big endian machines (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix device loss on 4G and older HBAs (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix flash update in 28XX adapters on big endian machines (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix FW initialization error on big endian machines (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix N2N and NVMe connect retry failure (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix return of uninitialized value in rval (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Fix the call trace for flush workqueue (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Handle aborts correctly for port undergoing deletion (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Handle incorrect entry_type entries (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: If fcport is undergoing deletion complete I/O with retry (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Initialize variable in qla8044_poll_reg() (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Limit interrupt vectors to number of CPUs (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Move sess cmd list/lock to driver (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Remove in_interrupt() from qla82xx-specific code (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Remove in_interrupt() from qla83xx-specific code (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: remove incorrect sparse #ifdef (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Remove trailing semicolon in macro definition (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Return EBUSY on fcport deletion (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Tear down session if FW say it is down (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Update version to 10.02.00.104-k (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: qla2xxx: Use constant when it is known (bsc#1172538 bsc#1179142 bsc#1179810). - scsi: Remove unneeded break statements (bsc#1164780). - scsi: storvsc: Fix error return in storvsc_probe() (git-fixes). - scsi: target: tcm_qla2xxx: Remove BUG_ON(in_interrupt()) (bsc#1172538 bsc#1179142 bsc#1179810). - serial: 8250_omap: Avoid FIFO corruption caused by MDR1 access (git-fixes). - serial: 8250_pci: Add Realtek 816a and 816b (git-fixes). - serial: amba-pl011: Make sure we initialize the port.lock spinlock (git-fixes). - serial: ar933x_uart: set UART_CS_{RX,TX}_READY_ORIDE (git-fixes). - serial: txx9: add missing platform_driver_unregister() on error in serial_txx9_init (git-fixes). - serial_core: Check for port state when tty is in error state (git-fixes). - SMB3: Honor 'handletimeout' flag for multiuser mounts (bsc#1176558). - SMB3: Honor 'posix' flag for multiuser mounts (bsc#1176559). - SMB3: Honor lease disabling for multiuser mounts (git-fixes). - soc/tegra: fuse: Fix index bug in get_process_id (git-fixes). - soc: imx: gpc: fix power up sequencing (git-fixes). - soc: mediatek: Check if power domains can be powered on at boot time (git-fixes). - soc: qcom: smp2p: Safely acquire spinlock without IRQs (git-fixes). - soc: ti: Fix reference imbalance in knav_dma_probe (git-fixes). - soc: ti: knav_qmss: fix reference leak in knav_queue_probe (git-fixes). - spi: Add call to spi_slave_abort() function when spidev driver is released (git-fixes). - spi: bcm63xx-hsspi: fix missing clk_disable_unprepare() on error in bcm63xx_hsspi_resume (git-fixes). - spi: davinci: Fix use-after-free on unbind (git-fixes). - spi: dw: Enable interrupts in accordance with DMA xfer mode (git-fixes). - spi: dw: Fix Rx-only DMA transfers (git-fixes). - spi: dw: Return any value retrieved from the dma_transfer callback (git-fixes). - spi: Fix memory leak on splited transfers (git-fixes). - spi: img-spfi: fix potential double release (git-fixes). - spi: img-spfi: fix reference leak in img_spfi_resume (git-fixes). - spi: pic32: Do not leak DMA channels in probe error path (git-fixes). - spi: pxa2xx: Add missed security checks (git-fixes). - spi: spi-cavium-thunderx: Add missing pci_release_regions() (git-fixes). - spi: spi-loopback-test: Fix out-of-bounds read (git-fixes). - spi: spi-mem: Fix passing zero to 'PTR_ERR' warning (git-fixes). - spi: spi-mem: fix reference leak in spi_mem_access_start (git-fixes). - spi: spi-ti-qspi: fix reference leak in ti_qspi_setup (git-fixes). - spi: spidev: fix a potential use-after-free in spidev_release() (git-fixes). - spi: st-ssc4: add missed pm_runtime_disable (git-fixes). - spi: st-ssc4: Fix unbalanced pm_runtime_disable() in probe error path (git-fixes). - spi: tegra114: fix reference leak in tegra spi ops (git-fixes). - spi: tegra20-sflash: fix reference leak in tegra_sflash_resume (git-fixes). - spi: tegra20-slink: add missed clk_unprepare (git-fixes). - spi: tegra20-slink: fix reference leak in slink ops of tegra20 (git-fixes). - splice: only read in as much information as there is pipe buffer space (bsc#1179520). - staging: comedi: check validity of wMaxPacketSize of usb endpoints found (git-fixes). - staging: comedi: gsc_hpdi: check dma_alloc_coherent() return value (git-fixes). - staging: comedi: mf6x4: Fix AI end-of-conversion detection (git-fixes). - staging: olpc_dcon: add a missing dependency (git-fixes). - staging: olpc_dcon: Do not call platform_device_unregister() in dcon_probe() (git-fixes). - staging: rtl8188eu: Add device code for TP-Link TL-WN727N v5.21 (git-fixes). - staging: rtl8188eu: Add device id for MERCUSYS MW150US v2 (git-fixes). - staging: rtl8188eu: fix possible null dereference (git-fixes). - staging: rtl8192u: fix multiple memory leaks on error path (git-fixes). - staging: vt6656: set usb_set_intfdata on driver fail (git-fixes). - staging: wlan-ng: fix out of bounds read in prism2sta_probe_usb() (git-fixes). - staging: wlan-ng: properly check endpoint types (git-fixes). - sunrpc: fix copying of multiple pages in gss_read_proxy_verf() (bsc#1103992). - sunrpc: fixed rollback in rpc_gssd_dummy_populate() (git-fixes). - sunrpc: Properly set the @subbuf parameter of xdr_buf_subsegment() (git-fixes). - sunrpc: The RDMA back channel mustn't disappear while requests are outstanding (git-fixes). - svcrdma: fix bounce buffers for unaligned offsets and multiple pages (bsc#1103992). - svcrdma: Fix page leak in svc_rdma_recv_read_chunk() (bsc#1103992). - tcp: Set INET_ECN_xmit configuration in tcp_reinit_congestion_control (bsc#1109837). - thunderbolt: Use 32-bit writes when writing ring producer/consumer (git-fixes). - timer: Fix wheel index calculation on last level (git fixes) - timer: Prevent base->clk from moving backward (git-fixes) - tracing: Fix out of bounds write in get_trace_buf (bsc#1179403). - tty: always relink the port (git-fixes). - tty: Fix ->pgrp locking in tiocspgrp() (git-fixes). - tty: link tty and port before configuring it as console (git-fixes). - tty: synclink_gt: Adjust indentation in several functions (git-fixes). - tty: synclinkmp: Adjust indentation in several functions (git-fixes). - tty:serial:mvebu-uart:fix a wrong return (git-fixes). - uapi/if_ether.h: move __UAPI_DEF_ETHHDR libc define (git-fixes). - uapi/if_ether.h: prevent redefinition of struct ethhdr (git-fixes). - usb: add RESET_RESUME quirk for Snapscan 1212 (git-fixes). - usb: chipidea: ci_hdrc_imx: Pass DISABLE_DEVICE_STREAMING flag to imx6ul (git-fixes). - usb: dummy-hcd: Fix uninitialized array use in init() (git-fixes). - usb: dwc2: Fix IN FIFO allocation (git-fixes). - usb: dwc3: remove the call trace of USBx_GFLADJ (git-fixes). - usb: ehci-omap: Fix PM disable depth umbalance in ehci_hcd_omap_probe (git-fixes). - usb: Fix: Do not skip endpoint descriptors with maxpacket=0 (git-fixes). - usb: fsl: Check memory resource before releasing it (git-fixes). - usb: gadget: composite: Fix possible double free memory bug (git-fixes). - usb: gadget: configfs: fix concurrent issue between composite APIs (git-fixes). - usb: gadget: configfs: Fix missing spin_lock_init() (git-fixes). - usb: gadget: f_acm: add support for SuperSpeed Plus (git-fixes). - usb: gadget: f_fs: Use local copy of descriptors for userspace copy (git-fixes). - usb: gadget: f_midi: setup SuperSpeed Plus descriptors (git-fixes). - usb: gadget: f_rndis: fix bitrate for SuperSpeed and above (git-fixes). - usb: gadget: ffs: ffs_aio_cancel(): Save/restore IRQ flags (git-fixes). - usb: gadget: fix wrong endpoint desc (git-fixes). - usb: gadget: goku_udc: fix potential crashes in probe (git-fixes). - usb: gadget: net2280: fix memory leak on probe error handling paths (git-fixes). - usb: gadget: serial: fix Tx stall after buffer overflow (git-fixes). - usb: gadget: udc: fix possible sleep-in-atomic-context bugs in gr_probe() (git-fixes). - usb: gadget: udc: gr_udc: fix memleak on error handling path in gr_ep_init() (git-fixes). - usb: hso: Fix debug compile warning on sparc32 (git-fixes). - usb: ldusb: use unsigned size format specifiers (git-fixes). - usb: musb: omap2430: Get rid of musb .set_vbus for omap2430 glue (git-fixes). - usb: oxu210hp-hcd: Fix memory leak in oxu_create (git-fixes). - usb: serial: ch341: add new Product ID for CH341A (git-fixes). - usb: serial: ch341: sort device-id entries (git-fixes). - usb: serial: digi_acceleport: clean up modem-control handling (git-fixes). - usb: serial: digi_acceleport: clean up set_termios (git-fixes). - usb: serial: digi_acceleport: fix write-wakeup deadlocks (git-fixes). - usb: serial: digi_acceleport: remove in_interrupt() usage. - usb: serial: digi_acceleport: remove redundant assignment to pointer priv (git-fixes). - usb: serial: digi_acceleport: rename tty flag variable (git-fixes). - usb: serial: digi_acceleport: use irqsave() in USB's complete callback (git-fixes). - usb: serial: keyspan_pda: fix dropped unthrottle interrupts (git-fixes). - usb: serial: keyspan_pda: fix stalled writes (git-fixes). - usb: serial: keyspan_pda: fix tx-unthrottle use-after-free (git-fixes). - usb: serial: keyspan_pda: fix write deadlock (git-fixes). - usb: serial: keyspan_pda: fix write unthrottling (git-fixes). - usb: serial: keyspan_pda: fix write-wakeup use-after-free (git-fixes). - usb: serial: kl5kusb105: fix memleak on open (git-fixes). - usb: serial: mos7720: fix parallel-port state restore (git-fixes). - usb: serial: option: add Fibocom NL668 variants (git-fixes). - usb: serial: option: add interface-number sanity check to flag handling (git-fixes). - usb: serial: option: add support for Thales Cinterion EXS82 (git-fixes). - usb: serial: option: fix Quectel BG96 matching (git-fixes). - usb: Skip endpoints with 0 maxpacket length (git-fixes). - usb: UAS: introduce a quirk to set no_write_same (git-fixes). - usb: usbfs: Suppress problematic bind and unbind uevents (git-fixes). - usblp: poison URBs upon disconnect (git-fixes). - usbnet: ipheth: fix connectivity with iOS 14 (git-fixes). - usermodehelper: reset umask to default before executing user process (bsc#1179406). - video: fbdev: neofb: fix memory leak in neo_scan_monitor() (git-fixes). - vt: do not hardcode the mem allocation upper bound (git-fixes). - vt: Reject zero-sized screen buffer size (git-fixes). - watchdog: coh901327: add COMMON_CLK dependency (git-fixes). - watchdog: da9062: do not ping the hw during stop() (git-fixes). - watchdog: da9062: No need to ping manually before setting timeout (git-fixes). - watchdog: qcom: Avoid context switch in restart handler (git-fixes). - watchdog: sirfsoc: Add missing dependency on HAS_IOMEM (git-fixes). - wimax: fix duplicate initializer warning (git-fixes). - wireless: Use linux/stddef.h instead of stddef.h (git-fixes). - wireless: Use offsetof instead of custom macro (git-fixes). - x86/apic: Fix integer overflow on 10 bit left shift of cpu_khz (bsc#1112178). - x86/insn-eval: Use new for_each_insn_prefix() macro to loop over prefixes bytes (bsc#1112178). - x86/mm/ident_map: Check for errors from ident_pud_init() (bsc#1112178). - x86/mm/mem_encrypt: Fix definition of PMD_FLAGS_DEC_WP (bsc#1112178). - x86/resctrl: Add necessary kernfs_put() calls to prevent refcount leak (bsc#1112178). - x86/resctrl: Fix AMD L3 QOS CDP enable/disable (bsc#1114648). - x86/resctrl: Fix incorrect local bandwidth when mba_sc is enabled (bsc#1112178). - x86/resctrl: Remove superfluous kernfs_get() calls to prevent refcount leak (bsc#1112178). - x86/resctrl: Remove unused struct mbm_state::chunks_bw (bsc#1112178). - x86/speculation: Fix prctl() when spectre_v2_user={seccomp,prctl},ibpb (bsc#1112178). - x86/tracing: Introduce a static key for exception tracing (bsc#1179895). - x86/traps: Simplify pagefault tracing logic (bsc#1179895). - x86/uprobes: Do not use prefixes.nbytes when looping over prefixes.bytes (bsc#1112178). - xhci: Give USB2 ports time to enter U3 in bus suspend (git-fixes). - xprtrdma: fix incorrect header size calculations (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2021-133=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-133=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-133=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2021-133=1 - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2021-133=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): kernel-default-debuginfo-4.12.14-122.57.1 kernel-default-debugsource-4.12.14-122.57.1 kernel-default-extra-4.12.14-122.57.1 kernel-default-extra-debuginfo-4.12.14-122.57.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-122.57.1 kernel-obs-build-debugsource-4.12.14-122.57.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): kernel-docs-4.12.14-122.57.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-122.57.1 kernel-default-base-4.12.14-122.57.1 kernel-default-base-debuginfo-4.12.14-122.57.1 kernel-default-debuginfo-4.12.14-122.57.1 kernel-default-debugsource-4.12.14-122.57.1 kernel-default-devel-4.12.14-122.57.1 kernel-syms-4.12.14-122.57.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): kernel-devel-4.12.14-122.57.1 kernel-macros-4.12.14-122.57.1 kernel-source-4.12.14-122.57.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): kernel-default-devel-debuginfo-4.12.14-122.57.1 - SUSE Linux Enterprise Server 12-SP5 (s390x): kernel-default-man-4.12.14-122.57.1 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-122.57.1 kernel-default-debugsource-4.12.14-122.57.1 kernel-default-kgraft-4.12.14-122.57.1 kernel-default-kgraft-devel-4.12.14-122.57.1 kgraft-patch-4_12_14-122_57-default-1-8.3.1 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-122.57.1 cluster-md-kmp-default-debuginfo-4.12.14-122.57.1 dlm-kmp-default-4.12.14-122.57.1 dlm-kmp-default-debuginfo-4.12.14-122.57.1 gfs2-kmp-default-4.12.14-122.57.1 gfs2-kmp-default-debuginfo-4.12.14-122.57.1 kernel-default-debuginfo-4.12.14-122.57.1 kernel-default-debugsource-4.12.14-122.57.1 ocfs2-kmp-default-4.12.14-122.57.1 ocfs2-kmp-default-debuginfo-4.12.14-122.57.1 References: https://www.suse.com/security/cve/CVE-2018-20669.html https://www.suse.com/security/cve/CVE-2019-20934.html https://www.suse.com/security/cve/CVE-2020-0444.html https://www.suse.com/security/cve/CVE-2020-0465.html https://www.suse.com/security/cve/CVE-2020-0466.html https://www.suse.com/security/cve/CVE-2020-27068.html https://www.suse.com/security/cve/CVE-2020-27777.html https://www.suse.com/security/cve/CVE-2020-27786.html https://www.suse.com/security/cve/CVE-2020-27825.html https://www.suse.com/security/cve/CVE-2020-28374.html https://www.suse.com/security/cve/CVE-2020-29660.html https://www.suse.com/security/cve/CVE-2020-29661.html https://www.suse.com/security/cve/CVE-2020-36158.html https://www.suse.com/security/cve/CVE-2020-4788.html https://bugzilla.suse.com/1040855 https://bugzilla.suse.com/1044120 https://bugzilla.suse.com/1044767 https://bugzilla.suse.com/1050242 https://bugzilla.suse.com/1050536 https://bugzilla.suse.com/1050545 https://bugzilla.suse.com/1055117 https://bugzilla.suse.com/1056653 https://bugzilla.suse.com/1056657 https://bugzilla.suse.com/1056787 https://bugzilla.suse.com/1064802 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1066129 https://bugzilla.suse.com/1094840 https://bugzilla.suse.com/1103990 https://bugzilla.suse.com/1103992 https://bugzilla.suse.com/1104389 https://bugzilla.suse.com/1104393 https://bugzilla.suse.com/1109695 https://bugzilla.suse.com/1109837 https://bugzilla.suse.com/1110096 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1112374 https://bugzilla.suse.com/1114648 https://bugzilla.suse.com/1115431 https://bugzilla.suse.com/1118657 https://bugzilla.suse.com/1122971 https://bugzilla.suse.com/1129770 https://bugzilla.suse.com/1136460 https://bugzilla.suse.com/1136461 https://bugzilla.suse.com/1138374 https://bugzilla.suse.com/1139944 https://bugzilla.suse.com/1144912 https://bugzilla.suse.com/1152457 https://bugzilla.suse.com/1163727 https://bugzilla.suse.com/1164780 https://bugzilla.suse.com/1171078 https://bugzilla.suse.com/1172145 https://bugzilla.suse.com/1172538 https://bugzilla.suse.com/1172694 https://bugzilla.suse.com/1174784 https://bugzilla.suse.com/1174852 https://bugzilla.suse.com/1176558 https://bugzilla.suse.com/1176559 https://bugzilla.suse.com/1176956 https://bugzilla.suse.com/1177666 https://bugzilla.suse.com/1178270 https://bugzilla.suse.com/1178372 https://bugzilla.suse.com/1178401 https://bugzilla.suse.com/1178590 https://bugzilla.suse.com/1178634 https://bugzilla.suse.com/1178762 https://bugzilla.suse.com/1179014 https://bugzilla.suse.com/1179015 https://bugzilla.suse.com/1179045 https://bugzilla.suse.com/1179082 https://bugzilla.suse.com/1179107 https://bugzilla.suse.com/1179142 https://bugzilla.suse.com/1179204 https://bugzilla.suse.com/1179403 https://bugzilla.suse.com/1179406 https://bugzilla.suse.com/1179418 https://bugzilla.suse.com/1179419 https://bugzilla.suse.com/1179421 https://bugzilla.suse.com/1179444 https://bugzilla.suse.com/1179520 https://bugzilla.suse.com/1179578 https://bugzilla.suse.com/1179601 https://bugzilla.suse.com/1179616 https://bugzilla.suse.com/1179663 https://bugzilla.suse.com/1179666 https://bugzilla.suse.com/1179670 https://bugzilla.suse.com/1179671 https://bugzilla.suse.com/1179672 https://bugzilla.suse.com/1179673 https://bugzilla.suse.com/1179711 https://bugzilla.suse.com/1179713 https://bugzilla.suse.com/1179714 https://bugzilla.suse.com/1179715 https://bugzilla.suse.com/1179716 https://bugzilla.suse.com/1179722 https://bugzilla.suse.com/1179723 https://bugzilla.suse.com/1179724 https://bugzilla.suse.com/1179745 https://bugzilla.suse.com/1179810 https://bugzilla.suse.com/1179888 https://bugzilla.suse.com/1179895 https://bugzilla.suse.com/1179896 https://bugzilla.suse.com/1179960 https://bugzilla.suse.com/1179963 https://bugzilla.suse.com/1180027 https://bugzilla.suse.com/1180029 https://bugzilla.suse.com/1180031 https://bugzilla.suse.com/1180052 https://bugzilla.suse.com/1180086 https://bugzilla.suse.com/1180117 https://bugzilla.suse.com/1180258 https://bugzilla.suse.com/1180506 https://bugzilla.suse.com/1180559 From sle-updates at lists.suse.com Fri Jan 15 07:16:03 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Jan 2021 15:16:03 +0100 (CET) Subject: SUSE-RU-2021:0136-1: moderate: Recommended update for timezone Message-ID: <20210115141603.4D10AFEDA@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0136-1 Rating: moderate References: #1177460 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for timezone fixes the following issues: - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-136=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-136=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-136=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-136=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2021-136=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-136=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-136=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2021-136=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-136=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-136=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-136=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-136=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2021-136=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-136=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2021-136=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-136=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): timezone-2020f-74.46.1 timezone-debuginfo-2020f-74.46.1 timezone-debugsource-2020f-74.46.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): timezone-java-2020f-0.74.46.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): timezone-java-2020f-0.74.46.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): timezone-2020f-74.46.1 timezone-debuginfo-2020f-74.46.1 timezone-debugsource-2020f-74.46.1 - SUSE OpenStack Cloud 9 (x86_64): timezone-2020f-74.46.1 timezone-debuginfo-2020f-74.46.1 timezone-debugsource-2020f-74.46.1 - SUSE OpenStack Cloud 9 (noarch): timezone-java-2020f-0.74.46.1 - SUSE OpenStack Cloud 8 (noarch): timezone-java-2020f-0.74.46.1 - SUSE OpenStack Cloud 8 (x86_64): timezone-2020f-74.46.1 timezone-debuginfo-2020f-74.46.1 timezone-debugsource-2020f-74.46.1 - SUSE OpenStack Cloud 7 (s390x x86_64): timezone-2020f-74.46.1 timezone-debuginfo-2020f-74.46.1 timezone-debugsource-2020f-74.46.1 - SUSE OpenStack Cloud 7 (noarch): timezone-java-2020f-0.74.46.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): timezone-2020f-74.46.1 timezone-debuginfo-2020f-74.46.1 timezone-debugsource-2020f-74.46.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): timezone-java-2020f-0.74.46.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): timezone-2020f-74.46.1 timezone-debuginfo-2020f-74.46.1 timezone-debugsource-2020f-74.46.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): timezone-java-2020f-0.74.46.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): timezone-2020f-74.46.1 timezone-debuginfo-2020f-74.46.1 timezone-debugsource-2020f-74.46.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): timezone-java-2020f-0.74.46.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): timezone-2020f-74.46.1 timezone-debuginfo-2020f-74.46.1 timezone-debugsource-2020f-74.46.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): timezone-java-2020f-0.74.46.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): timezone-2020f-74.46.1 timezone-debuginfo-2020f-74.46.1 timezone-debugsource-2020f-74.46.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): timezone-java-2020f-0.74.46.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): timezone-2020f-74.46.1 timezone-debuginfo-2020f-74.46.1 timezone-debugsource-2020f-74.46.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): timezone-java-2020f-0.74.46.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): timezone-java-2020f-0.74.46.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): timezone-2020f-74.46.1 timezone-debuginfo-2020f-74.46.1 timezone-debugsource-2020f-74.46.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): timezone-2020f-74.46.1 timezone-debuginfo-2020f-74.46.1 timezone-debugsource-2020f-74.46.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): timezone-java-2020f-0.74.46.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): timezone-2020f-74.46.1 timezone-debuginfo-2020f-74.46.1 timezone-debugsource-2020f-74.46.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): timezone-java-2020f-0.74.46.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): timezone-2020f-74.46.1 timezone-debuginfo-2020f-74.46.1 timezone-debugsource-2020f-74.46.1 - SUSE Enterprise Storage 5 (noarch): timezone-java-2020f-0.74.46.1 - HPE Helion Openstack 8 (noarch): timezone-java-2020f-0.74.46.1 - HPE Helion Openstack 8 (x86_64): timezone-2020f-74.46.1 timezone-debuginfo-2020f-74.46.1 timezone-debugsource-2020f-74.46.1 References: https://bugzilla.suse.com/1177460 From sle-updates at lists.suse.com Fri Jan 15 07:17:07 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Jan 2021 15:17:07 +0100 (CET) Subject: SUSE-RU-2021:0137-1: Recommended update for hamcrest Message-ID: <20210115141707.DE475FEDA@maintenance.suse.de> SUSE Recommended Update: Recommended update for hamcrest ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0137-1 Rating: low References: #1120493 #1179994 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for hamcrest fixes the following issues: - Make hamcrest build reproducibly. (bsc#1120493) - Fix typo in hamcrest-core description. (bsc#1179994) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-137=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): hamcrest-1.3-5.3.1 References: https://bugzilla.suse.com/1120493 https://bugzilla.suse.com/1179994 From sle-updates at lists.suse.com Fri Jan 15 07:18:13 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Jan 2021 15:18:13 +0100 (CET) Subject: SUSE-RU-2021:0134-1: important: Recommended update for gnu-compilers-hpc Message-ID: <20210115141813.14365FEDA@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnu-compilers-hpc ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0134-1 Rating: important References: #1174439 Affected Products: SUSE Linux Enterprise Module for HPC 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gnu-compilers-hpc fixes the following issues: - Add build support for gcc10 to HPC build. (bsc#1174439) - Fix version parsing for gcc10 and up. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 15-SP2: zypper in -t patch SUSE-SLE-Module-HPC-15-SP2-2021-134=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-134=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-134=1 Package List: - SUSE Linux Enterprise Module for HPC 15-SP2 (noarch): gnu-compilers-hpc-1.4-3.9.1 gnu-compilers-hpc-devel-1.4-3.9.1 gnu-compilers-hpc-macros-devel-1.4-3.9.1 gnu9-compilers-hpc-1.4-3.9.1 gnu9-compilers-hpc-devel-1.4-3.9.1 gnu9-compilers-hpc-macros-devel-1.4-3.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): gnu-compilers-hpc-1.4-3.9.1 gnu-compilers-hpc-devel-1.4-3.9.1 gnu-compilers-hpc-macros-devel-1.4-3.9.1 gnu8-compilers-hpc-1.4-3.9.1 gnu8-compilers-hpc-devel-1.4-3.9.1 gnu8-compilers-hpc-macros-devel-1.4-3.9.1 gnu9-compilers-hpc-1.4-3.9.1 gnu9-compilers-hpc-devel-1.4-3.9.1 gnu9-compilers-hpc-macros-devel-1.4-3.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): gnu-compilers-hpc-1.4-3.9.1 gnu-compilers-hpc-devel-1.4-3.9.1 gnu-compilers-hpc-macros-devel-1.4-3.9.1 gnu8-compilers-hpc-1.4-3.9.1 gnu8-compilers-hpc-devel-1.4-3.9.1 gnu8-compilers-hpc-macros-devel-1.4-3.9.1 gnu9-compilers-hpc-1.4-3.9.1 gnu9-compilers-hpc-devel-1.4-3.9.1 gnu9-compilers-hpc-macros-devel-1.4-3.9.1 References: https://bugzilla.suse.com/1174439 From sle-updates at lists.suse.com Fri Jan 15 07:21:10 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Jan 2021 15:21:10 +0100 (CET) Subject: SUSE-RU-2021:0141-1: moderate: Recommended update for gnome-software Message-ID: <20210115142110.36E03FEDA@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnome-software ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0141-1 Rating: moderate References: #1161095 #1174849 #1178768 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for gnome-software fixes the following issue: - plugin-loader: Handle offline update errors properly. (bsc#1161095) - Add missing devel headers referenced by gnome-software.h. (bsc#1174849) - added gnome-packagekit as recommended dependency (bsc#1178768) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-141=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): gnome-software-3.34.2-5.7.20 gnome-software-debuginfo-3.34.2-5.7.20 gnome-software-debugsource-3.34.2-5.7.20 gnome-software-devel-3.34.2-5.7.20 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (noarch): gnome-software-lang-3.34.2-5.7.20 References: https://bugzilla.suse.com/1161095 https://bugzilla.suse.com/1174849 https://bugzilla.suse.com/1178768 From sle-updates at lists.suse.com Fri Jan 15 07:22:25 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Jan 2021 15:22:25 +0100 (CET) Subject: SUSE-SU-2021:0139-1: moderate: Security update for slurm_20_02 Message-ID: <20210115142225.2E787FEDA@maintenance.suse.de> SUSE Security Update: Security update for slurm_20_02 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0139-1 Rating: moderate References: #1178890 #1178891 Cross-References: CVE-2020-27745 CVE-2020-27746 Affected Products: SUSE Linux Enterprise Module for HPC 15-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for slurm_20_02 fixes the following issues: Updated to 20.02.6, addresses two security fixes: * PMIx - fix potential buffer overflows from use of unpackmem(). CVE-2020-27745 (bsc#1178890) * X11 forwarding - fix potential leak of the magic cookie when sent as an argument to the xauth command. CVE-2020-27746 (bsc#1178891) And many other bugfixes, full log and details available at: * https://lists.schedmd.com/pipermail/slurm-announce/2020/000045.html Updated to 20.02.5, changes: * Fix leak of TRESRunMins when job time is changed with --time-min * pam_slurm - explicitly initialize slurm config to support configless mode. * scontrol - Fix exit code when creating/updating reservations with wrong Flags. * When a GRES has a no_consume flag, report 0 for allocated. * Fix cgroup cleanup by jobacct_gather/cgroup. * When creating reservations/jobs don't allow counts on a feature unless using an XOR. * Improve number of boards discovery * Fix updating a reservation NodeCnt on a zero-count reservation. * slurmrestd - provide an explicit error messages when PSK auth fails. * cons_tres - fix job requesting single gres per-node getting two or more nodes with less CPUs than requested per-task. * cons_tres - fix calculation of cores when using gres and cpus-per-task. * cons_tres - fix job not getting access to socket without GPU or with less than --gpus-per-socket when not enough cpus available on required socket and not using --gres-flags=enforce binding. * Fix HDF5 type version build error. * Fix creation of CoreCnt only reservations when the first node isn't available. * Fix wrong DBD Agent queue size in sdiag when using accounting_storage/none. * Improve job constraints XOR option logic. * Fix preemption of hetjobs when needed nodes not in leader component. * Fix wrong bit_or() messing potential preemptor jobs node bitmap, causing bad node deallocations and even allocation of nodes from other partitions. * Fix double-deallocation of preempted non-leader hetjob components. * slurmdbd - prevent truncation of the step nodelists over 4095. * Fix nodes remaining in drain state state after rebooting with ASAP option. changes from 20.02.4: * srun - suppress job step creation warning message when waiting on PrologSlurmctld. * slurmrestd - fix incorrect return values in data_list_for_each() functions. * mpi/pmix - fix issue where HetJobs could fail to launch. * slurmrestd - set content-type header in responses. * Fix cons_res GRES overallocation for --gres-flags=disable-binding. * Fix cons_res incorrectly filtering cores with respect to GRES locality for --gres-flags=disable-binding requests. * Fix regression where a dependency on multiple jobs in a single array using underscores would only add the first job. * slurmrestd - fix corrupted output due to incorrect use of memcpy(). * slurmrestd - address a number of minor Coverity warnings. * Handle retry failure when slurmstepd is communicating with srun correctly. * Fix jobacct_gather possibly duplicate stats when _is_a_lwp error shows up. * Fix tasks binding to GRES which are closest to the allocated CPUs. * Fix AMD GPU ROCM 3.5 support. * Fix handling of job arrays in sacct when querying specific steps. * slurmrestd - avoid fallback to local socket authentication if JWT authentication is ill-formed. * slurmrestd - restrict ability of requests to use different authentication plugins. * slurmrestd - unlink named unix sockets before closing. * slurmrestd - fix invalid formatting in openapi.json. * Fix batch jobs stuck in CF state on FrontEnd mode. * Add a separate explicit error message when rejecting changes to active node features. * cons_common/job_test - fix slurmctld SIGABRT due to double-free. * Fix updating reservations to set the duration correctly if updating the start time. * Fix update reservation to promiscuous mode. * Fix override of job tasks count to max when ntasks-per-node present. * Fix min CPUs per node not being at least CPUs per task requested. * Fix CPUs allocated to match CPUs requested when requesting GRES and threads per core equal to one. * Fix NodeName config parsing with Boards and without CPUs. * Ensure SLURM_JOB_USER and SLURM_JOB_UID are set in SrunProlog/Epilog. * Fix error messages for certain invalid salloc/sbatch/srun options. * pmi2 - clean up sockets at step termination. * Fix 'scontrol hold' to work with 'JobName'. * sbatch - handle --uid/--gid in #SBATCH directives properly. * Fix race condition in job termination on slurmd. * Print specific error messages if trying to run use certain priority/multifactor factors that cannot work without SlurmDBD. * Avoid partial GRES allocation when --gpus-per-job is not satisfied. * Cray - Avoid referencing a variable outside of it's correct scope when dealing with creating steps within a het job. * slurmrestd - correctly handle larger addresses from accept(). * Avoid freeing wrong pointer with SlurmctldParameters=max_dbd_msg_action with another option after that. * Restore MCS label when suspended job is resumed. * Fix insufficient lock levels. * slurmrestd - use errno from job submission. * Fix "user" filter for sacctmgr show transactions. * Fix preemption logic. * Fix no_consume GRES for exclusive (whole node) requests. * Fix regression in 20.02 that caused an infinite loop in slurmctld when requesting --distribution=plane for the job. * Fix parsing of the --distribution option. * Add CONF READ_LOCK to _handle_fed_send_job_sync. * prep/script - always call slurmctld PrEp callback in _run_script(). * Fix node estimation for jobs that use GPUs or --cpus-per-task. * Fix jobcomp, job_submit and cli_filter Lua implementation plugins causing slurmctld and/or job submission CLI tools segfaults due to bad return handling when the respective Lua script failed to load. * Fix propagation of gpu options through hetjob components. * Add SLURM_CLUSTERS environment variable to scancel. * Fix packing/unpacking of "unlinked" jobs. * Connect slurmstepd's stderr to srun for steps launched with --pty. * Handle MPS correctly when doing exclusive allocations. * slurmrestd - fix compiling against libhttpparser in a non-default path. * slurmrestd - avoid compilation issues with libhttpparser < 2.6. * Fix compile issues when compiling slurmrestd without --enable-debug. * Reset idle time on a reservation that is getting purged. * Fix reoccurring reservations that have Purge_comp= to keep correct duration if they are purged. * scontrol - changed the "PROMISCUOUS" flag to "MAGNETIC" * Early return from epilog_set_env in case of no_consume. * Fix cons_common/job_test start time discovery logic to prevent skewed results between "will run test" executions. * Ensure TRESRunMins limits are maintained during "scontrol reconfigure". * Improve error message when host lookup fails. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 15-SP1: zypper in -t patch SUSE-SLE-Module-HPC-15-SP1-2021-139=1 Package List: - SUSE Linux Enterprise Module for HPC 15-SP1 (aarch64 x86_64): libnss_slurm2_20_02-20.02.6-3.16.1 libnss_slurm2_20_02-debuginfo-20.02.6-3.16.1 libpmi0_20_02-20.02.6-3.16.1 libpmi0_20_02-debuginfo-20.02.6-3.16.1 libslurm35-20.02.6-3.16.1 libslurm35-debuginfo-20.02.6-3.16.1 perl-slurm_20_02-20.02.6-3.16.1 perl-slurm_20_02-debuginfo-20.02.6-3.16.1 slurm_20_02-20.02.6-3.16.1 slurm_20_02-auth-none-20.02.6-3.16.1 slurm_20_02-auth-none-debuginfo-20.02.6-3.16.1 slurm_20_02-config-20.02.6-3.16.1 slurm_20_02-config-man-20.02.6-3.16.1 slurm_20_02-debuginfo-20.02.6-3.16.1 slurm_20_02-debugsource-20.02.6-3.16.1 slurm_20_02-devel-20.02.6-3.16.1 slurm_20_02-doc-20.02.6-3.16.1 slurm_20_02-lua-20.02.6-3.16.1 slurm_20_02-lua-debuginfo-20.02.6-3.16.1 slurm_20_02-munge-20.02.6-3.16.1 slurm_20_02-munge-debuginfo-20.02.6-3.16.1 slurm_20_02-node-20.02.6-3.16.1 slurm_20_02-node-debuginfo-20.02.6-3.16.1 slurm_20_02-pam_slurm-20.02.6-3.16.1 slurm_20_02-pam_slurm-debuginfo-20.02.6-3.16.1 slurm_20_02-plugins-20.02.6-3.16.1 slurm_20_02-plugins-debuginfo-20.02.6-3.16.1 slurm_20_02-slurmdbd-20.02.6-3.16.1 slurm_20_02-slurmdbd-debuginfo-20.02.6-3.16.1 slurm_20_02-sql-20.02.6-3.16.1 slurm_20_02-sql-debuginfo-20.02.6-3.16.1 slurm_20_02-sview-20.02.6-3.16.1 slurm_20_02-sview-debuginfo-20.02.6-3.16.1 slurm_20_02-torque-20.02.6-3.16.1 slurm_20_02-torque-debuginfo-20.02.6-3.16.1 slurm_20_02-webdoc-20.02.6-3.16.1 References: https://www.suse.com/security/cve/CVE-2020-27745.html https://www.suse.com/security/cve/CVE-2020-27746.html https://bugzilla.suse.com/1178890 https://bugzilla.suse.com/1178891 From sle-updates at lists.suse.com Fri Jan 15 07:23:32 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Jan 2021 15:23:32 +0100 (CET) Subject: SUSE-RU-2021:0138-1: Recommended update for hamcrest Message-ID: <20210115142332.43C24FEDA@maintenance.suse.de> SUSE Recommended Update: Recommended update for hamcrest ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0138-1 Rating: low References: #1120493 #1179994 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for hamcrest fixes the following issues: - Make hamcrest build reproducibly. (bsc#1120493) - Fix typo in hamcrest-core description. (bsc#1179994) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2021-138=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP1 (noarch): hamcrest-1.3-5.3.1 References: https://bugzilla.suse.com/1120493 https://bugzilla.suse.com/1179994 From sle-updates at lists.suse.com Fri Jan 15 07:25:49 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Jan 2021 15:25:49 +0100 (CET) Subject: SUSE-RU-2021:0140-1: moderate: Recommended update for ndctl Message-ID: <20210115142549.4F602FEDA@maintenance.suse.de> SUSE Recommended Update: Recommended update for ndctl ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0140-1 Rating: moderate References: #1170384 #1171742 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for ndctl fixes the following issues: - Add support for separate `frozen` attribute that is supported in SUSE kernel. (bsc#1171742) - Fix memory issues cases in ndctl. (bsc#1170384) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-140=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (x86_64): libndctl6-64.1-3.12.1 libndctl6-debuginfo-64.1-3.12.1 ndctl-64.1-3.12.1 ndctl-debuginfo-64.1-3.12.1 ndctl-debugsource-64.1-3.12.1 References: https://bugzilla.suse.com/1170384 https://bugzilla.suse.com/1171742 From sle-updates at lists.suse.com Fri Jan 15 08:48:51 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Jan 2021 16:48:51 +0100 (CET) Subject: SUSE-CU-2021:26-1: Security update of suse/sle15 Message-ID: <20210115154851.456FAFD11@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:26-1 Container Tags : suse/sle15:15.3 , suse/sle15:15.3.13.2.68 Container Release : 13.2.68 Severity : moderate Type : security References : 1178909 1179503 CVE-2020-25709 CVE-2020-25710 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:129-1 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) From sle-updates at lists.suse.com Fri Jan 15 10:16:05 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Jan 2021 18:16:05 +0100 (CET) Subject: SUSE-SU-2021:0142-1: moderate: Security update for openldap2 Message-ID: <20210115171605.4AF79FD11@maintenance.suse.de> SUSE Security Update: Security update for openldap2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0142-1 Rating: moderate References: #1178909 Cross-References: CVE-2020-25709 CVE-2020-25710 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Module for Legacy Software 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for openldap2 fixes the following issues: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP5: zypper in -t patch SUSE-SLE-SAP-12-SP5-2021-142=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-142=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-142=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2021-142=1 - SUSE Linux Enterprise Module for Legacy Software 12: zypper in -t patch SUSE-SLE-Module-Legacy-12-2021-142=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP5 (ppc64le x86_64): compat-libldap-2_3-0-2.3.37-18.24.26.1 compat-libldap-2_3-0-debuginfo-2.3.37-18.24.26.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): compat-libldap-2_3-0-2.3.37-18.24.26.1 compat-libldap-2_3-0-debuginfo-2.3.37-18.24.26.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): compat-libldap-2_3-0-2.3.37-18.24.26.1 compat-libldap-2_3-0-debuginfo-2.3.37-18.24.26.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): compat-libldap-2_3-0-2.3.37-18.24.26.1 compat-libldap-2_3-0-debuginfo-2.3.37-18.24.26.1 - SUSE Linux Enterprise Module for Legacy Software 12 (aarch64 ppc64le s390x x86_64): compat-libldap-2_3-0-2.3.37-18.24.26.1 compat-libldap-2_3-0-debuginfo-2.3.37-18.24.26.1 References: https://www.suse.com/security/cve/CVE-2020-25709.html https://www.suse.com/security/cve/CVE-2020-25710.html https://bugzilla.suse.com/1178909 From sle-updates at lists.suse.com Fri Jan 15 13:15:43 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Jan 2021 21:15:43 +0100 (CET) Subject: SUSE-RU-2021:0149-1: Recommended update for java-1_6_0-ibm Message-ID: <20210115201543.E42B0FD11@maintenance.suse.de> SUSE Recommended Update: Recommended update for java-1_6_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0149-1 Rating: low References: #1057460 Affected Products: SUSE Linux Enterprise Module for Legacy Software 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for java-1_6_0-ibm provides the following fix: - Make it possible to run Java jnlp files from Firefox. (bsc#1057460) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 12: zypper in -t patch SUSE-SLE-Module-Legacy-12-2021-149=1 Package List: - SUSE Linux Enterprise Module for Legacy Software 12 (s390x x86_64): java-1_6_0-ibm-1.6.0_sr16.50-50.6.2 java-1_6_0-ibm-fonts-1.6.0_sr16.50-50.6.2 java-1_6_0-ibm-jdbc-1.6.0_sr16.50-50.6.2 - SUSE Linux Enterprise Module for Legacy Software 12 (x86_64): java-1_6_0-ibm-plugin-1.6.0_sr16.50-50.6.2 References: https://bugzilla.suse.com/1057460 From sle-updates at lists.suse.com Fri Jan 15 13:16:37 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Jan 2021 21:16:37 +0100 (CET) Subject: SUSE-SU-2021:0143-1: important: Security update for tcmu-runner Message-ID: <20210115201637.E2639FD11@maintenance.suse.de> SUSE Security Update: Security update for tcmu-runner ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0143-1 Rating: important References: #1138443 #1180676 Cross-References: CVE-2021-3139 Affected Products: SUSE Enterprise Storage 6 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for tcmu-runner fixes the following issue: - CVE-2021-3139: Fixed a LIO security issue (bsc#1180676). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-143=1 Package List: - SUSE Enterprise Storage 6 (aarch64 x86_64): libtcmu2-1.4.0-4.3.1 libtcmu2-debuginfo-1.4.0-4.3.1 tcmu-runner-1.4.0-4.3.1 tcmu-runner-debuginfo-1.4.0-4.3.1 tcmu-runner-debugsource-1.4.0-4.3.1 tcmu-runner-handler-rbd-1.4.0-4.3.1 tcmu-runner-handler-rbd-debuginfo-1.4.0-4.3.1 References: https://www.suse.com/security/cve/CVE-2021-3139.html https://bugzilla.suse.com/1138443 https://bugzilla.suse.com/1180676 From sle-updates at lists.suse.com Fri Jan 15 13:17:38 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Jan 2021 21:17:38 +0100 (CET) Subject: SUSE-RU-2021:0151-1: moderate: Recommended update for mdadm Message-ID: <20210115201738.542EAFD11@maintenance.suse.de> SUSE Recommended Update: Recommended update for mdadm ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0151-1 Rating: moderate References: #1180220 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for mdadm fixes the following issues: - Remove redundant spare movement logic to fix and issue with broken reshaping. (bsc#1180220)) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-151=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2021-151=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): mdadm-4.1-15.26.1 mdadm-debuginfo-4.1-15.26.1 mdadm-debugsource-4.1-15.26.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): mdadm-4.1-15.26.1 mdadm-debuginfo-4.1-15.26.1 mdadm-debugsource-4.1-15.26.1 References: https://bugzilla.suse.com/1180220 From sle-updates at lists.suse.com Fri Jan 15 13:18:34 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Jan 2021 21:18:34 +0100 (CET) Subject: SUSE-RU-2021:0152-1: moderate: Recommended update for lvm2 Message-ID: <20210115201834.C2C64FD11@maintenance.suse.de> SUSE Recommended Update: Recommended update for lvm2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0152-1 Rating: moderate References: #1179691 #1179738 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for lvm2 fixes the following issues: - Fix for lvm2 to use udev as external device by default. (bsc#1179691) - Fixed an issue in configuration for an item that is commented out by default. (bsc#1179738) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-152=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-152=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): device-mapper-1.02.163-8.18.1 device-mapper-debuginfo-1.02.163-8.18.1 device-mapper-devel-1.02.163-8.18.1 libdevmapper-event1_03-1.02.163-8.18.1 libdevmapper-event1_03-debuginfo-1.02.163-8.18.1 libdevmapper1_03-1.02.163-8.18.1 libdevmapper1_03-debuginfo-1.02.163-8.18.1 liblvm2cmd2_03-2.03.05-8.18.1 liblvm2cmd2_03-debuginfo-2.03.05-8.18.1 lvm2-2.03.05-8.18.1 lvm2-debuginfo-2.03.05-8.18.1 lvm2-debugsource-2.03.05-8.18.1 lvm2-devel-2.03.05-8.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libdevmapper1_03-32bit-1.02.163-8.18.1 libdevmapper1_03-32bit-debuginfo-1.02.163-8.18.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): lvm2-lockd-2.03.05-8.18.1 lvm2-lockd-debuginfo-2.03.05-8.18.1 lvm2-lvmlockd-debugsource-2.03.05-8.18.1 References: https://bugzilla.suse.com/1179691 https://bugzilla.suse.com/1179738 From sle-updates at lists.suse.com Fri Jan 15 13:19:46 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Jan 2021 21:19:46 +0100 (CET) Subject: SUSE-RU-2021:0144-1: important: Recommended update for emacs Message-ID: <20210115201946.00FC3FD11@maintenance.suse.de> SUSE Recommended Update: Recommended update for emacs ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0144-1 Rating: important References: #1175028 Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for emacs fixes the following issues: - Fix SIGSEGV introduced by a security fix for libX11 (bsc#1175028). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-144=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-144=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-144=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-144=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-144=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-144=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-144=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-144=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-144=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-144=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2021-144=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-144=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-144=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2021-144=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-144=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-144=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-144=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-144=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-144=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): emacs-25.3-3.6.51 emacs-debuginfo-25.3-3.6.51 emacs-debugsource-25.3-3.6.51 emacs-nox-25.3-3.6.51 emacs-nox-debuginfo-25.3-3.6.51 emacs-x11-25.3-3.6.51 emacs-x11-debuginfo-25.3-3.6.51 etags-25.3-3.6.51 etags-debuginfo-25.3-3.6.51 - SUSE Manager Server 4.0 (noarch): emacs-el-25.3-3.6.51 emacs-info-25.3-3.6.51 - SUSE Manager Retail Branch Server 4.0 (noarch): emacs-el-25.3-3.6.51 emacs-info-25.3-3.6.51 - SUSE Manager Retail Branch Server 4.0 (x86_64): emacs-25.3-3.6.51 emacs-debuginfo-25.3-3.6.51 emacs-debugsource-25.3-3.6.51 emacs-nox-25.3-3.6.51 emacs-nox-debuginfo-25.3-3.6.51 emacs-x11-25.3-3.6.51 emacs-x11-debuginfo-25.3-3.6.51 etags-25.3-3.6.51 etags-debuginfo-25.3-3.6.51 - SUSE Manager Proxy 4.0 (x86_64): emacs-25.3-3.6.51 emacs-debuginfo-25.3-3.6.51 emacs-debugsource-25.3-3.6.51 emacs-nox-25.3-3.6.51 emacs-nox-debuginfo-25.3-3.6.51 emacs-x11-25.3-3.6.51 emacs-x11-debuginfo-25.3-3.6.51 etags-25.3-3.6.51 etags-debuginfo-25.3-3.6.51 - SUSE Manager Proxy 4.0 (noarch): emacs-el-25.3-3.6.51 emacs-info-25.3-3.6.51 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): emacs-25.3-3.6.51 emacs-debuginfo-25.3-3.6.51 emacs-debugsource-25.3-3.6.51 emacs-nox-25.3-3.6.51 emacs-nox-debuginfo-25.3-3.6.51 emacs-x11-25.3-3.6.51 emacs-x11-debuginfo-25.3-3.6.51 etags-25.3-3.6.51 etags-debuginfo-25.3-3.6.51 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): emacs-el-25.3-3.6.51 emacs-info-25.3-3.6.51 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): emacs-25.3-3.6.51 emacs-debuginfo-25.3-3.6.51 emacs-debugsource-25.3-3.6.51 emacs-nox-25.3-3.6.51 emacs-nox-debuginfo-25.3-3.6.51 etags-25.3-3.6.51 etags-debuginfo-25.3-3.6.51 - SUSE Linux Enterprise Server for SAP 15 (noarch): emacs-el-25.3-3.6.51 emacs-info-25.3-3.6.51 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): emacs-25.3-3.6.51 emacs-debuginfo-25.3-3.6.51 emacs-debugsource-25.3-3.6.51 emacs-nox-25.3-3.6.51 emacs-nox-debuginfo-25.3-3.6.51 emacs-x11-25.3-3.6.51 emacs-x11-debuginfo-25.3-3.6.51 etags-25.3-3.6.51 etags-debuginfo-25.3-3.6.51 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): emacs-el-25.3-3.6.51 emacs-info-25.3-3.6.51 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): emacs-el-25.3-3.6.51 emacs-info-25.3-3.6.51 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): emacs-25.3-3.6.51 emacs-debuginfo-25.3-3.6.51 emacs-debugsource-25.3-3.6.51 emacs-nox-25.3-3.6.51 emacs-nox-debuginfo-25.3-3.6.51 emacs-x11-25.3-3.6.51 emacs-x11-debuginfo-25.3-3.6.51 etags-25.3-3.6.51 etags-debuginfo-25.3-3.6.51 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): emacs-25.3-3.6.51 emacs-debuginfo-25.3-3.6.51 emacs-debugsource-25.3-3.6.51 emacs-nox-25.3-3.6.51 emacs-nox-debuginfo-25.3-3.6.51 etags-25.3-3.6.51 etags-debuginfo-25.3-3.6.51 - SUSE Linux Enterprise Server 15-LTSS (noarch): emacs-el-25.3-3.6.51 emacs-info-25.3-3.6.51 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): emacs-debuginfo-25.3-3.6.51 emacs-debugsource-25.3-3.6.51 emacs-x11-25.3-3.6.51 emacs-x11-debuginfo-25.3-3.6.51 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): emacs-debuginfo-25.3-3.6.51 emacs-debugsource-25.3-3.6.51 emacs-x11-25.3-3.6.51 emacs-x11-debuginfo-25.3-3.6.51 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): emacs-debuginfo-25.3-3.6.51 emacs-debugsource-25.3-3.6.51 emacs-x11-25.3-3.6.51 emacs-x11-debuginfo-25.3-3.6.51 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): emacs-25.3-3.6.51 emacs-debuginfo-25.3-3.6.51 emacs-debugsource-25.3-3.6.51 emacs-nox-25.3-3.6.51 emacs-nox-debuginfo-25.3-3.6.51 etags-25.3-3.6.51 etags-debuginfo-25.3-3.6.51 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): emacs-el-25.3-3.6.51 emacs-info-25.3-3.6.51 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): emacs-25.3-3.6.51 emacs-debuginfo-25.3-3.6.51 emacs-debugsource-25.3-3.6.51 emacs-nox-25.3-3.6.51 emacs-nox-debuginfo-25.3-3.6.51 etags-25.3-3.6.51 etags-debuginfo-25.3-3.6.51 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): emacs-el-25.3-3.6.51 emacs-info-25.3-3.6.51 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): emacs-25.3-3.6.51 emacs-debuginfo-25.3-3.6.51 emacs-debugsource-25.3-3.6.51 emacs-nox-25.3-3.6.51 emacs-nox-debuginfo-25.3-3.6.51 etags-25.3-3.6.51 etags-debuginfo-25.3-3.6.51 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): emacs-el-25.3-3.6.51 emacs-info-25.3-3.6.51 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): emacs-25.3-3.6.51 emacs-debuginfo-25.3-3.6.51 emacs-debugsource-25.3-3.6.51 emacs-nox-25.3-3.6.51 emacs-nox-debuginfo-25.3-3.6.51 emacs-x11-25.3-3.6.51 emacs-x11-debuginfo-25.3-3.6.51 etags-25.3-3.6.51 etags-debuginfo-25.3-3.6.51 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): emacs-el-25.3-3.6.51 emacs-info-25.3-3.6.51 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): emacs-25.3-3.6.51 emacs-debuginfo-25.3-3.6.51 emacs-debugsource-25.3-3.6.51 emacs-nox-25.3-3.6.51 emacs-nox-debuginfo-25.3-3.6.51 emacs-x11-25.3-3.6.51 emacs-x11-debuginfo-25.3-3.6.51 etags-25.3-3.6.51 etags-debuginfo-25.3-3.6.51 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): emacs-el-25.3-3.6.51 emacs-info-25.3-3.6.51 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): emacs-25.3-3.6.51 emacs-debuginfo-25.3-3.6.51 emacs-debugsource-25.3-3.6.51 emacs-nox-25.3-3.6.51 emacs-nox-debuginfo-25.3-3.6.51 etags-25.3-3.6.51 etags-debuginfo-25.3-3.6.51 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): emacs-el-25.3-3.6.51 emacs-info-25.3-3.6.51 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): emacs-25.3-3.6.51 emacs-debuginfo-25.3-3.6.51 emacs-debugsource-25.3-3.6.51 emacs-nox-25.3-3.6.51 emacs-nox-debuginfo-25.3-3.6.51 etags-25.3-3.6.51 etags-debuginfo-25.3-3.6.51 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): emacs-el-25.3-3.6.51 emacs-info-25.3-3.6.51 - SUSE Enterprise Storage 6 (aarch64 x86_64): emacs-25.3-3.6.51 emacs-debuginfo-25.3-3.6.51 emacs-debugsource-25.3-3.6.51 emacs-nox-25.3-3.6.51 emacs-nox-debuginfo-25.3-3.6.51 emacs-x11-25.3-3.6.51 emacs-x11-debuginfo-25.3-3.6.51 etags-25.3-3.6.51 etags-debuginfo-25.3-3.6.51 - SUSE Enterprise Storage 6 (noarch): emacs-el-25.3-3.6.51 emacs-info-25.3-3.6.51 - SUSE CaaS Platform 4.0 (noarch): emacs-el-25.3-3.6.51 emacs-info-25.3-3.6.51 - SUSE CaaS Platform 4.0 (x86_64): emacs-25.3-3.6.51 emacs-debuginfo-25.3-3.6.51 emacs-debugsource-25.3-3.6.51 emacs-nox-25.3-3.6.51 emacs-nox-debuginfo-25.3-3.6.51 emacs-x11-25.3-3.6.51 emacs-x11-debuginfo-25.3-3.6.51 etags-25.3-3.6.51 etags-debuginfo-25.3-3.6.51 References: https://bugzilla.suse.com/1175028 From sle-updates at lists.suse.com Fri Jan 15 13:20:52 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Jan 2021 21:20:52 +0100 (CET) Subject: SUSE-SU-2021:0153-1: moderate: Security update for ImageMagick Message-ID: <20210115202052.719C3FD11@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0153-1 Rating: moderate References: #1179202 #1179208 #1179212 #1179221 #1179223 #1179240 #1179244 #1179260 #1179268 #1179269 #1179276 #1179278 #1179281 #1179285 #1179311 #1179312 #1179313 #1179315 #1179317 #1179321 #1179322 #1179327 #1179333 #1179336 #1179338 #1179339 #1179343 #1179345 #1179346 #1179347 #1179361 #1179362 #1179397 #1179753 Cross-References: CVE-2020-25664 CVE-2020-25665 CVE-2020-25666 CVE-2020-25674 CVE-2020-25675 CVE-2020-25676 CVE-2020-27750 CVE-2020-27751 CVE-2020-27752 CVE-2020-27753 CVE-2020-27754 CVE-2020-27755 CVE-2020-27756 CVE-2020-27757 CVE-2020-27758 CVE-2020-27759 CVE-2020-27760 CVE-2020-27761 CVE-2020-27762 CVE-2020-27763 CVE-2020-27764 CVE-2020-27765 CVE-2020-27766 CVE-2020-27767 CVE-2020-27768 CVE-2020-27769 CVE-2020-27770 CVE-2020-27771 CVE-2020-27772 CVE-2020-27773 CVE-2020-27774 CVE-2020-27775 CVE-2020-27776 CVE-2020-29599 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 ______________________________________________________________________________ An update that fixes 34 vulnerabilities is now available. Description: This update for ImageMagick fixes the following issues: - CVE-2020-25664: Fixed a heap-based buffer overflow in PopShortPixel (bsc#1179202). - CVE-2020-25665: Fixed a heap-based buffer overflow in WritePALMImage (bsc#1179208). - CVE-2020-25666: Fixed an outside the range of representable values of type 'int' and signed integer overflow (bsc#1179212). - CVE-2020-25674: Fixed a heap-based buffer overflow in WriteOnePNGImage (bsc#1179223). - CVE-2020-25675: Fixed an outside the range of representable values of type 'long' and integer overflow (bsc#1179240). - CVE-2020-25676: Fixed an outside the range of representable values of type 'long' and integer overflow at MagickCore/pixel.c (bsc#1179244). - CVE-2020-27750: Fixed a division by zero in MagickCore/colorspace-private.h (bsc#1179260). - CVE-2020-27751: Fixed an integer overflow in MagickCore/quantum-export.c (bsc#1179269). - CVE-2020-27752: Fixed a heap-based buffer overflow in PopShortPixel in MagickCore/quantum-private.h (bsc#1179346). - CVE-2020-27752: Fixed a heap-based buffer overflow in PopShortPixel in MagickCore/quantum-private.h (bsc#1179346). - CVE-2020-27753: Fixed memory leaks in AcquireMagickMemory function (bsc#1179397). - CVE-2020-27755: Fixed memory leaks in ResizeMagickMemory function in ImageMagick/MagickCore/memory.c (bsc#1179345). - CVE-2020-27756: Fixed a division by zero at MagickCore/geometry.c (bsc#1179221). - CVE-2020-27757: Fixed an outside the range of representable values of type 'unsigned long long' at MagickCore/quantum-private.h (bsc#1179268). - CVE-2020-27758: Fixed an outside the range of representable values of type 'unsigned long long' (bsc#1179276). - CVE-2020-27759: Fixed an outside the range of representable values of type 'int' at MagickCore/quantize.c (bsc#1179313). - CVE-2020-27760: Fixed a division by zero at MagickCore/enhance.c (bsc#1179281). - CVE-2020-27761: Fixed an outside the range of representable values of type 'unsigned long' at coders/palm.c (bsc#1179315). - CVE-2020-27762: Fixed an outside the range of representable values of type 'unsigned char' (bsc#1179278). - CVE-2020-27763: Fixed a division by zero at MagickCore/resize.c (bsc#1179312). - CVE-2020-27764: Fixed an outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c (bsc#1179317). - CVE-2020-27765: Fixed a division by zero at MagickCore/segment.c (bsc#1179311). - CVE-2020-27766: Fixed an outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c (bsc#1179361). - CVE-2020-27767: Fixed an outside the range of representable values of type 'float' at MagickCore/quantum.h (bsc#1179322). - CVE-2020-27768: Fixed an outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h (bsc#1179339). - CVE-2020-27770: Fixed an unsigned offset overflowed at MagickCore/string.c (bsc#1179343). - CVE-2020-27771: Fixed an outside the range of representable values of type 'unsigned char' at coders/pdf.c (bsc#1179327). - CVE-2020-27772: Fixed an outside the range of representable values of type 'unsigned int' at coders/bmp.c (bsc#1179347). - CVE-2020-27773: Fixed a division by zero at MagickCore/gem-private.h (bsc#1179285). - CVE-2020-27774: Fixed an integer overflow at MagickCore/statistic.c (bsc#1179333). - CVE-2020-27775: Fixed an outside the range of representable values of type 'unsigned char' at MagickCore/quantum.h (bsc#1179338). - CVE-2020-27776: Fixed an outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c (bsc#1179362). - CVE-2020-29599: Fixed a shell command injection in -authenticate (bsc#1179753). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-153=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-153=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-7.0.7.34-10.9.1 ImageMagick-debugsource-7.0.7.34-10.9.1 perl-PerlMagick-7.0.7.34-10.9.1 perl-PerlMagick-debuginfo-7.0.7.34-10.9.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): ImageMagick-7.0.7.34-10.9.1 ImageMagick-config-7-SUSE-7.0.7.34-10.9.1 ImageMagick-config-7-upstream-7.0.7.34-10.9.1 ImageMagick-debuginfo-7.0.7.34-10.9.1 ImageMagick-debugsource-7.0.7.34-10.9.1 ImageMagick-devel-7.0.7.34-10.9.1 libMagick++-7_Q16HDRI4-7.0.7.34-10.9.1 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-10.9.1 libMagick++-devel-7.0.7.34-10.9.1 libMagickCore-7_Q16HDRI6-7.0.7.34-10.9.1 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-10.9.1 libMagickWand-7_Q16HDRI6-7.0.7.34-10.9.1 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-10.9.1 References: https://www.suse.com/security/cve/CVE-2020-25664.html https://www.suse.com/security/cve/CVE-2020-25665.html https://www.suse.com/security/cve/CVE-2020-25666.html https://www.suse.com/security/cve/CVE-2020-25674.html https://www.suse.com/security/cve/CVE-2020-25675.html https://www.suse.com/security/cve/CVE-2020-25676.html https://www.suse.com/security/cve/CVE-2020-27750.html https://www.suse.com/security/cve/CVE-2020-27751.html https://www.suse.com/security/cve/CVE-2020-27752.html https://www.suse.com/security/cve/CVE-2020-27753.html https://www.suse.com/security/cve/CVE-2020-27754.html https://www.suse.com/security/cve/CVE-2020-27755.html https://www.suse.com/security/cve/CVE-2020-27756.html https://www.suse.com/security/cve/CVE-2020-27757.html https://www.suse.com/security/cve/CVE-2020-27758.html https://www.suse.com/security/cve/CVE-2020-27759.html https://www.suse.com/security/cve/CVE-2020-27760.html https://www.suse.com/security/cve/CVE-2020-27761.html https://www.suse.com/security/cve/CVE-2020-27762.html https://www.suse.com/security/cve/CVE-2020-27763.html https://www.suse.com/security/cve/CVE-2020-27764.html https://www.suse.com/security/cve/CVE-2020-27765.html https://www.suse.com/security/cve/CVE-2020-27766.html https://www.suse.com/security/cve/CVE-2020-27767.html https://www.suse.com/security/cve/CVE-2020-27768.html https://www.suse.com/security/cve/CVE-2020-27769.html https://www.suse.com/security/cve/CVE-2020-27770.html https://www.suse.com/security/cve/CVE-2020-27771.html https://www.suse.com/security/cve/CVE-2020-27772.html https://www.suse.com/security/cve/CVE-2020-27773.html https://www.suse.com/security/cve/CVE-2020-27774.html https://www.suse.com/security/cve/CVE-2020-27775.html https://www.suse.com/security/cve/CVE-2020-27776.html https://www.suse.com/security/cve/CVE-2020-29599.html https://bugzilla.suse.com/1179202 https://bugzilla.suse.com/1179208 https://bugzilla.suse.com/1179212 https://bugzilla.suse.com/1179221 https://bugzilla.suse.com/1179223 https://bugzilla.suse.com/1179240 https://bugzilla.suse.com/1179244 https://bugzilla.suse.com/1179260 https://bugzilla.suse.com/1179268 https://bugzilla.suse.com/1179269 https://bugzilla.suse.com/1179276 https://bugzilla.suse.com/1179278 https://bugzilla.suse.com/1179281 https://bugzilla.suse.com/1179285 https://bugzilla.suse.com/1179311 https://bugzilla.suse.com/1179312 https://bugzilla.suse.com/1179313 https://bugzilla.suse.com/1179315 https://bugzilla.suse.com/1179317 https://bugzilla.suse.com/1179321 https://bugzilla.suse.com/1179322 https://bugzilla.suse.com/1179327 https://bugzilla.suse.com/1179333 https://bugzilla.suse.com/1179336 https://bugzilla.suse.com/1179338 https://bugzilla.suse.com/1179339 https://bugzilla.suse.com/1179343 https://bugzilla.suse.com/1179345 https://bugzilla.suse.com/1179346 https://bugzilla.suse.com/1179347 https://bugzilla.suse.com/1179361 https://bugzilla.suse.com/1179362 https://bugzilla.suse.com/1179397 https://bugzilla.suse.com/1179753 From sle-updates at lists.suse.com Fri Jan 15 13:24:58 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Jan 2021 21:24:58 +0100 (CET) Subject: SUSE-SU-2021:14598-1: moderate: Security update for ImageMagick Message-ID: <20210115202458.753DBFD11@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14598-1 Rating: moderate References: #1179103 #1179202 #1179212 #1179269 #1179281 #1179311 #1179312 #1179313 #1179315 #1179321 #1179322 #1179327 #1179336 #1179338 #1179339 #1179345 #1179346 #1179347 #1179397 Cross-References: CVE-2020-19667 CVE-2020-25664 CVE-2020-25666 CVE-2020-27751 CVE-2020-27752 CVE-2020-27753 CVE-2020-27754 CVE-2020-27755 CVE-2020-27759 CVE-2020-27760 CVE-2020-27761 CVE-2020-27763 CVE-2020-27765 CVE-2020-27767 CVE-2020-27768 CVE-2020-27769 CVE-2020-27771 CVE-2020-27772 CVE-2020-27775 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes 19 vulnerabilities is now available. Description: This update for ImageMagick fixes the following issues: - CVE-2020-19667: Fixed a stack buffer overflow in XPM coder could result in a crash (bsc#1179103). - CVE-2020-25664: Fixed a heap-based buffer overflow in PopShortPixel (bsc#1179202). - CVE-2020-25666: Fixed an outside the range of representable values of type 'int' and signed integer overflow (bsc#1179212). - CVE-2020-27751: Fixed an integer overflow in MagickCore/quantum-export.c (bsc#1179269). - CVE-2020-27752: Fixed a heap-based buffer overflow in PopShortPixel in MagickCore/quantum-private.h (bsc#1179346). - CVE-2020-27753: Fixed memory leaks in AcquireMagickMemory function (bsc#1179397). - CVE-2020-27754: Fixed an outside the range of representable values of type 'long' and signed integer overflow at MagickCore/quantize.c (bsc#1179336). - CVE-2020-27755: Fixed memory leaks in ResizeMagickMemory function in ImageMagick/MagickCore/memory.c (bsc#1179345). - CVE-2020-27757: Fixed an outside the range of representable values of type 'unsigned long long' at MagickCore/quantum-private.h (bsc#1179268). - CVE-2020-27759: Fixed an outside the range of representable values of type 'int' at MagickCore/quantize.c (bsc#1179313). - CVE-2020-27760: Fixed a division by zero at MagickCore/enhance.c (bsc#1179281). - CVE-2020-27761: Fixed an outside the range of representable values of type 'unsigned long' at coders/palm.c (bsc#1179315). - CVE-2020-27763: Fixed a division by zero at MagickCore/resize.c (bsc#1179312). - CVE-2020-27765: Fixed a division by zero at MagickCore/segment.c (bsc#1179311). - CVE-2020-27767: Fixed an outside the range of representable values of type 'float' at MagickCore/quantum.h (bsc#1179322). - CVE-2020-27768: Fixed an outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h (bsc#1179339). - CVE-2020-27769: Fixed an outside the range of representable values of type 'float' at MagickCore/quantize.c (bsc#1179321). - CVE-2020-27771: Fixed an outside the range of representable values of type 'unsigned char' at coders/pdf.c (bsc#1179327). - CVE-2020-27772: Fixed an outside the range of representable values of type 'unsigned int' at coders/bmp.c (bsc#1179347). - CVE-2020-27775: Fixed an outside the range of representable values of type 'unsigned char' at MagickCore/quantum.h (bsc#1179338). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-ImageMagick-14598=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-ImageMagick-14598=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-ImageMagick-14598=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-ImageMagick-14598=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): libMagickCore1-6.4.3.6-78.135.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): libMagickCore1-32bit-6.4.3.6-78.135.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libMagickCore1-6.4.3.6-78.135.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): ImageMagick-debuginfo-6.4.3.6-78.135.1 ImageMagick-debugsource-6.4.3.6-78.135.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): ImageMagick-debuginfo-6.4.3.6-78.135.1 ImageMagick-debugsource-6.4.3.6-78.135.1 References: https://www.suse.com/security/cve/CVE-2020-19667.html https://www.suse.com/security/cve/CVE-2020-25664.html https://www.suse.com/security/cve/CVE-2020-25666.html https://www.suse.com/security/cve/CVE-2020-27751.html https://www.suse.com/security/cve/CVE-2020-27752.html https://www.suse.com/security/cve/CVE-2020-27753.html https://www.suse.com/security/cve/CVE-2020-27754.html https://www.suse.com/security/cve/CVE-2020-27755.html https://www.suse.com/security/cve/CVE-2020-27759.html https://www.suse.com/security/cve/CVE-2020-27760.html https://www.suse.com/security/cve/CVE-2020-27761.html https://www.suse.com/security/cve/CVE-2020-27763.html https://www.suse.com/security/cve/CVE-2020-27765.html https://www.suse.com/security/cve/CVE-2020-27767.html https://www.suse.com/security/cve/CVE-2020-27768.html https://www.suse.com/security/cve/CVE-2020-27769.html https://www.suse.com/security/cve/CVE-2020-27771.html https://www.suse.com/security/cve/CVE-2020-27772.html https://www.suse.com/security/cve/CVE-2020-27775.html https://bugzilla.suse.com/1179103 https://bugzilla.suse.com/1179202 https://bugzilla.suse.com/1179212 https://bugzilla.suse.com/1179269 https://bugzilla.suse.com/1179281 https://bugzilla.suse.com/1179311 https://bugzilla.suse.com/1179312 https://bugzilla.suse.com/1179313 https://bugzilla.suse.com/1179315 https://bugzilla.suse.com/1179321 https://bugzilla.suse.com/1179322 https://bugzilla.suse.com/1179327 https://bugzilla.suse.com/1179336 https://bugzilla.suse.com/1179338 https://bugzilla.suse.com/1179339 https://bugzilla.suse.com/1179345 https://bugzilla.suse.com/1179346 https://bugzilla.suse.com/1179347 https://bugzilla.suse.com/1179397 From sle-updates at lists.suse.com Fri Jan 15 13:27:34 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Jan 2021 21:27:34 +0100 (CET) Subject: SUSE-RU-2021:14599-1: Recommended update for libdlm Message-ID: <20210115202734.D08E4FD11@maintenance.suse.de> SUSE Recommended Update: Recommended update for libdlm ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:14599-1 Rating: low References: #948686 #998603 Affected Products: SUSE Linux Enterprise High Availability Extension 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: - Avoid the error message when adding IP address under node directory. (bsc#948686) - Fix segmentation fault in dlm daemon. (bsc#998603) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability Extension 11-SP4: zypper in -t patch slehasp4-libdlm-14599=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libdlm-14599=1 Package List: - SUSE Linux Enterprise High Availability Extension 11-SP4 (i586 ppc64 s390x x86_64): libdlm-3.00.01-0.32.5.94 libdlm-devel-3.00.01-0.32.5.94 libdlm3-3.00.01-0.32.5.94 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): libdlm-debuginfo-3.00.01-0.32.5.94 libdlm-debugsource-3.00.01-0.32.5.94 References: https://bugzilla.suse.com/948686 https://bugzilla.suse.com/998603 From sle-updates at lists.suse.com Fri Jan 15 13:28:30 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Jan 2021 21:28:30 +0100 (CET) Subject: SUSE-RU-2021:0146-1: Recommended update for pam-modules Message-ID: <20210115202830.8EE16FD11@maintenance.suse.de> SUSE Recommended Update: Recommended update for pam-modules ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0146-1 Rating: low References: #1070595 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for pam-modules provides the following fix: - Fix the fail delay when entering wrong password. (bsc#1070595) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-146=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): pam-modules-12.1-25.4.5 pam-modules-debuginfo-12.1-25.4.5 pam-modules-debugsource-12.1-25.4.5 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): pam-modules-32bit-12.1-25.4.5 pam-modules-debuginfo-32bit-12.1-25.4.5 References: https://bugzilla.suse.com/1070595 From sle-updates at lists.suse.com Fri Jan 15 13:29:17 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Jan 2021 21:29:17 +0100 (CET) Subject: SUSE-RU-2021:0148-1: important: Recommended update for cloud-init, python-pyserial Message-ID: <20210115202917.AA875FD11@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-init, python-pyserial ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0148-1 Rating: important References: #1174443 #1174444 #1177526 #1178029 #1179150 #1179151 #1180176 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Module for Public Cloud 12 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for cloud-init, python-pyserial contains the following fixes: Update from python-pyserial: - Setup single spec build (jsc#PM-2335) Update from cloud-init from 19.4 to 20.2: - Update cloud-init-write-routes.patch (bsc#1180176) + Follow up to previous changes. Fix order of operations error to make gateway comparison between subnet configuration and route configuration valuable rather than self-comparing. - Add cloud-init-sle12-compat.patch (jsc#PM-2335) - Python 3.4 compatibility in setup.py - Disable some test for mock version compatibility - Add wget as a requirement (bsc#1178029) + wget is used in the CloudStack data source - Add cloud-init-azure-def-usr-pass.patch (bsc#1179150, bsc#1179151) + Properly set the password for the default user in all circumstances - Patch the full package version into the cloud-init version file - Update cloud-init-write-routes.patch (bsc#1177526) + Fix missing default route when dual stack network setup is used. Once a default route was configured for Ipv6 or IPv4 the default route configuration for the othre protocol was skipped. - Update cloud-init-write-routes.patch (bsc#1177526) + Avoid exception if no gateway information is present and warning is triggered for existing routing. - Update to version 20.2 (bsc#1174443, bsc#1174444) + Remove patches included upstream: - 0001-Make-tests-work-with-Python-3.8-139.patch - cloud-init-ostack-metadat-dencode.patch - cloud-init-use-different-random-src.diff - cloud-init-long-pass.patch - cloud-init-mix-static-dhcp.patch + Remove patches build switched to Python 3 for all distributions. (jsc#PM-2335) - cloud-init-python2-sigpipe.patch - cloud-init-template-py2.patch + Add - cloud-init-after-kvp.diff - cloud-init-recognize-hpc.patch + doc/format: reference make-mime.py instead of an inline script (#334) + Add docs about creating parent folders (#330) [Adrian Wilkins] + DataSourceNoCloud/OVF: drop claim to support FTP (#333) (LP: #1875470) + schema: ignore spurious pylint error (#332) + schema: add json schema for write_files module (#152) + BSD: find_devs_with_ refactoring (#298) [Gon??ri Le Bouder] + nocloud: drop work around for Linux 2.6 (#324) [Gon??ri Le Bouder] + cloudinit: drop dependencies on unittest2 and contextlib2 (#322) + distros: handle a potential mirror filtering error case (#328) + log: remove unnecessary import fallback logic (#327) + .travis.yml: don't run integration test on ubuntu/* branches (#321) + More unit test documentation (#314) + conftest: introduce disable_subp_usage autouse fixture (#304) + YAML align indent sizes for docs readability (#323) [Tak Nishigori] + network_state: add missing space to log message (#325) + tests: add missing mocks for get_interfaces_by_mac (#326) (LP: #1873910) + test_mounts: expand happy path test for both happy paths (#319) + cc_mounts: fix incorrect format specifiers (#316) (LP: #1872836) + swap file "size" being used before checked if str (#315) [Eduardo Otubo] + HACKING.rst: add pytest version gotchas section (#311) + docs: Add steps to re-run cloud-id and cloud-init (#313) [Joshua Powers] + readme: OpenBSD is now supported (#309) [Gon??ri Le Bouder] + net: ignore 'renderer' key in netplan config (#306) (LP: #1870421) + Add support for NFS/EFS mounts (#300) [Andrew Beresford] (LP: #1870370) + openbsd: set_passwd should not unlock user (#289) [Gon??ri Le Bouder] + tools/.github-cla-signers: add beezly as CLA signer (#301) + util: remove unnecessary lru_cache import fallback (#299) + HACKING.rst: reorganise/update CLA signature info (#297) + distros: drop leading/trailing hyphens from mirror URL labels (#296) + HACKING.rst: add note about variable annotations (#295) + CiTestCase: stop using and remove sys_exit helper (#283) + distros: replace invalid characters in mirror URLs with hyphens (#291) (LP: #1868232) + rbxcloud: gracefully handle arping errors (#262) [Adam Dobrawy] + Fix cloud-init ignoring some misdeclared mimetypes in user-data. [Kurt Garloff] + net: ubuntu focal prioritize netplan over eni even if both present (#267) (LP: #1867029) + cloudinit: refactor util.is_ipv4 to net.is_ipv4_address (#292) + net/cmdline: replace type comments with annotations (#294) + HACKING.rst: add Type Annotations design section (#293) + net: introduce is_ip_address function (#288) + CiTestCase: remove now-unneeded parse_and_read helper method (#286) + .travis.yml: allow 30 minutes of inactivity in cloud tests (#287) + sources/tests/test_init: drop use of deprecated inspect.getargspec (#285) + setup.py: drop NIH check_output implementation (#282) + Identify SAP Converged Cloud as OpenStack [Silvio Knizek] + add Openbsd support (#147) [Gon??ri Le Bouder] + HACKING.rst: add examples of the two test class types (#278) + VMWware: support to update guest info gc status if enabled (#261) [xiaofengw-vmware] + Add lp-to-git mapping for kgarloff (#279) + set_passwords: avoid chpasswd on BSD (#268) [Gon??ri Le Bouder] + HACKING.rst: add Unit Testing design section (#277) + util: read_cc_from_cmdline handle urlencoded yaml content (#275) + distros/tests/test_init: add tests for _get_package_mirror_info (#272) + HACKING.rst: add links to new Code Review Process doc (#276) + freebsd: ensure package update works (#273) [Gon??ri Le Bouder] + doc: introduce Code Review Process documentation (#160) + tools: use python3 (#274) + cc_disk_setup: fix RuntimeError (#270) (LP: #1868327) + cc_apt_configure/util: combine search_for_mirror implementations (#271) + bsd: boottime does not depend on the libc soname (#269) [Gon??ri Le Bouder] + test_oracle,DataSourceOracle: sort imports (#266) + DataSourceOracle: update .network_config docstring (#257) + cloudinit/tests: remove unneeded with_logs configuration (#263) + .travis.yml: drop stale comment (#255) + .gitignore: add more common directories (#258) + ec2: render network on all NICs and add secondary IPs as static (#114) (LP: #1866930) + ec2 json validation: fix the reference to the 'merged_cfg' key (#256) [Paride Legovini] + releases.yaml: quote the Ubuntu version numbers (#254) [Paride Legovini] + cloudinit: remove six from packaging/tooling (#253) + util/netbsd: drop six usage (#252) + workflows: introduce stale pull request workflow (#125) + cc_resolv_conf: introduce tests and stabilise output across Python versions (#251) + fix minor issue with resolv_conf template (#144) [andreaf74] + doc: CloudInit also support NetBSD (#250) [Gon??ri Le Bouder] + Add Netbsd support (#62) [Gon??ri Le Bouder] + tox.ini: avoid substition syntax that causes a traceback on xenial (#245) + Add pub_key_ed25519 to cc_phone_home (#237) [Daniel Hensby] + Introduce and use of a list of GitHub usernames that have signed CLA (#244) + workflows/cla.yml: use correct username for CLA check (#243) + tox.ini: use xenial version of jsonpatch in CI (#242) + workflows: CLA validation altered to fail status on pull_request (#164) + tox.ini: bump pyflakes version to 2.1.1 (#239) + cloudinit: move to pytest for running tests (#211) + instance-data: add cloud-init merged_cfg and sys_info keys to json (#214) (LP: #1865969) + ec2: Do not fallback to IMDSv1 on EC2 (#216) + instance-data: write redacted cfg to instance-data.json (#233) (LP: #1865947) + net: support network-config:disabled on the kernel commandline (#232) (LP: #1862702) + ec2: only redact token request headers in logs, avoid altering request (#230) (LP: #1865882) + docs: typo fixed: dta ??? data [Alexey Vazhnov] + Fixes typo on Amazon Web Services (#217) [Nick Wales] + Fix docs for OpenStack DMI Asset Tag (#228) [Mark T. Voelker] (LP: #1669875) + Add physical network type: cascading to openstack helpers (#200) [sab-systems] + tests: add focal integration tests for ubuntu (#225) - From 20.1 (first vesrion after 19.4) + ec2: Do not log IMDSv2 token values, instead use REDACTED (#219) (LP: #1863943) + utils: use SystemRandom when generating random password. (#204) [Dimitri John Ledkov] + docs: mount_default_files is a list of 6 items, not 7 (#212) + azurecloud: fix issues with instances not starting (#205) (LP: #1861921) + unittest: fix stderr leak in cc_set_password random unittest output. (#208) + cc_disk_setup: add swap filesystem force flag (#207) + import sysvinit patches from freebsd-ports tree (#161) [Igor Gali??] + docs: fix typo (#195) [Edwin Kofler] + sysconfig: distro-specific config rendering for BOOTPROTO option (#162) [Robert Schweikert] (LP: #1800854) + cloudinit: replace "from six import X" imports (except in util.py) (#183) + run-container: use 'test -n' instead of 'test ! -z' (#202) [Paride Legovini] + net/cmdline: correctly handle static ip= config (#201) [Dimitri John Ledkov] (LP: #1861412) + Replace mock library with unittest.mock (#186) + HACKING.rst: update CLA link (#199) + Scaleway: Fix DatasourceScaleway to avoid backtrace (#128) [Louis Bouchard] + cloudinit/cmd/devel/net_convert.py: add missing space (#191) + tools/run-container: drop support for python2 (#192) [Paride Legovini] + Print ssh key fingerprints using sha256 hash (#188) (LP: #1860789) + Make the RPM build use Python 3 (#190) [Paride Legovini] + cc_set_password: increase random pwlength from 9 to 20 (#189) (LP: #1860795) + .travis.yml: use correct Python version for xenial tests (#185) + cloudinit: remove ImportError handling for mock imports (#182) + Do not use fallocate in swap file creation on xfs. (#70) [Eduardo Otubo] (LP: #1781781) + .readthedocs.yaml: install cloud-init when building docs (#181) (LP: #1860450) + Introduce an RTD config file, and pin the Sphinx version to the RTD default (#180) + Drop most of the remaining use of six (#179) + Start removing dependency on six (#178) + Add Rootbox & HyperOne to list of cloud in README (#176) [Adam Dobrawy] + docs: add proposed SRU testing procedure (#167) + util: rename get_architecture to get_dpkg_architecture (#173) + Ensure util.get_architecture() runs only once (#172) + Only use gpart if it is the BSD gpart (#131) [Conrad Hoffmann] + freebsd: remove superflu exception mapping (#166) [Gon??ri Le Bouder] + ssh_auth_key_fingerprints_disable test: fix capitalization (#165) [Paride Legovini] + util: move uptime's else branch into its own boottime function (#53) [Igor Gali??] (LP: #1853160) + workflows: add contributor license agreement checker (#155) + net: fix rendering of 'static6' in network config (#77) (LP: #1850988) + Make tests work with Python 3.8 (#139) [Conrad Hoffmann] + fixed minor bug with mkswap in cc_disk_setup.py (#143) [andreaf74] + freebsd: fix create_group() cmd (#146) [Gon??ri Le Bouder] + doc: make apt_update example consistent (#154) + doc: add modules page toc with links (#153) (LP: #1852456) + Add support for the amazon variant in cloud.cfg.tmpl (#119) [Frederick Lefebvre] + ci: remove Python 2.7 from CI runs (#137) + modules: drop cc_snap_config config module (#134) + migrate-lp-user-to-github: ensure Launchpad repo exists (#136) + docs: add initial troubleshooting to FAQ (#104) [Joshua Powers] + doc: update cc_set_hostname frequency and descrip (#109) [Joshua Powers] (LP: #1827021) + freebsd: introduce the freebsd renderer (#61) [Gon??ri Le Bouder] + cc_snappy: remove deprecated module (#127) + HACKING.rst: clarify that everyone needs to do the LP->GH dance (#130) + freebsd: cloudinit service requires devd (#132) [Gon??ri Le Bouder] + cloud-init: fix capitalisation of SSH (#126) + doc: update cc_ssh clarify host and auth keys [Joshua Powers] (LP: #1827021) + ci: emit names of tests run in Travis (#120) - Disable testing to aid elimination of unittest2 in Factory Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-148=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2021-148=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (noarch): python-configobj-5.0.6-20.5.1 - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): cloud-init-20.2-37.50.8 cloud-init-config-suse-20.2-37.50.8 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-pyserial-2.7-8.3.7 python3-configobj-5.0.6-20.5.1 python3-pyserial-2.7-8.3.7 References: https://bugzilla.suse.com/1174443 https://bugzilla.suse.com/1174444 https://bugzilla.suse.com/1177526 https://bugzilla.suse.com/1178029 https://bugzilla.suse.com/1179150 https://bugzilla.suse.com/1179151 https://bugzilla.suse.com/1180176 From sle-updates at lists.suse.com Mon Jan 18 07:16:20 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Jan 2021 15:16:20 +0100 (CET) Subject: SUSE-SU-2021:0158-1: important: Security update for tcmu-runner Message-ID: <20210118141620.A52D3FD11@maintenance.suse.de> SUSE Security Update: Security update for tcmu-runner ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0158-1 Rating: important References: #1180676 Cross-References: CVE-2021-3139 Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for tcmu-runner fixes the following issue: - CVE-2021-3139: Fixed a LIO security issue (bsc#1180676). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-158=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-158=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-158=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-158=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-158=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-158=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-158=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-158=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-158=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-158=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-158=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-158=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-158=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): libtcmu2-1.4.0-3.9.1 libtcmu2-debuginfo-1.4.0-3.9.1 tcmu-runner-1.4.0-3.9.1 tcmu-runner-debuginfo-1.4.0-3.9.1 tcmu-runner-debugsource-1.4.0-3.9.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): libtcmu2-1.4.0-3.9.1 libtcmu2-debuginfo-1.4.0-3.9.1 tcmu-runner-1.4.0-3.9.1 tcmu-runner-debuginfo-1.4.0-3.9.1 tcmu-runner-debugsource-1.4.0-3.9.1 - SUSE Manager Proxy 4.0 (x86_64): libtcmu2-1.4.0-3.9.1 libtcmu2-debuginfo-1.4.0-3.9.1 tcmu-runner-1.4.0-3.9.1 tcmu-runner-debuginfo-1.4.0-3.9.1 tcmu-runner-debugsource-1.4.0-3.9.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libtcmu2-1.4.0-3.9.1 libtcmu2-debuginfo-1.4.0-3.9.1 tcmu-runner-1.4.0-3.9.1 tcmu-runner-debuginfo-1.4.0-3.9.1 tcmu-runner-debugsource-1.4.0-3.9.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libtcmu2-1.4.0-3.9.1 libtcmu2-debuginfo-1.4.0-3.9.1 tcmu-runner-1.4.0-3.9.1 tcmu-runner-debuginfo-1.4.0-3.9.1 tcmu-runner-debugsource-1.4.0-3.9.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libtcmu2-1.4.0-3.9.1 libtcmu2-debuginfo-1.4.0-3.9.1 tcmu-runner-1.4.0-3.9.1 tcmu-runner-debuginfo-1.4.0-3.9.1 tcmu-runner-debugsource-1.4.0-3.9.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libtcmu2-1.4.0-3.9.1 libtcmu2-debuginfo-1.4.0-3.9.1 tcmu-runner-1.4.0-3.9.1 tcmu-runner-debuginfo-1.4.0-3.9.1 tcmu-runner-debugsource-1.4.0-3.9.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libtcmu2-1.4.0-3.9.1 libtcmu2-debuginfo-1.4.0-3.9.1 tcmu-runner-1.4.0-3.9.1 tcmu-runner-debuginfo-1.4.0-3.9.1 tcmu-runner-debugsource-1.4.0-3.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libtcmu2-1.4.0-3.9.1 libtcmu2-debuginfo-1.4.0-3.9.1 tcmu-runner-1.4.0-3.9.1 tcmu-runner-debuginfo-1.4.0-3.9.1 tcmu-runner-debugsource-1.4.0-3.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libtcmu2-1.4.0-3.9.1 libtcmu2-debuginfo-1.4.0-3.9.1 tcmu-runner-1.4.0-3.9.1 tcmu-runner-debuginfo-1.4.0-3.9.1 tcmu-runner-debugsource-1.4.0-3.9.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libtcmu2-1.4.0-3.9.1 libtcmu2-debuginfo-1.4.0-3.9.1 tcmu-runner-1.4.0-3.9.1 tcmu-runner-debuginfo-1.4.0-3.9.1 tcmu-runner-debugsource-1.4.0-3.9.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libtcmu2-1.4.0-3.9.1 libtcmu2-debuginfo-1.4.0-3.9.1 tcmu-runner-1.4.0-3.9.1 tcmu-runner-debuginfo-1.4.0-3.9.1 tcmu-runner-debugsource-1.4.0-3.9.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libtcmu2-1.4.0-3.9.1 libtcmu2-debuginfo-1.4.0-3.9.1 tcmu-runner-1.4.0-3.9.1 tcmu-runner-debuginfo-1.4.0-3.9.1 tcmu-runner-debugsource-1.4.0-3.9.1 - SUSE CaaS Platform 4.0 (x86_64): libtcmu2-1.4.0-3.9.1 libtcmu2-debuginfo-1.4.0-3.9.1 tcmu-runner-1.4.0-3.9.1 tcmu-runner-debuginfo-1.4.0-3.9.1 tcmu-runner-debugsource-1.4.0-3.9.1 References: https://www.suse.com/security/cve/CVE-2021-3139.html https://bugzilla.suse.com/1180676 From sle-updates at lists.suse.com Mon Jan 18 07:19:30 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Jan 2021 15:19:30 +0100 (CET) Subject: SUSE-SU-2021:0156-1: moderate: Security update for ImageMagick Message-ID: <20210118141930.8F50CFD11@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0156-1 Rating: moderate References: #1179103 #1179202 #1179208 #1179212 #1179221 #1179223 #1179240 #1179244 #1179260 #1179268 #1179269 #1179276 #1179278 #1179281 #1179285 #1179311 #1179312 #1179313 #1179315 #1179317 #1179321 #1179322 #1179327 #1179333 #1179336 #1179338 #1179339 #1179343 #1179345 #1179346 #1179347 #1179361 #1179362 #1179397 #1179753 Cross-References: CVE-2020-19667 CVE-2020-25664 CVE-2020-25665 CVE-2020-25666 CVE-2020-25674 CVE-2020-25675 CVE-2020-25676 CVE-2020-27750 CVE-2020-27751 CVE-2020-27752 CVE-2020-27753 CVE-2020-27754 CVE-2020-27755 CVE-2020-27756 CVE-2020-27757 CVE-2020-27758 CVE-2020-27759 CVE-2020-27760 CVE-2020-27761 CVE-2020-27762 CVE-2020-27763 CVE-2020-27764 CVE-2020-27765 CVE-2020-27766 CVE-2020-27767 CVE-2020-27768 CVE-2020-27769 CVE-2020-27770 CVE-2020-27771 CVE-2020-27772 CVE-2020-27773 CVE-2020-27774 CVE-2020-27775 CVE-2020-27776 CVE-2020-29599 Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes 35 vulnerabilities is now available. Description: This update for ImageMagick fixes the following issues: - CVE-2020-19667: Fixed a stack buffer overflow in XPM coder could result in a crash (bsc#1179103). - CVE-2020-25664: Fixed a heap-based buffer overflow in PopShortPixel (bsc#1179202). - CVE-2020-25665: Fixed a heap-based buffer overflow in WritePALMImage (bsc#1179208). - CVE-2020-25666: Fixed an outside the range of representable values of type 'int' and signed integer overflow (bsc#1179212). - CVE-2020-25674: Fixed a heap-based buffer overflow in WriteOnePNGImage (bsc#1179223). - CVE-2020-25675: Fixed an outside the range of representable values of type 'long' and integer overflow (bsc#1179240). - CVE-2020-25676: Fixed an outside the range of representable values of type 'long' and integer overflow at MagickCore/pixel.c (bsc#1179244). - CVE-2020-27750: Fixed a division by zero in MagickCore/colorspace-private.h (bsc#1179260). - CVE-2020-27751: Fixed an integer overflow in MagickCore/quantum-export.c (bsc#1179269). - CVE-2020-27752: Fixed a heap-based buffer overflow in PopShortPixel in MagickCore/quantum-private.h (bsc#1179346). - CVE-2020-27753: Fixed memory leaks in AcquireMagickMemory function (bsc#1179397). - CVE-2020-27754: Fixed an outside the range of representable values of type 'long' and signed integer overflow at MagickCore/quantize.c (bsc#1179336). - CVE-2020-27755: Fixed memory leaks in ResizeMagickMemory function in ImageMagick/MagickCore/memory.c (bsc#1179345). - CVE-2020-27756: Fixed a division by zero at MagickCore/geometry.c (bsc#1179221). - CVE-2020-27757: Fixed an outside the range of representable values of type 'unsigned long long' at MagickCore/quantum-private.h (bsc#1179268). - CVE-2020-27758: Fixed an outside the range of representable values of type 'unsigned long long' (bsc#1179276). - CVE-2020-27759: Fixed an outside the range of representable values of type 'int' at MagickCore/quantize.c (bsc#1179313). - CVE-2020-27760: Fixed a division by zero at MagickCore/enhance.c (bsc#1179281). - CVE-2020-27761: Fixed an outside the range of representable values of type 'unsigned long' at coders/palm.c (bsc#1179315). - CVE-2020-27762: Fixed an outside the range of representable values of type 'unsigned char' (bsc#1179278). - CVE-2020-27763: Fixed a division by zero at MagickCore/resize.c (bsc#1179312). - CVE-2020-27764: Fixed an outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c (bsc#1179317). - CVE-2020-27765: Fixed a division by zero at MagickCore/segment.c (bsc#1179311). - CVE-2020-27766: Fixed an outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c (bsc#1179361). - CVE-2020-27767: Fixed an outside the range of representable values of type 'float' at MagickCore/quantum.h (bsc#1179322). - CVE-2020-27768: Fixed an outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h (bsc#1179339). - CVE-2020-27769: Fixed an outside the range of representable values of type 'float' at MagickCore/quantize.c (bsc#1179321). - CVE-2020-27770: Fixed an unsigned offset overflowed at MagickCore/string.c (bsc#1179343). - CVE-2020-27771: Fixed an outside the range of representable values of type 'unsigned char' at coders/pdf.c (bsc#1179327). - CVE-2020-27772: Fixed an outside the range of representable values of type 'unsigned int' at coders/bmp.c (bsc#1179347). - CVE-2020-27773: Fixed a division by zero at MagickCore/gem-private.h (bsc#1179285). - CVE-2020-27774: Fixed an integer overflow at MagickCore/statistic.c (bsc#1179333). - CVE-2020-27775: Fixed an outside the range of representable values of type 'unsigned char' at MagickCore/quantum.h (bsc#1179338). - CVE-2020-27776: Fixed an outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c (bsc#1179362). - CVE-2020-29599: Fixed a shell command injection in -authenticate (bsc#1179753). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-156=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-156=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-156=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-156=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-156=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-156=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-156=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-156=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2021-156=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2021-156=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-156=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-156=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-156=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-156=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-156=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): ImageMagick-7.0.7.34-3.90.1 ImageMagick-config-7-SUSE-7.0.7.34-3.90.1 ImageMagick-config-7-upstream-7.0.7.34-3.90.1 ImageMagick-debuginfo-7.0.7.34-3.90.1 ImageMagick-debugsource-7.0.7.34-3.90.1 ImageMagick-devel-7.0.7.34-3.90.1 libMagick++-7_Q16HDRI4-7.0.7.34-3.90.1 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-3.90.1 libMagick++-devel-7.0.7.34-3.90.1 libMagickCore-7_Q16HDRI6-7.0.7.34-3.90.1 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-3.90.1 libMagickWand-7_Q16HDRI6-7.0.7.34-3.90.1 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-3.90.1 perl-PerlMagick-7.0.7.34-3.90.1 perl-PerlMagick-debuginfo-7.0.7.34-3.90.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): ImageMagick-7.0.7.34-3.90.1 ImageMagick-config-7-SUSE-7.0.7.34-3.90.1 ImageMagick-config-7-upstream-7.0.7.34-3.90.1 ImageMagick-debuginfo-7.0.7.34-3.90.1 ImageMagick-debugsource-7.0.7.34-3.90.1 ImageMagick-devel-7.0.7.34-3.90.1 libMagick++-7_Q16HDRI4-7.0.7.34-3.90.1 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-3.90.1 libMagick++-devel-7.0.7.34-3.90.1 libMagickCore-7_Q16HDRI6-7.0.7.34-3.90.1 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-3.90.1 libMagickWand-7_Q16HDRI6-7.0.7.34-3.90.1 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-3.90.1 perl-PerlMagick-7.0.7.34-3.90.1 perl-PerlMagick-debuginfo-7.0.7.34-3.90.1 - SUSE Manager Proxy 4.0 (x86_64): ImageMagick-7.0.7.34-3.90.1 ImageMagick-config-7-SUSE-7.0.7.34-3.90.1 ImageMagick-config-7-upstream-7.0.7.34-3.90.1 ImageMagick-debuginfo-7.0.7.34-3.90.1 ImageMagick-debugsource-7.0.7.34-3.90.1 ImageMagick-devel-7.0.7.34-3.90.1 libMagick++-7_Q16HDRI4-7.0.7.34-3.90.1 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-3.90.1 libMagick++-devel-7.0.7.34-3.90.1 libMagickCore-7_Q16HDRI6-7.0.7.34-3.90.1 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-3.90.1 libMagickWand-7_Q16HDRI6-7.0.7.34-3.90.1 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-3.90.1 perl-PerlMagick-7.0.7.34-3.90.1 perl-PerlMagick-debuginfo-7.0.7.34-3.90.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): ImageMagick-7.0.7.34-3.90.1 ImageMagick-config-7-SUSE-7.0.7.34-3.90.1 ImageMagick-config-7-upstream-7.0.7.34-3.90.1 ImageMagick-debuginfo-7.0.7.34-3.90.1 ImageMagick-debugsource-7.0.7.34-3.90.1 ImageMagick-devel-7.0.7.34-3.90.1 libMagick++-7_Q16HDRI4-7.0.7.34-3.90.1 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-3.90.1 libMagick++-devel-7.0.7.34-3.90.1 libMagickCore-7_Q16HDRI6-7.0.7.34-3.90.1 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-3.90.1 libMagickWand-7_Q16HDRI6-7.0.7.34-3.90.1 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-3.90.1 perl-PerlMagick-7.0.7.34-3.90.1 perl-PerlMagick-debuginfo-7.0.7.34-3.90.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): ImageMagick-debuginfo-7.0.7.34-3.90.1 ImageMagick-debugsource-7.0.7.34-3.90.1 perl-PerlMagick-7.0.7.34-3.90.1 perl-PerlMagick-debuginfo-7.0.7.34-3.90.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): ImageMagick-7.0.7.34-3.90.1 ImageMagick-config-7-SUSE-7.0.7.34-3.90.1 ImageMagick-config-7-upstream-7.0.7.34-3.90.1 ImageMagick-debuginfo-7.0.7.34-3.90.1 ImageMagick-debugsource-7.0.7.34-3.90.1 ImageMagick-devel-7.0.7.34-3.90.1 libMagick++-7_Q16HDRI4-7.0.7.34-3.90.1 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-3.90.1 libMagick++-devel-7.0.7.34-3.90.1 libMagickCore-7_Q16HDRI6-7.0.7.34-3.90.1 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-3.90.1 libMagickWand-7_Q16HDRI6-7.0.7.34-3.90.1 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-3.90.1 perl-PerlMagick-7.0.7.34-3.90.1 perl-PerlMagick-debuginfo-7.0.7.34-3.90.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): ImageMagick-7.0.7.34-3.90.1 ImageMagick-config-7-SUSE-7.0.7.34-3.90.1 ImageMagick-config-7-upstream-7.0.7.34-3.90.1 ImageMagick-debuginfo-7.0.7.34-3.90.1 ImageMagick-debugsource-7.0.7.34-3.90.1 ImageMagick-devel-7.0.7.34-3.90.1 libMagick++-7_Q16HDRI4-7.0.7.34-3.90.1 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-3.90.1 libMagick++-devel-7.0.7.34-3.90.1 libMagickCore-7_Q16HDRI6-7.0.7.34-3.90.1 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-3.90.1 libMagickWand-7_Q16HDRI6-7.0.7.34-3.90.1 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-3.90.1 perl-PerlMagick-7.0.7.34-3.90.1 perl-PerlMagick-debuginfo-7.0.7.34-3.90.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): ImageMagick-debuginfo-7.0.7.34-3.90.1 ImageMagick-debugsource-7.0.7.34-3.90.1 perl-PerlMagick-7.0.7.34-3.90.1 perl-PerlMagick-debuginfo-7.0.7.34-3.90.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-7.0.7.34-3.90.1 ImageMagick-debugsource-7.0.7.34-3.90.1 perl-PerlMagick-7.0.7.34-3.90.1 perl-PerlMagick-debuginfo-7.0.7.34-3.90.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): ImageMagick-7.0.7.34-3.90.1 ImageMagick-config-7-SUSE-7.0.7.34-3.90.1 ImageMagick-config-7-upstream-7.0.7.34-3.90.1 ImageMagick-debuginfo-7.0.7.34-3.90.1 ImageMagick-debugsource-7.0.7.34-3.90.1 ImageMagick-devel-7.0.7.34-3.90.1 libMagick++-7_Q16HDRI4-7.0.7.34-3.90.1 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-3.90.1 libMagick++-devel-7.0.7.34-3.90.1 libMagickCore-7_Q16HDRI6-7.0.7.34-3.90.1 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-3.90.1 libMagickWand-7_Q16HDRI6-7.0.7.34-3.90.1 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-3.90.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): ImageMagick-7.0.7.34-3.90.1 ImageMagick-config-7-SUSE-7.0.7.34-3.90.1 ImageMagick-config-7-upstream-7.0.7.34-3.90.1 ImageMagick-debuginfo-7.0.7.34-3.90.1 ImageMagick-debugsource-7.0.7.34-3.90.1 ImageMagick-devel-7.0.7.34-3.90.1 libMagick++-7_Q16HDRI4-7.0.7.34-3.90.1 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-3.90.1 libMagick++-devel-7.0.7.34-3.90.1 libMagickCore-7_Q16HDRI6-7.0.7.34-3.90.1 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-3.90.1 libMagickWand-7_Q16HDRI6-7.0.7.34-3.90.1 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-3.90.1 perl-PerlMagick-7.0.7.34-3.90.1 perl-PerlMagick-debuginfo-7.0.7.34-3.90.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): ImageMagick-7.0.7.34-3.90.1 ImageMagick-config-7-SUSE-7.0.7.34-3.90.1 ImageMagick-config-7-upstream-7.0.7.34-3.90.1 ImageMagick-debuginfo-7.0.7.34-3.90.1 ImageMagick-debugsource-7.0.7.34-3.90.1 ImageMagick-devel-7.0.7.34-3.90.1 libMagick++-7_Q16HDRI4-7.0.7.34-3.90.1 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-3.90.1 libMagick++-devel-7.0.7.34-3.90.1 libMagickCore-7_Q16HDRI6-7.0.7.34-3.90.1 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-3.90.1 libMagickWand-7_Q16HDRI6-7.0.7.34-3.90.1 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-3.90.1 perl-PerlMagick-7.0.7.34-3.90.1 perl-PerlMagick-debuginfo-7.0.7.34-3.90.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): ImageMagick-debuginfo-7.0.7.34-3.90.1 ImageMagick-debugsource-7.0.7.34-3.90.1 perl-PerlMagick-7.0.7.34-3.90.1 perl-PerlMagick-debuginfo-7.0.7.34-3.90.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): ImageMagick-debuginfo-7.0.7.34-3.90.1 ImageMagick-debugsource-7.0.7.34-3.90.1 perl-PerlMagick-7.0.7.34-3.90.1 perl-PerlMagick-debuginfo-7.0.7.34-3.90.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): ImageMagick-7.0.7.34-3.90.1 ImageMagick-config-7-SUSE-7.0.7.34-3.90.1 ImageMagick-config-7-upstream-7.0.7.34-3.90.1 ImageMagick-debuginfo-7.0.7.34-3.90.1 ImageMagick-debugsource-7.0.7.34-3.90.1 ImageMagick-devel-7.0.7.34-3.90.1 libMagick++-7_Q16HDRI4-7.0.7.34-3.90.1 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-3.90.1 libMagick++-devel-7.0.7.34-3.90.1 libMagickCore-7_Q16HDRI6-7.0.7.34-3.90.1 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-3.90.1 libMagickWand-7_Q16HDRI6-7.0.7.34-3.90.1 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-3.90.1 perl-PerlMagick-7.0.7.34-3.90.1 perl-PerlMagick-debuginfo-7.0.7.34-3.90.1 - SUSE CaaS Platform 4.0 (x86_64): ImageMagick-7.0.7.34-3.90.1 ImageMagick-config-7-SUSE-7.0.7.34-3.90.1 ImageMagick-config-7-upstream-7.0.7.34-3.90.1 ImageMagick-debuginfo-7.0.7.34-3.90.1 ImageMagick-debugsource-7.0.7.34-3.90.1 ImageMagick-devel-7.0.7.34-3.90.1 libMagick++-7_Q16HDRI4-7.0.7.34-3.90.1 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-3.90.1 libMagick++-devel-7.0.7.34-3.90.1 libMagickCore-7_Q16HDRI6-7.0.7.34-3.90.1 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-3.90.1 libMagickWand-7_Q16HDRI6-7.0.7.34-3.90.1 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-3.90.1 perl-PerlMagick-7.0.7.34-3.90.1 perl-PerlMagick-debuginfo-7.0.7.34-3.90.1 References: https://www.suse.com/security/cve/CVE-2020-19667.html https://www.suse.com/security/cve/CVE-2020-25664.html https://www.suse.com/security/cve/CVE-2020-25665.html https://www.suse.com/security/cve/CVE-2020-25666.html https://www.suse.com/security/cve/CVE-2020-25674.html https://www.suse.com/security/cve/CVE-2020-25675.html https://www.suse.com/security/cve/CVE-2020-25676.html https://www.suse.com/security/cve/CVE-2020-27750.html https://www.suse.com/security/cve/CVE-2020-27751.html https://www.suse.com/security/cve/CVE-2020-27752.html https://www.suse.com/security/cve/CVE-2020-27753.html https://www.suse.com/security/cve/CVE-2020-27754.html https://www.suse.com/security/cve/CVE-2020-27755.html https://www.suse.com/security/cve/CVE-2020-27756.html https://www.suse.com/security/cve/CVE-2020-27757.html https://www.suse.com/security/cve/CVE-2020-27758.html https://www.suse.com/security/cve/CVE-2020-27759.html https://www.suse.com/security/cve/CVE-2020-27760.html https://www.suse.com/security/cve/CVE-2020-27761.html https://www.suse.com/security/cve/CVE-2020-27762.html https://www.suse.com/security/cve/CVE-2020-27763.html https://www.suse.com/security/cve/CVE-2020-27764.html https://www.suse.com/security/cve/CVE-2020-27765.html https://www.suse.com/security/cve/CVE-2020-27766.html https://www.suse.com/security/cve/CVE-2020-27767.html https://www.suse.com/security/cve/CVE-2020-27768.html https://www.suse.com/security/cve/CVE-2020-27769.html https://www.suse.com/security/cve/CVE-2020-27770.html https://www.suse.com/security/cve/CVE-2020-27771.html https://www.suse.com/security/cve/CVE-2020-27772.html https://www.suse.com/security/cve/CVE-2020-27773.html https://www.suse.com/security/cve/CVE-2020-27774.html https://www.suse.com/security/cve/CVE-2020-27775.html https://www.suse.com/security/cve/CVE-2020-27776.html https://www.suse.com/security/cve/CVE-2020-29599.html https://bugzilla.suse.com/1179103 https://bugzilla.suse.com/1179202 https://bugzilla.suse.com/1179208 https://bugzilla.suse.com/1179212 https://bugzilla.suse.com/1179221 https://bugzilla.suse.com/1179223 https://bugzilla.suse.com/1179240 https://bugzilla.suse.com/1179244 https://bugzilla.suse.com/1179260 https://bugzilla.suse.com/1179268 https://bugzilla.suse.com/1179269 https://bugzilla.suse.com/1179276 https://bugzilla.suse.com/1179278 https://bugzilla.suse.com/1179281 https://bugzilla.suse.com/1179285 https://bugzilla.suse.com/1179311 https://bugzilla.suse.com/1179312 https://bugzilla.suse.com/1179313 https://bugzilla.suse.com/1179315 https://bugzilla.suse.com/1179317 https://bugzilla.suse.com/1179321 https://bugzilla.suse.com/1179322 https://bugzilla.suse.com/1179327 https://bugzilla.suse.com/1179333 https://bugzilla.suse.com/1179336 https://bugzilla.suse.com/1179338 https://bugzilla.suse.com/1179339 https://bugzilla.suse.com/1179343 https://bugzilla.suse.com/1179345 https://bugzilla.suse.com/1179346 https://bugzilla.suse.com/1179347 https://bugzilla.suse.com/1179361 https://bugzilla.suse.com/1179362 https://bugzilla.suse.com/1179397 https://bugzilla.suse.com/1179753 From sle-updates at lists.suse.com Mon Jan 18 07:24:57 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 18 Jan 2021 15:24:57 +0100 (CET) Subject: SUSE-SU-2021:0155-1: important: Security update for slurm Message-ID: <20210118142457.9740CFF17@maintenance.suse.de> SUSE Security Update: Security update for slurm ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0155-1 Rating: important References: #1178890 Cross-References: CVE-2020-27745 Affected Products: SUSE Linux Enterprise Module for HPC 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for slurm fixes the following issues: CVE-2020-27745: PMIx - fix potential buffer overflows from use of unpackmem(). (bsc#1178890) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 12: zypper in -t patch SUSE-SLE-Module-HPC-12-2021-155=1 Package List: - SUSE Linux Enterprise Module for HPC 12 (aarch64 x86_64): libpmi0-17.02.11-6.47.1 libpmi0-debuginfo-17.02.11-6.47.1 libslurm31-17.02.11-6.47.1 libslurm31-debuginfo-17.02.11-6.47.1 perl-slurm-17.02.11-6.47.1 perl-slurm-debuginfo-17.02.11-6.47.1 slurm-17.02.11-6.47.1 slurm-auth-none-17.02.11-6.47.1 slurm-auth-none-debuginfo-17.02.11-6.47.1 slurm-config-17.02.11-6.47.1 slurm-debuginfo-17.02.11-6.47.1 slurm-debugsource-17.02.11-6.47.1 slurm-devel-17.02.11-6.47.1 slurm-doc-17.02.11-6.47.1 slurm-lua-17.02.11-6.47.1 slurm-lua-debuginfo-17.02.11-6.47.1 slurm-munge-17.02.11-6.47.1 slurm-munge-debuginfo-17.02.11-6.47.1 slurm-pam_slurm-17.02.11-6.47.1 slurm-pam_slurm-debuginfo-17.02.11-6.47.1 slurm-plugins-17.02.11-6.47.1 slurm-plugins-debuginfo-17.02.11-6.47.1 slurm-sched-wiki-17.02.11-6.47.1 slurm-slurmdb-direct-17.02.11-6.47.1 slurm-slurmdbd-17.02.11-6.47.1 slurm-slurmdbd-debuginfo-17.02.11-6.47.1 slurm-sql-17.02.11-6.47.1 slurm-sql-debuginfo-17.02.11-6.47.1 slurm-torque-17.02.11-6.47.1 slurm-torque-debuginfo-17.02.11-6.47.1 References: https://www.suse.com/security/cve/CVE-2020-27745.html https://bugzilla.suse.com/1178890 From sle-updates at lists.suse.com Mon Jan 18 16:16:14 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Jan 2021 00:16:14 +0100 (CET) Subject: SUSE-RU-2021:0161-1: Recommended update for libnl3 Message-ID: <20210118231614.9E3B0FF17@maintenance.suse.de> SUSE Recommended Update: Recommended update for libnl3 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0161-1 Rating: low References: #1025043 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libnl3 fixes the following issues: - IPv6 privacy extension of NetworkManager was not working. (bsc#1025043) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-161=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-161=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libnl3-debugsource-3.2.23-4.4.6 libnl3-devel-3.2.23-4.4.6 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libnl3-200-3.2.23-4.4.6 libnl3-200-debuginfo-3.2.23-4.4.6 libnl3-debugsource-3.2.23-4.4.6 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libnl3-200-32bit-3.2.23-4.4.6 libnl3-200-debuginfo-32bit-3.2.23-4.4.6 - SUSE Linux Enterprise Server 12-SP5 (noarch): libnl-config-3.2.23-4.4.6 References: https://bugzilla.suse.com/1025043 From sle-updates at lists.suse.com Mon Jan 18 16:19:12 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Jan 2021 00:19:12 +0100 (CET) Subject: SUSE-RU-2021:0160-1: Recommended update for release-notes-sle_rt Message-ID: <20210118231912.E83D1FF17@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sle_rt ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0160-1 Rating: low References: SLE-12981 Affected Products: SUSE Linux Enterprise Product RT 15-SP2 SUSE Linux Enterprise Module for Realtime 15-SP2 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for Release Notes for SLE RT provides the following additions: - RT-Tests suite has been updated to version 1.10. (jsc#SLE-12981) - Add "Known Issue" section Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Product RT 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2021-160=1 - SUSE Linux Enterprise Module for Realtime 15-SP2: zypper in -t patch SUSE-SLE-Module-RT-15-SP2-2021-160=1 Package List: - SUSE Linux Enterprise Product RT 15-SP2 (noarch): release-notes-sle_rt-15.2.20210106-3.3.1 - SUSE Linux Enterprise Module for Realtime 15-SP2 (noarch): release-notes-sle_rt-15.2.20210106-3.3.1 References: From sle-updates at lists.suse.com Tue Jan 19 07:15:51 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Jan 2021 15:15:51 +0100 (CET) Subject: SUSE-SU-2021:0163-1: important: Security update for dnsmasq Message-ID: <20210119141551.12930FD11@maintenance.suse.de> SUSE Security Update: Security update for dnsmasq ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0163-1 Rating: important References: #1176076 #1177077 Cross-References: CVE-2020-25681 CVE-2020-25682 CVE-2020-25683 CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 CVE-2020-25687 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for dnsmasq fixes the following issues: - bsc#1177077: Fixed DNSpooq vulnerabilities - CVE-2020-25684, CVE-2020-25685, CVE-2020-25686: Fixed multiple Cache Poisoning attacks. - CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687: Fixed multiple potential Heap-based overflows when DNSSEC is enabled. - Retry query to other servers on receipt of SERVFAIL rcode (bsc#1176076) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-163=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2021-163=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): dnsmasq-2.78-7.6.1 dnsmasq-debuginfo-2.78-7.6.1 dnsmasq-debugsource-2.78-7.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): dnsmasq-2.78-7.6.1 dnsmasq-debuginfo-2.78-7.6.1 dnsmasq-debugsource-2.78-7.6.1 References: https://www.suse.com/security/cve/CVE-2020-25681.html https://www.suse.com/security/cve/CVE-2020-25682.html https://www.suse.com/security/cve/CVE-2020-25683.html https://www.suse.com/security/cve/CVE-2020-25684.html https://www.suse.com/security/cve/CVE-2020-25685.html https://www.suse.com/security/cve/CVE-2020-25686.html https://www.suse.com/security/cve/CVE-2020-25687.html https://bugzilla.suse.com/1176076 https://bugzilla.suse.com/1177077 From sle-updates at lists.suse.com Tue Jan 19 07:16:59 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Jan 2021 15:16:59 +0100 (CET) Subject: SUSE-SU-2021:0166-1: important: Security update for dnsmasq Message-ID: <20210119141659.97F33FD11@maintenance.suse.de> SUSE Security Update: Security update for dnsmasq ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0166-1 Rating: important References: #1176076 #1177077 Cross-References: CVE-2020-25681 CVE-2020-25682 CVE-2020-25683 CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 CVE-2020-25687 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for dnsmasq fixes the following issues: - bsc#1177077: Fixed DNSpooq vulnerabilities - CVE-2020-25684, CVE-2020-25685, CVE-2020-25686: Fixed multiple Cache Poisoning attacks. - CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687: Fixed multiple potential Heap-based overflows when DNSSEC is enabled. - Retry query to other servers on receipt of SERVFAIL rcode (bsc#1176076) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-166=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-166=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-166=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-166=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2021-166=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-166=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-166=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2021-166=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-166=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-166=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-166=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-166=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2021-166=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-166=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2021-166=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-166=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): dnsmasq-2.78-18.15.1 dnsmasq-debuginfo-2.78-18.15.1 dnsmasq-debugsource-2.78-18.15.1 dnsmasq-utils-2.78-18.15.1 dnsmasq-utils-debuginfo-2.78-18.15.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): dnsmasq-2.78-18.15.1 dnsmasq-debuginfo-2.78-18.15.1 dnsmasq-debugsource-2.78-18.15.1 dnsmasq-utils-2.78-18.15.1 dnsmasq-utils-debuginfo-2.78-18.15.1 - SUSE OpenStack Cloud 9 (x86_64): dnsmasq-2.78-18.15.1 dnsmasq-debuginfo-2.78-18.15.1 dnsmasq-debugsource-2.78-18.15.1 dnsmasq-utils-2.78-18.15.1 dnsmasq-utils-debuginfo-2.78-18.15.1 - SUSE OpenStack Cloud 8 (x86_64): dnsmasq-2.78-18.15.1 dnsmasq-debuginfo-2.78-18.15.1 dnsmasq-debugsource-2.78-18.15.1 dnsmasq-utils-2.78-18.15.1 dnsmasq-utils-debuginfo-2.78-18.15.1 - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): dnsmasq-debuginfo-2.78-18.15.1 dnsmasq-debugsource-2.78-18.15.1 dnsmasq-utils-2.78-18.15.1 dnsmasq-utils-debuginfo-2.78-18.15.1 - SUSE OpenStack Cloud 7 (s390x x86_64): dnsmasq-2.78-18.15.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): dnsmasq-2.78-18.15.1 dnsmasq-debuginfo-2.78-18.15.1 dnsmasq-debugsource-2.78-18.15.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): dnsmasq-2.78-18.15.1 dnsmasq-debuginfo-2.78-18.15.1 dnsmasq-debugsource-2.78-18.15.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): dnsmasq-2.78-18.15.1 dnsmasq-debuginfo-2.78-18.15.1 dnsmasq-debugsource-2.78-18.15.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): dnsmasq-2.78-18.15.1 dnsmasq-debuginfo-2.78-18.15.1 dnsmasq-debugsource-2.78-18.15.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): dnsmasq-2.78-18.15.1 dnsmasq-debuginfo-2.78-18.15.1 dnsmasq-debugsource-2.78-18.15.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): dnsmasq-2.78-18.15.1 dnsmasq-debuginfo-2.78-18.15.1 dnsmasq-debugsource-2.78-18.15.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): dnsmasq-2.78-18.15.1 dnsmasq-debuginfo-2.78-18.15.1 dnsmasq-debugsource-2.78-18.15.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): dnsmasq-2.78-18.15.1 dnsmasq-debuginfo-2.78-18.15.1 dnsmasq-debugsource-2.78-18.15.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): dnsmasq-2.78-18.15.1 dnsmasq-debuginfo-2.78-18.15.1 dnsmasq-debugsource-2.78-18.15.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): dnsmasq-2.78-18.15.1 dnsmasq-debuginfo-2.78-18.15.1 dnsmasq-debugsource-2.78-18.15.1 - HPE Helion Openstack 8 (x86_64): dnsmasq-2.78-18.15.1 dnsmasq-debuginfo-2.78-18.15.1 dnsmasq-debugsource-2.78-18.15.1 dnsmasq-utils-2.78-18.15.1 dnsmasq-utils-debuginfo-2.78-18.15.1 References: https://www.suse.com/security/cve/CVE-2020-25681.html https://www.suse.com/security/cve/CVE-2020-25682.html https://www.suse.com/security/cve/CVE-2020-25683.html https://www.suse.com/security/cve/CVE-2020-25684.html https://www.suse.com/security/cve/CVE-2020-25685.html https://www.suse.com/security/cve/CVE-2020-25686.html https://www.suse.com/security/cve/CVE-2020-25687.html https://bugzilla.suse.com/1176076 https://bugzilla.suse.com/1177077 From sle-updates at lists.suse.com Tue Jan 19 07:18:08 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Jan 2021 15:18:08 +0100 (CET) Subject: SUSE-SU-2021:14603-1: important: Security update for dnsmasq Message-ID: <20210119141808.B97C2FD11@maintenance.suse.de> SUSE Security Update: Security update for dnsmasq ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14603-1 Rating: important References: #1154849 #1176076 #1177077 Cross-References: CVE-2019-14834 CVE-2020-25681 CVE-2020-25682 CVE-2020-25683 CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 CVE-2020-25687 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for dnsmasq fixes the following issues: - CVE-2019-14834: Fixed a memory leak which could have allowed to remote attackers to cause denial of service via DHCP response creation (bsc#1154849) - bsc#1177077: Fixed DNSpooq vulnerabilities - CVE-2020-25684, CVE-2020-25685, CVE-2020-25686: Fixed multiple Cache poisoning attacks. - CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687: Fixed multiple potential Heap-based overflows when DNSSEC is enabled. - Retry query to other servers on receipt of SERVFAIL rcode (bsc#1176076) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-dnsmasq-14603=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-dnsmasq-14603=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): dnsmasq-2.78-0.17.15.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): dnsmasq-debuginfo-2.78-0.17.15.1 dnsmasq-debugsource-2.78-0.17.15.1 References: https://www.suse.com/security/cve/CVE-2019-14834.html https://www.suse.com/security/cve/CVE-2020-25681.html https://www.suse.com/security/cve/CVE-2020-25682.html https://www.suse.com/security/cve/CVE-2020-25683.html https://www.suse.com/security/cve/CVE-2020-25684.html https://www.suse.com/security/cve/CVE-2020-25685.html https://www.suse.com/security/cve/CVE-2020-25686.html https://www.suse.com/security/cve/CVE-2020-25687.html https://bugzilla.suse.com/1154849 https://bugzilla.suse.com/1176076 https://bugzilla.suse.com/1177077 From sle-updates at lists.suse.com Tue Jan 19 07:19:19 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Jan 2021 15:19:19 +0100 (CET) Subject: SUSE-SU-2021:0162-1: important: Security update for dnsmasq Message-ID: <20210119141919.7532CFD11@maintenance.suse.de> SUSE Security Update: Security update for dnsmasq ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0162-1 Rating: important References: #1176076 #1177077 Cross-References: CVE-2020-25681 CVE-2020-25682 CVE-2020-25683 CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 CVE-2020-25687 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for dnsmasq fixes the following issues: - bsc#1177077: Fixed DNSpooq vulnerabilities - CVE-2020-25684, CVE-2020-25685, CVE-2020-25686: Fixed multiple Cache Poisoning attacks. - CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687: Fixed multiple potential Heap-based overflows when DNSSEC is enabled. - Retry query to other servers on receipt of SERVFAIL rcode (bsc#1176076) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-162=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-162=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-162=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-162=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): dnsmasq-2.78-3.11.1 dnsmasq-debuginfo-2.78-3.11.1 dnsmasq-debugsource-2.78-3.11.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): dnsmasq-2.78-3.11.1 dnsmasq-debuginfo-2.78-3.11.1 dnsmasq-debugsource-2.78-3.11.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): dnsmasq-2.78-3.11.1 dnsmasq-debuginfo-2.78-3.11.1 dnsmasq-debugsource-2.78-3.11.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): dnsmasq-2.78-3.11.1 dnsmasq-debuginfo-2.78-3.11.1 dnsmasq-debugsource-2.78-3.11.1 References: https://www.suse.com/security/cve/CVE-2020-25681.html https://www.suse.com/security/cve/CVE-2020-25682.html https://www.suse.com/security/cve/CVE-2020-25683.html https://www.suse.com/security/cve/CVE-2020-25684.html https://www.suse.com/security/cve/CVE-2020-25685.html https://www.suse.com/security/cve/CVE-2020-25686.html https://www.suse.com/security/cve/CVE-2020-25687.html https://bugzilla.suse.com/1176076 https://bugzilla.suse.com/1177077 From sle-updates at lists.suse.com Tue Jan 19 07:20:20 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Jan 2021 15:20:20 +0100 (CET) Subject: SUSE-SU-2021:14604-1: important: Security update for dnsmasq Message-ID: <20210119142020.8F611FD11@maintenance.suse.de> SUSE Security Update: Security update for dnsmasq ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14604-1 Rating: important References: #1176076 #1177077 Cross-References: CVE-2020-25681 CVE-2020-25682 CVE-2020-25683 CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 CVE-2020-25687 Affected Products: SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for dnsmasq fixes the following issues: Security issues fixed: - CVE-2020-25684, CVE-2020-25685, CVE-2020-25686: Fixed multiple Cache Poisoning attacks (bsc#1177077). - CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687: Fixed multiple potential Heap-based overflows when DNSSEC is enabled (bsc#1177077). Non-security issue fixed: - Retry query to other servers on receipt of SERVFAIL rcode (bsc#1176076). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-dnsmasq-14604=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-dnsmasq-14604=1 Package List: - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): dnsmasq-2.78-0.16.14.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): dnsmasq-debuginfo-2.78-0.16.14.1 dnsmasq-debugsource-2.78-0.16.14.1 References: https://www.suse.com/security/cve/CVE-2020-25681.html https://www.suse.com/security/cve/CVE-2020-25682.html https://www.suse.com/security/cve/CVE-2020-25683.html https://www.suse.com/security/cve/CVE-2020-25684.html https://www.suse.com/security/cve/CVE-2020-25685.html https://www.suse.com/security/cve/CVE-2020-25686.html https://www.suse.com/security/cve/CVE-2020-25687.html https://bugzilla.suse.com/1176076 https://bugzilla.suse.com/1177077 From sle-updates at lists.suse.com Tue Jan 19 10:16:14 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Jan 2021 18:16:14 +0100 (CET) Subject: SUSE-RU-2021:0168-1: moderate: Recommended update for mdadm Message-ID: <20210119171614.D7E88FD11@maintenance.suse.de> SUSE Recommended Update: Recommended update for mdadm ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0168-1 Rating: moderate References: #1177144 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for mdadm fixes the following issues: - Fixed mount issues with arrays by rolling back to SLE-12 SP2. (bsc#1177144) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-168=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): mdadm-4.1-4.14.1 mdadm-debuginfo-4.1-4.14.1 mdadm-debugsource-4.1-4.14.1 References: https://bugzilla.suse.com/1177144 From sle-updates at lists.suse.com Tue Jan 19 13:15:36 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Jan 2021 21:15:36 +0100 (CET) Subject: SUSE-SU-2021:0172-1: moderate: Security update for perl-Convert-ASN1 Message-ID: <20210119201536.B5AFFFD11@maintenance.suse.de> SUSE Security Update: Security update for perl-Convert-ASN1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0172-1 Rating: moderate References: #1168934 Cross-References: CVE-2013-7488 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for perl-Convert-ASN1 fixes the following issue: - CVE-2013-7488: Fixed an infinite loop via unexpected input (bsc#1168934). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-172=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (noarch): perl-Convert-ASN1-0.26-5.3.1 References: https://www.suse.com/security/cve/CVE-2013-7488.html https://bugzilla.suse.com/1168934 From sle-updates at lists.suse.com Tue Jan 19 13:16:37 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Jan 2021 21:16:37 +0100 (CET) Subject: SUSE-RU-2021:0169-1: moderate: Recommended update for libsolv, libzypp, zypper Message-ID: <20210119201637.66B3FFD11@maintenance.suse.de> SUSE Recommended Update: Recommended update for libsolv, libzypp, zypper ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0169-1 Rating: moderate References: #1179816 #1180077 #1180663 #1180721 SLE-8482 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Installer 15-SP2 ______________________________________________________________________________ An update that has four recommended fixes and contains one feature can now be installed. Description: This update for libsolv, libzypp, zypper fixes the following issues: libzypp was updated to 17.25.6: - Rephrase solver problem descriptions (jsc#SLE-8482) - Adapt to changed gpg2/libgpgme behavior (bsc#1180721) - Multicurl backend breaks with with unknown filesize (fixes #277) zypper was updated to 1.14.42: - Fix source-download commnds help (bsc#1180663) - man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816) - Extend apt packagemap (fixes #366) - --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077) libsolv was updated to 0.7.16; - do not ask the namespace callback for splitprovides when writing a testcase - fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes - improve choicerule generation so that package updates are prefered in more cases Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-169=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-169=1 - SUSE Linux Enterprise Installer 15-SP2: zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2021-169=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): libsolv-debuginfo-0.7.16-3.13.1 libsolv-debugsource-0.7.16-3.13.1 perl-solv-0.7.16-3.13.1 perl-solv-debuginfo-0.7.16-3.13.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libsolv-debuginfo-0.7.16-3.13.1 libsolv-debugsource-0.7.16-3.13.1 libsolv-devel-0.7.16-3.13.1 libsolv-devel-debuginfo-0.7.16-3.13.1 libsolv-tools-0.7.16-3.13.1 libsolv-tools-debuginfo-0.7.16-3.13.1 libzypp-17.25.6-3.28.2 libzypp-debuginfo-17.25.6-3.28.2 libzypp-debugsource-17.25.6-3.28.2 libzypp-devel-17.25.6-3.28.2 python3-solv-0.7.16-3.13.1 python3-solv-debuginfo-0.7.16-3.13.1 ruby-solv-0.7.16-3.13.1 ruby-solv-debuginfo-0.7.16-3.13.1 zypper-1.14.42-3.17.1 zypper-debuginfo-1.14.42-3.17.1 zypper-debugsource-1.14.42-3.17.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): zypper-log-1.14.42-3.17.1 zypper-needs-restarting-1.14.42-3.17.1 - SUSE Linux Enterprise Installer 15-SP2 (aarch64 ppc64le s390x x86_64): libsolv-tools-0.7.16-3.13.1 libzypp-17.25.6-3.28.2 References: https://bugzilla.suse.com/1179816 https://bugzilla.suse.com/1180077 https://bugzilla.suse.com/1180663 https://bugzilla.suse.com/1180721 From sle-updates at lists.suse.com Tue Jan 19 13:18:49 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Jan 2021 21:18:49 +0100 (CET) Subject: SUSE-RU-2021:0170-1: moderate: Recommended update for sssd Message-ID: <20210119201849.C2644FD11@maintenance.suse.de> SUSE Recommended Update: Recommended update for sssd ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0170-1 Rating: moderate References: #1157369 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sssd fixes the following issue: - Fix `Winbind` identity mapping plugin (bsc#1157369) The issue was caused by a definition mismatch between `sssd` and `samba`. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2021-170=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libipa_hbac-devel-1.16.1-3.46.1 libipa_hbac0-1.16.1-3.46.1 libipa_hbac0-debuginfo-1.16.1-3.46.1 libsss_certmap-devel-1.16.1-3.46.1 libsss_certmap0-1.16.1-3.46.1 libsss_certmap0-debuginfo-1.16.1-3.46.1 libsss_idmap-devel-1.16.1-3.46.1 libsss_idmap0-1.16.1-3.46.1 libsss_idmap0-debuginfo-1.16.1-3.46.1 libsss_nss_idmap-devel-1.16.1-3.46.1 libsss_nss_idmap0-1.16.1-3.46.1 libsss_nss_idmap0-debuginfo-1.16.1-3.46.1 libsss_simpleifp-devel-1.16.1-3.46.1 libsss_simpleifp0-1.16.1-3.46.1 libsss_simpleifp0-debuginfo-1.16.1-3.46.1 python3-sssd-config-1.16.1-3.46.1 python3-sssd-config-debuginfo-1.16.1-3.46.1 sssd-1.16.1-3.46.1 sssd-ad-1.16.1-3.46.1 sssd-ad-debuginfo-1.16.1-3.46.1 sssd-dbus-1.16.1-3.46.1 sssd-dbus-debuginfo-1.16.1-3.46.1 sssd-debuginfo-1.16.1-3.46.1 sssd-debugsource-1.16.1-3.46.1 sssd-ipa-1.16.1-3.46.1 sssd-ipa-debuginfo-1.16.1-3.46.1 sssd-krb5-1.16.1-3.46.1 sssd-krb5-common-1.16.1-3.46.1 sssd-krb5-common-debuginfo-1.16.1-3.46.1 sssd-krb5-debuginfo-1.16.1-3.46.1 sssd-ldap-1.16.1-3.46.1 sssd-ldap-debuginfo-1.16.1-3.46.1 sssd-proxy-1.16.1-3.46.1 sssd-proxy-debuginfo-1.16.1-3.46.1 sssd-tools-1.16.1-3.46.1 sssd-tools-debuginfo-1.16.1-3.46.1 sssd-wbclient-1.16.1-3.46.1 sssd-wbclient-debuginfo-1.16.1-3.46.1 sssd-wbclient-devel-1.16.1-3.46.1 sssd-winbind-idmap-1.16.1-3.46.1 sssd-winbind-idmap-debuginfo-1.16.1-3.46.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): sssd-32bit-1.16.1-3.46.1 sssd-32bit-debuginfo-1.16.1-3.46.1 References: https://bugzilla.suse.com/1157369 From sle-updates at lists.suse.com Wed Jan 20 04:16:02 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Jan 2021 12:16:02 +0100 (CET) Subject: SUSE-RU-2021:0174-1: moderate: Recommended update for gnutls Message-ID: <20210120111602.25C26FF18@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnutls ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0174-1 Rating: moderate References: #1172695 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gnutls fixes the following issue: - Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-174=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): gnutls-3.6.7-14.7.1 gnutls-debuginfo-3.6.7-14.7.1 gnutls-debugsource-3.6.7-14.7.1 libgnutls-devel-3.6.7-14.7.1 libgnutls30-3.6.7-14.7.1 libgnutls30-debuginfo-3.6.7-14.7.1 libgnutls30-hmac-3.6.7-14.7.1 libgnutlsxx-devel-3.6.7-14.7.1 libgnutlsxx28-3.6.7-14.7.1 libgnutlsxx28-debuginfo-3.6.7-14.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libgnutls30-32bit-3.6.7-14.7.1 libgnutls30-32bit-debuginfo-3.6.7-14.7.1 libgnutls30-hmac-32bit-3.6.7-14.7.1 References: https://bugzilla.suse.com/1172695 From sle-updates at lists.suse.com Wed Jan 20 07:17:27 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Jan 2021 15:17:27 +0100 (CET) Subject: SUSE-SU-2021:0176-1: important: Security update for xstream Message-ID: <20210120141727.36B3CFF18@maintenance.suse.de> SUSE Security Update: Security update for xstream ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0176-1 Rating: important References: #1180145 #1180146 #1180994 Cross-References: CVE-2020-26217 CVE-2020-26258 CVE-2020-26259 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP2 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for xstream fixes the following issues: xstream was updated to version 1.4.15. - CVE-2020-26217: Fixed a remote code execution due to insecure XML deserialization when relying on blocklists (bsc#1180994). - CVE-2020-26258: Fixed a server-side request forgery vulnerability (bsc#1180146). - CVE-2020-26259: Fixed an arbitrary file deletion vulnerability (bsc#1180145). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-176=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch): xstream-1.4.15-3.3.2 References: https://www.suse.com/security/cve/CVE-2020-26217.html https://www.suse.com/security/cve/CVE-2020-26258.html https://www.suse.com/security/cve/CVE-2020-26259.html https://bugzilla.suse.com/1180145 https://bugzilla.suse.com/1180146 https://bugzilla.suse.com/1180994 From sle-updates at lists.suse.com Wed Jan 20 07:18:40 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Jan 2021 15:18:40 +0100 (CET) Subject: SUSE-SU-2021:0175-1: moderate: Security update for postgresql, postgresql13 Message-ID: <20210120141840.F2A17FF18@maintenance.suse.de> SUSE Security Update: Security update for postgresql, postgresql13 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0175-1 Rating: moderate References: #1178666 #1178667 #1178668 #1178961 ECO-3049 Cross-References: CVE-2020-25694 CVE-2020-25695 CVE-2020-25696 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that solves three vulnerabilities, contains one feature and has one errata is now available. Description: This update for postgresql, postgresql13 fixes the following issues: This update ships postgresql13. Upgrade to version 13.1: * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. * CVE-2020-25694, bsc#1178667: a) Fix usage of complex connection-string parameters in pg_dump, pg_restore, clusterdb, reindexdb, and vacuumdb. b) When psql's \connect command re-uses connection parameters, ensure that all non-overridden parameters from a previous connection string are re-used. * CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from modifying specially-treated variables. * Fix recently-added timetz test case so it works when the USA is not observing daylight savings time. (obsoletes postgresql-timetz.patch) * https://www.postgresql.org/about/news/2111/ * https://www.postgresql.org/docs/13/release-13-1.html Initial packaging of PostgreSQL 13: * https://www.postgresql.org/about/news/2077/ * https://www.postgresql.org/docs/13/release-13.html - bsc#1178961: %ghost the symlinks to pg_config and ecpg. Changes in postgresql wrapper package: - Bump major version to 13. - We also transfer PostgreSQL 9.4.26 to the new package layout in SLE12-SP2 and newer. Reflect this in the conflict with postgresql94. - Also conflict with PostgreSQL versions before 9. - Conflicting with older versions is not limited to SLE. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-175=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-175=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-175=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): libecpg6-13.1-5.3.15 libecpg6-debuginfo-13.1-5.3.15 postgresql13-contrib-13.1-5.3.15 postgresql13-contrib-debuginfo-13.1-5.3.15 postgresql13-debuginfo-13.1-5.3.15 postgresql13-debugsource-13.1-5.3.10 postgresql13-debugsource-13.1-5.3.15 postgresql13-devel-13.1-5.3.15 postgresql13-devel-debuginfo-13.1-5.3.15 postgresql13-plperl-13.1-5.3.15 postgresql13-plperl-debuginfo-13.1-5.3.15 postgresql13-plpython-13.1-5.3.15 postgresql13-plpython-debuginfo-13.1-5.3.15 postgresql13-pltcl-13.1-5.3.15 postgresql13-pltcl-debuginfo-13.1-5.3.15 postgresql13-server-13.1-5.3.15 postgresql13-server-debuginfo-13.1-5.3.15 postgresql13-server-devel-13.1-5.3.15 postgresql13-server-devel-debuginfo-13.1-5.3.15 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): postgresql-contrib-13-4.6.7 postgresql-devel-13-4.6.7 postgresql-docs-13-4.6.7 postgresql-plperl-13-4.6.7 postgresql-plpython-13-4.6.7 postgresql-pltcl-13-4.6.7 postgresql-server-13-4.6.7 postgresql-server-devel-13-4.6.7 postgresql13-docs-13.1-5.3.15 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): postgresql13-test-13.1-5.3.15 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (noarch): postgresql-test-13-4.6.7 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libpq5-13.1-5.3.15 libpq5-debuginfo-13.1-5.3.15 postgresql13-13.1-5.3.15 postgresql13-debuginfo-13.1-5.3.15 postgresql13-debugsource-13.1-5.3.10 postgresql13-debugsource-13.1-5.3.15 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): postgresql-13-4.6.7 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libpq5-32bit-13.1-5.3.15 libpq5-32bit-debuginfo-13.1-5.3.15 References: https://www.suse.com/security/cve/CVE-2020-25694.html https://www.suse.com/security/cve/CVE-2020-25695.html https://www.suse.com/security/cve/CVE-2020-25696.html https://bugzilla.suse.com/1178666 https://bugzilla.suse.com/1178667 https://bugzilla.suse.com/1178668 https://bugzilla.suse.com/1178961 From sle-updates at lists.suse.com Wed Jan 20 07:20:01 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Jan 2021 15:20:01 +0100 (CET) Subject: SUSE-RU-2021:0177-1: moderate: Recommended update for libselinux Message-ID: <20210120142001.C3EC1FF18@maintenance.suse.de> SUSE Recommended Update: Recommended update for libselinux ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0177-1 Rating: moderate References: #1135710 #1136845 #1180603 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for libselinux fixes the following issue: Issues addressed: - Removed check for selinux-policy package as it is not shipped in this package(bsc#1136845). - Added check that restorecond is installed and enabled - adjusted licenses of packages. All packages are under Public Domain, only selinux-tools contains a GPL-2.0 tool. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-177=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-177=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-177=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-177=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libselinux-bindings-debugsource-2.6-4.7.3 libselinux-debugsource-2.6-4.7.3 libselinux-devel-2.6-4.7.3 libselinux1-2.6-4.7.3 libselinux1-debuginfo-2.6-4.7.3 python2-selinux-2.6-4.7.3 python2-selinux-debuginfo-2.6-4.7.3 python3-selinux-2.6-4.7.3 python3-selinux-debuginfo-2.6-4.7.3 selinux-tools-2.6-4.7.3 selinux-tools-debuginfo-2.6-4.7.3 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libselinux1-32bit-2.6-4.7.3 libselinux1-32bit-debuginfo-2.6-4.7.3 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libselinux-bindings-debugsource-2.6-4.7.3 libselinux-debugsource-2.6-4.7.3 libselinux-devel-2.6-4.7.3 libselinux1-2.6-4.7.3 libselinux1-debuginfo-2.6-4.7.3 python2-selinux-2.6-4.7.3 python2-selinux-debuginfo-2.6-4.7.3 python3-selinux-2.6-4.7.3 python3-selinux-debuginfo-2.6-4.7.3 selinux-tools-2.6-4.7.3 selinux-tools-debuginfo-2.6-4.7.3 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libselinux-bindings-debugsource-2.6-4.7.3 libselinux-debugsource-2.6-4.7.3 libselinux-devel-2.6-4.7.3 libselinux1-2.6-4.7.3 libselinux1-debuginfo-2.6-4.7.3 python2-selinux-2.6-4.7.3 python2-selinux-debuginfo-2.6-4.7.3 python3-selinux-2.6-4.7.3 python3-selinux-debuginfo-2.6-4.7.3 selinux-tools-2.6-4.7.3 selinux-tools-debuginfo-2.6-4.7.3 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libselinux1-32bit-2.6-4.7.3 libselinux1-32bit-debuginfo-2.6-4.7.3 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libselinux-bindings-debugsource-2.6-4.7.3 libselinux-debugsource-2.6-4.7.3 libselinux-devel-2.6-4.7.3 libselinux1-2.6-4.7.3 libselinux1-debuginfo-2.6-4.7.3 python2-selinux-2.6-4.7.3 python2-selinux-debuginfo-2.6-4.7.3 python3-selinux-2.6-4.7.3 python3-selinux-debuginfo-2.6-4.7.3 selinux-tools-2.6-4.7.3 selinux-tools-debuginfo-2.6-4.7.3 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libselinux1-32bit-2.6-4.7.3 libselinux1-32bit-debuginfo-2.6-4.7.3 References: https://bugzilla.suse.com/1135710 https://bugzilla.suse.com/1136845 https://bugzilla.suse.com/1180603 From sle-updates at lists.suse.com Wed Jan 20 10:15:58 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Jan 2021 18:15:58 +0100 (CET) Subject: SUSE-RU-2021:0179-1: moderate: Recommended update for timezone Message-ID: <20210120171558.8C1D3FF18@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0179-1 Rating: moderate References: #1177460 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for timezone fixes the following issues: - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-179=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-179=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-179=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-179=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2021-179=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-179=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-179=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): timezone-2020f-3.41.2 timezone-debuginfo-2020f-3.41.2 timezone-debugsource-2020f-3.41.2 - SUSE Linux Enterprise Server for SAP 15 (noarch): timezone-java-2020f-3.41.2 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): timezone-2020f-3.41.2 timezone-debuginfo-2020f-3.41.2 timezone-debugsource-2020f-3.41.2 - SUSE Linux Enterprise Server 15-LTSS (noarch): timezone-java-2020f-3.41.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): timezone-2020f-3.41.2 timezone-debuginfo-2020f-3.41.2 timezone-debugsource-2020f-3.41.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): timezone-java-2020f-3.41.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): timezone-2020f-3.41.2 timezone-debuginfo-2020f-3.41.2 timezone-debugsource-2020f-3.41.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): timezone-java-2020f-3.41.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): timezone-2020f-3.41.2 timezone-debuginfo-2020f-3.41.2 timezone-debugsource-2020f-3.41.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): timezone-java-2020f-3.41.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): timezone-2020f-3.41.2 timezone-debuginfo-2020f-3.41.2 timezone-debugsource-2020f-3.41.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): timezone-java-2020f-3.41.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): timezone-2020f-3.41.2 timezone-debuginfo-2020f-3.41.2 timezone-debugsource-2020f-3.41.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): timezone-java-2020f-3.41.2 References: https://bugzilla.suse.com/1177460 From sle-updates at lists.suse.com Wed Jan 20 10:16:59 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Jan 2021 18:16:59 +0100 (CET) Subject: SUSE-RU-2021:0178-1: moderate: Recommended update for wicked Message-ID: <20210120171659.E4E8DFF18@maintenance.suse.de> SUSE Recommended Update: Recommended update for wicked ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0178-1 Rating: moderate References: #1160939 #1168155 #1171234 #1172082 #1174099 #959556 SLE-15770 SLE-6960 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has 6 recommended fixes and contains two features can now be installed. Description: This update for wicked fixes the following issues: - Fix to avoid incomplete ifdown/timeout on route deletion error. (bsc#1174099) - Allow 'linuxrc' to send 'RFC2132' without providing the MAC address. (jsc#SLE-15770) - Fixes to ifreload on port changes. (bsc#1168155, bsc#1172082) - Fix schema to use correct 'hwaddr_policy' property. (bsc#1171234) - Enable IPv6 on ports when 'nsna_ping' linkwatch is used. (bsc#959556) - Implement support for RFC7217. (jsc#SLE-6960) - Fix for schema to avoid not applying 'rto_min' including new time format. (bsc#1160939) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2021-178=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): wicked-0.6.64-3.19.9 wicked-debuginfo-0.6.64-3.19.9 wicked-debugsource-0.6.64-3.19.9 wicked-service-0.6.64-3.19.9 References: https://bugzilla.suse.com/1160939 https://bugzilla.suse.com/1168155 https://bugzilla.suse.com/1171234 https://bugzilla.suse.com/1172082 https://bugzilla.suse.com/1174099 https://bugzilla.suse.com/959556 From sle-updates at lists.suse.com Thu Jan 21 04:16:15 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Jan 2021 12:16:15 +0100 (CET) Subject: SUSE-SU-2021:0182-1: moderate: Security update for yast2-multipath Message-ID: <20210121111615.5DBEBFF18@maintenance.suse.de> SUSE Security Update: Security update for yast2-multipath ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0182-1 Rating: moderate References: #1026027 #1117592 Cross-References: CVE-2018-17955 Affected Products: SUSE Linux Enterprise High Availability 12-SP2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for yast2-multipath to version 3.1.9 fixes the following issues: Security issue fixed: - CVE-2018-17955: Use random file name instead of static names (bsc#1117592). Non-security issue fixed: - Removed calls to /sbin/insserv (bsc#1026027). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2021-182=1 Package List: - SUSE Linux Enterprise High Availability 12-SP2 (noarch): yast2-multipath-3.1.9-12.3.45 References: https://www.suse.com/security/cve/CVE-2018-17955.html https://bugzilla.suse.com/1026027 https://bugzilla.suse.com/1117592 From sle-updates at lists.suse.com Thu Jan 21 07:15:31 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Jan 2021 15:15:31 +0100 (CET) Subject: SUSE-SU-2021:0185-1: moderate: Security update for samba Message-ID: <20210121141531.CB4B6FF18@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0185-1 Rating: moderate References: #1173902 #1173994 #1177355 #1177613 #1178469 Cross-References: CVE-2020-14318 CVE-2020-14323 CVE-2020-14383 Affected Products: SUSE Enterprise Storage 7 ______________________________________________________________________________ An update that solves three vulnerabilities and has two fixes is now available. Description: This update for samba fixes the following issues: - Update to 4.13.3 + libcli: smb2: Never print length if smb2_signing_key_valid() fails for crypto blob; (bso#14210); + s3: modules: gluster. Fix the error I made in preventing talloc leaks from a function; (bso#14486); + s3: smbd: Don't overwrite contents of fsp->aio_requests[0] with NULL via TALLOC_FREE(); (bso#14515); + s3: spoolss: Make parameters in call to user_ok_token() match all other uses; (bso#14568); + s3: smbd: Quiet log messages from usershares for an unknown share; (bso#14590); + samba process does not honor max log size; (bso#14248); + vfs_zfsacl: Add missing inherited flag on hidden "magic" everyone@ ACE; (bso#14587); + s3-libads: Pass timeout to open_socket_out in ms; (bso#13124); + s3-vfs_glusterfs: Always disable write-behind translator; (bso#14486); + smbclient: Fix recursive mget; (bso#14517); + clitar: Use do_list()'s recursion in clitar.c; (bso#14581); + manpages/vfs_glusterfs: Mention silent skipping of write-behind translator; (bso#14486); + vfs_shadow_copy2: Preserve all open flags assuming ROFS; (bso#14573); + interface: Fix if_index is not parsed correctly; (bso#14514); - Update to 4.13.2 + s3: modules: vfs_glusterfs: Fix leak of char **lines onto mem_ctx on return; (bso#14486); + RN: vfs_zfsacl: Only grant DELETE_CHILD if ACL tag is special; (bso#14471); + smb.conf.5: Add clarification how configuration changes reflected by Samba; (bso#14538); + daemons: Report status to systemd even when running in foreground; (bso#14552); + DNS Resolver: Support both dnspython before and after 2.0.0; (bso#14553); + s3-vfs_glusterfs: Refuse connection when write-behind xlator is present; (bso#14486); + provision: Add support for BIND 9.16.x; (bso#14487); + ctdb-common: Avoid aliasing errors during code optimization; (bso#14537); + libndr: Avoid assigning duplicate versions to symbols; (bso#14541); + docs: Fix default value of spoolss:architecture; (bso#14522); + winbind: Fix a memleak; (bso#14388); + s4:dsdb:acl_read: Implement "List Object" mode feature; (bso#14531); + docs-xml/manpages: Add warning about write-behind translator for vfs_glusterfs; (bso#14486); + nsswitch/nsstest.c: Avoid nss function conflicts with glibc nss.h. + vfs_shadow_copy2: Avoid closing snapsdir twice; (bso#14530); + third_party: Update resolv_wrapper to version 1.1.7; (bso#14547); + examples:auth: Do not install example plugin; (bso#14550); + ctdb-recoverd: Drop unnecessary and broken code; (bso#14513); + RN: vfs_zfsacl: Only grant DELETE_CHILD if ACL tag is special; (bso#14471); - Adjust smbcacls '--propagate-inheritance' feature to align with upstream; (bsc#1178469). - Update to samba 4.13.1 + CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records; (bsc#1177613); (bso#14472); + CVE-2020-14323: Unprivileged user can crash winbind; (bsc#1173994); (bso#14436); + CVE-2020-14318: Missing handle permissions check in SMB1/2/3 ChangeNotify; (bsc#1173902); (bso#14434); - Adjust systemd tmpfiles.d configuration, use /run/samba instead of /var/run/samba; (bsc#1177355); Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2021-185=1 Package List: - SUSE Enterprise Storage 7 (aarch64 x86_64): ctdb-4.13.3+git.181.fc4672a5b81-3.3.1 ctdb-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1 libdcerpc-binding0-4.13.3+git.181.fc4672a5b81-3.3.1 libdcerpc-binding0-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1 libdcerpc0-4.13.3+git.181.fc4672a5b81-3.3.1 libdcerpc0-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1 libndr-krb5pac0-4.13.3+git.181.fc4672a5b81-3.3.1 libndr-krb5pac0-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1 libndr-nbt0-4.13.3+git.181.fc4672a5b81-3.3.1 libndr-nbt0-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1 libndr-standard0-4.13.3+git.181.fc4672a5b81-3.3.1 libndr-standard0-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1 libndr1-4.13.3+git.181.fc4672a5b81-3.3.1 libndr1-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1 libnetapi0-4.13.3+git.181.fc4672a5b81-3.3.1 libnetapi0-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1 libsamba-credentials0-4.13.3+git.181.fc4672a5b81-3.3.1 libsamba-credentials0-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1 libsamba-errors0-4.13.3+git.181.fc4672a5b81-3.3.1 libsamba-errors0-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1 libsamba-hostconfig0-4.13.3+git.181.fc4672a5b81-3.3.1 libsamba-hostconfig0-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1 libsamba-passdb0-4.13.3+git.181.fc4672a5b81-3.3.1 libsamba-passdb0-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1 libsamba-util0-4.13.3+git.181.fc4672a5b81-3.3.1 libsamba-util0-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1 libsamdb0-4.13.3+git.181.fc4672a5b81-3.3.1 libsamdb0-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1 libsmbclient0-4.13.3+git.181.fc4672a5b81-3.3.1 libsmbclient0-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1 libsmbconf0-4.13.3+git.181.fc4672a5b81-3.3.1 libsmbconf0-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1 libsmbldap2-4.13.3+git.181.fc4672a5b81-3.3.1 libsmbldap2-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1 libtevent-util0-4.13.3+git.181.fc4672a5b81-3.3.1 libtevent-util0-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1 libwbclient0-4.13.3+git.181.fc4672a5b81-3.3.1 libwbclient0-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1 samba-4.13.3+git.181.fc4672a5b81-3.3.1 samba-ceph-4.13.3+git.181.fc4672a5b81-3.3.1 samba-ceph-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1 samba-client-4.13.3+git.181.fc4672a5b81-3.3.1 samba-client-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1 samba-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1 samba-debugsource-4.13.3+git.181.fc4672a5b81-3.3.1 samba-libs-4.13.3+git.181.fc4672a5b81-3.3.1 samba-libs-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1 samba-libs-python3-4.13.3+git.181.fc4672a5b81-3.3.1 samba-libs-python3-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1 samba-winbind-4.13.3+git.181.fc4672a5b81-3.3.1 samba-winbind-debuginfo-4.13.3+git.181.fc4672a5b81-3.3.1 References: https://www.suse.com/security/cve/CVE-2020-14318.html https://www.suse.com/security/cve/CVE-2020-14323.html https://www.suse.com/security/cve/CVE-2020-14383.html https://bugzilla.suse.com/1173902 https://bugzilla.suse.com/1173994 https://bugzilla.suse.com/1177355 https://bugzilla.suse.com/1177613 https://bugzilla.suse.com/1178469 From sle-updates at lists.suse.com Thu Jan 21 07:16:53 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Jan 2021 15:16:53 +0100 (CET) Subject: SUSE-SU-2021:0183-1: moderate: Security update for perl-Convert-ASN1 Message-ID: <20210121141653.23441FF18@maintenance.suse.de> SUSE Security Update: Security update for perl-Convert-ASN1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0183-1 Rating: moderate References: #1168934 Cross-References: CVE-2013-7488 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for perl-Convert-ASN1 fixes the following issue: - CVE-2013-7488: Fixed an infinite loop via unexpected input (bsc#1168934). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-183=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2021-183=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): perl-Convert-ASN1-0.27-1.6.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): perl-Convert-ASN1-0.27-1.6.2 References: https://www.suse.com/security/cve/CVE-2013-7488.html https://bugzilla.suse.com/1168934 From sle-updates at lists.suse.com Thu Jan 21 07:17:50 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Jan 2021 15:17:50 +0100 (CET) Subject: SUSE-SU-2021:0184-1: moderate: Security update for gdk-pixbuf Message-ID: <20210121141750.70B7CFF18@maintenance.suse.de> SUSE Security Update: Security update for gdk-pixbuf ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0184-1 Rating: moderate References: #1174307 #1180393 Cross-References: CVE-2020-29385 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for gdk-pixbuf fixes the following issues: - CVE-2020-29385: Fixed an infinite loop in lzw.c in the function write_indexes (bsc#1180393). - Fixed an integer underflow in the GIF loader (bsc#1174307). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-184=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-184=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (x86_64): gdk-pixbuf-debugsource-2.40.0-3.3.1 gdk-pixbuf-query-loaders-32bit-2.40.0-3.3.1 gdk-pixbuf-query-loaders-32bit-debuginfo-2.40.0-3.3.1 libgdk_pixbuf-2_0-0-32bit-2.40.0-3.3.1 libgdk_pixbuf-2_0-0-32bit-debuginfo-2.40.0-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): gdk-pixbuf-debugsource-2.40.0-3.3.1 gdk-pixbuf-devel-2.40.0-3.3.1 gdk-pixbuf-devel-debuginfo-2.40.0-3.3.1 gdk-pixbuf-query-loaders-2.40.0-3.3.1 gdk-pixbuf-query-loaders-debuginfo-2.40.0-3.3.1 gdk-pixbuf-thumbnailer-2.40.0-3.3.1 gdk-pixbuf-thumbnailer-debuginfo-2.40.0-3.3.1 libgdk_pixbuf-2_0-0-2.40.0-3.3.1 libgdk_pixbuf-2_0-0-debuginfo-2.40.0-3.3.1 typelib-1_0-GdkPixbuf-2_0-2.40.0-3.3.1 typelib-1_0-GdkPixdata-2_0-2.40.0-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): gdk-pixbuf-lang-2.40.0-3.3.1 References: https://www.suse.com/security/cve/CVE-2020-29385.html https://bugzilla.suse.com/1174307 https://bugzilla.suse.com/1180393 From sle-updates at lists.suse.com Thu Jan 21 10:15:37 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Jan 2021 18:15:37 +0100 (CET) Subject: SUSE-SU-2021:0186-1: moderate: Security update for wavpack Message-ID: <20210121171537.6E762FF18@maintenance.suse.de> SUSE Security Update: Security update for wavpack ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0186-1 Rating: moderate References: #1091340 #1091341 #1091342 #1091343 #1091344 #1180414 Cross-References: CVE-2018-10536 CVE-2018-10537 CVE-2018-10538 CVE-2018-10539 CVE-2018-10540 CVE-2018-19840 CVE-2018-19841 CVE-2018-6767 CVE-2018-7253 CVE-2018-7254 CVE-2019-1010319 CVE-2019-11498 CVE-2020-35738 Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: This update for wavpack fixes the following issues: - Update to version 5.4.0 * CVE-2020-35738: Fixed an out-of-bounds write in WavpackPackSamples (bsc#1180414) * fixed: disable A32 asm code when building for Apple silicon * fixed: issues with Adobe-style floating-point WAV files * added: --normalize-floats option to wvunpack for correctly exporting un-normalized floating-point files - Update to version 5.3.0 * fixed: OSS-Fuzz issues 19925, 19928, 20060, 20448 * fixed: trailing garbage characters on imported ID3v2 TXXX tags * fixed: various minor undefined behavior and memory access issues * fixed: sanitize tag extraction names for length and path inclusion * improved: reformat wvunpack "help" and split into long + short versions * added: regression testing to Travis CI for OSS-Fuzz crashers - Updated to version 5.2.0 *fixed: potential security issues including the following CVEs: CVE-2018-19840, CVE-2018-19841, CVE-2018-10536 (bsc#1091344), CVE-2018-10537 (bsc#1091343) CVE-2018-10538 (bsc#1091342), CVE-2018-10539 (bsc#1091341), CVE-2018-10540 (bsc#1091340), CVE-2018-7254, CVE-2018-7253, CVE-2018-6767, CVE-2019-11498 and CVE-2019-1010319 * added: support for CMake, Travis CI, and Google's OSS-fuzz * fixed: use correction file for encode verify (pipe input, Windows) * fixed: correct WAV header with actual length (pipe input, -i option) * fixed: thumb interworking and not needing v6 architecture (ARM asm) * added: handle more ID3v2.3 tag items and from all file types * fixed: coredump on Sparc64 (changed MD5 implementation) * fixed: handle invalid ID3v2.3 tags from sacd-ripper * fixed: several corner-case memory leaks Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-186=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-186=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-186=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-186=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-186=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-186=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-186=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-186=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-186=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-186=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-186=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-186=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-186=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-186=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-186=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-186=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-186=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): libwavpack1-5.4.0-4.9.1 libwavpack1-debuginfo-5.4.0-4.9.1 wavpack-5.4.0-4.9.1 wavpack-debuginfo-5.4.0-4.9.1 wavpack-debugsource-5.4.0-4.9.1 wavpack-devel-5.4.0-4.9.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): libwavpack1-5.4.0-4.9.1 libwavpack1-debuginfo-5.4.0-4.9.1 wavpack-5.4.0-4.9.1 wavpack-debuginfo-5.4.0-4.9.1 wavpack-debugsource-5.4.0-4.9.1 wavpack-devel-5.4.0-4.9.1 - SUSE Manager Proxy 4.0 (x86_64): libwavpack1-5.4.0-4.9.1 libwavpack1-debuginfo-5.4.0-4.9.1 wavpack-5.4.0-4.9.1 wavpack-debuginfo-5.4.0-4.9.1 wavpack-debugsource-5.4.0-4.9.1 wavpack-devel-5.4.0-4.9.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libwavpack1-5.4.0-4.9.1 libwavpack1-debuginfo-5.4.0-4.9.1 wavpack-5.4.0-4.9.1 wavpack-debuginfo-5.4.0-4.9.1 wavpack-debugsource-5.4.0-4.9.1 wavpack-devel-5.4.0-4.9.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libwavpack1-5.4.0-4.9.1 libwavpack1-debuginfo-5.4.0-4.9.1 wavpack-debuginfo-5.4.0-4.9.1 wavpack-debugsource-5.4.0-4.9.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libwavpack1-5.4.0-4.9.1 libwavpack1-debuginfo-5.4.0-4.9.1 wavpack-5.4.0-4.9.1 wavpack-debuginfo-5.4.0-4.9.1 wavpack-debugsource-5.4.0-4.9.1 wavpack-devel-5.4.0-4.9.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libwavpack1-5.4.0-4.9.1 libwavpack1-debuginfo-5.4.0-4.9.1 wavpack-5.4.0-4.9.1 wavpack-debuginfo-5.4.0-4.9.1 wavpack-debugsource-5.4.0-4.9.1 wavpack-devel-5.4.0-4.9.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libwavpack1-5.4.0-4.9.1 libwavpack1-debuginfo-5.4.0-4.9.1 wavpack-debuginfo-5.4.0-4.9.1 wavpack-debugsource-5.4.0-4.9.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): wavpack-5.4.0-4.9.1 wavpack-debuginfo-5.4.0-4.9.1 wavpack-debugsource-5.4.0-4.9.1 wavpack-devel-5.4.0-4.9.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): wavpack-5.4.0-4.9.1 wavpack-debuginfo-5.4.0-4.9.1 wavpack-debugsource-5.4.0-4.9.1 wavpack-devel-5.4.0-4.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libwavpack1-5.4.0-4.9.1 libwavpack1-debuginfo-5.4.0-4.9.1 wavpack-debuginfo-5.4.0-4.9.1 wavpack-debugsource-5.4.0-4.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libwavpack1-5.4.0-4.9.1 libwavpack1-debuginfo-5.4.0-4.9.1 wavpack-debuginfo-5.4.0-4.9.1 wavpack-debugsource-5.4.0-4.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libwavpack1-5.4.0-4.9.1 libwavpack1-debuginfo-5.4.0-4.9.1 wavpack-5.4.0-4.9.1 wavpack-debuginfo-5.4.0-4.9.1 wavpack-debugsource-5.4.0-4.9.1 wavpack-devel-5.4.0-4.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libwavpack1-5.4.0-4.9.1 libwavpack1-debuginfo-5.4.0-4.9.1 wavpack-5.4.0-4.9.1 wavpack-debuginfo-5.4.0-4.9.1 wavpack-debugsource-5.4.0-4.9.1 wavpack-devel-5.4.0-4.9.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libwavpack1-5.4.0-4.9.1 libwavpack1-debuginfo-5.4.0-4.9.1 wavpack-debuginfo-5.4.0-4.9.1 wavpack-debugsource-5.4.0-4.9.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libwavpack1-5.4.0-4.9.1 libwavpack1-debuginfo-5.4.0-4.9.1 wavpack-debuginfo-5.4.0-4.9.1 wavpack-debugsource-5.4.0-4.9.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libwavpack1-5.4.0-4.9.1 libwavpack1-debuginfo-5.4.0-4.9.1 wavpack-5.4.0-4.9.1 wavpack-debuginfo-5.4.0-4.9.1 wavpack-debugsource-5.4.0-4.9.1 wavpack-devel-5.4.0-4.9.1 - SUSE CaaS Platform 4.0 (x86_64): libwavpack1-5.4.0-4.9.1 libwavpack1-debuginfo-5.4.0-4.9.1 wavpack-5.4.0-4.9.1 wavpack-debuginfo-5.4.0-4.9.1 wavpack-debugsource-5.4.0-4.9.1 wavpack-devel-5.4.0-4.9.1 References: https://www.suse.com/security/cve/CVE-2018-10536.html https://www.suse.com/security/cve/CVE-2018-10537.html https://www.suse.com/security/cve/CVE-2018-10538.html https://www.suse.com/security/cve/CVE-2018-10539.html https://www.suse.com/security/cve/CVE-2018-10540.html https://www.suse.com/security/cve/CVE-2018-19840.html https://www.suse.com/security/cve/CVE-2018-19841.html https://www.suse.com/security/cve/CVE-2018-6767.html https://www.suse.com/security/cve/CVE-2018-7253.html https://www.suse.com/security/cve/CVE-2018-7254.html https://www.suse.com/security/cve/CVE-2019-1010319.html https://www.suse.com/security/cve/CVE-2019-11498.html https://www.suse.com/security/cve/CVE-2020-35738.html https://bugzilla.suse.com/1091340 https://bugzilla.suse.com/1091341 https://bugzilla.suse.com/1091342 https://bugzilla.suse.com/1091343 https://bugzilla.suse.com/1091344 https://bugzilla.suse.com/1180414 From sle-updates at lists.suse.com Fri Jan 22 04:15:24 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jan 2021 12:15:24 +0100 (CET) Subject: SUSE-RU-2021:0187-1: important: Recommended update for fence-agents Message-ID: <20210122111524.198ADFF18@maintenance.suse.de> SUSE Recommended Update: Recommended update for fence-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0187-1 Rating: important References: #1178343 Affected Products: SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for fence-agents fixes the following issues: - Fixes a regression which broke fencing in GCE (bsc#1178343) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2021-187=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2021-187=1 Package List: - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): fence-agents-4.6.0+git.1605185986.7b0f11c1-3.20.1 fence-agents-debuginfo-4.6.0+git.1605185986.7b0f11c1-3.20.1 fence-agents-debugsource-4.6.0+git.1605185986.7b0f11c1-3.20.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): fence-agents-4.6.0+git.1605185986.7b0f11c1-3.20.1 fence-agents-debuginfo-4.6.0+git.1605185986.7b0f11c1-3.20.1 fence-agents-debugsource-4.6.0+git.1605185986.7b0f11c1-3.20.1 References: https://bugzilla.suse.com/1178343 From sle-updates at lists.suse.com Fri Jan 22 04:16:24 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jan 2021 12:16:24 +0100 (CET) Subject: SUSE-RU-2021:14607-1: Recommended update for nss_ldap Message-ID: <20210122111624.E9131FF18@maintenance.suse.de> SUSE Recommended Update: Recommended update for nss_ldap ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:14607-1 Rating: low References: #934444 Affected Products: SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for nss_ldap provides the following fixes: - Properly initialize context structure in _nss_ldap_getbyname(). This is a follow-up fix to address issues with LDAP connections in one-shot operation mode. (bsc#934444) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-nss_ldap-14607=1 Package List: - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): nss_ldap-debuginfo-262-11.32.39.3.13 nss_ldap-debugsource-262-11.32.39.3.13 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): nss_ldap-debuginfo-32bit-262-11.32.39.3.13 References: https://bugzilla.suse.com/934444 From sle-updates at lists.suse.com Fri Jan 22 04:17:23 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jan 2021 12:17:23 +0100 (CET) Subject: SUSE-RU-2021:0188-1: important: Recommended update for fence-agents Message-ID: <20210122111723.D68E0FF18@maintenance.suse.de> SUSE Recommended Update: Recommended update for fence-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0188-1 Rating: important References: #1178343 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for fence-agents fixes the following issues: - Fixes a regression which broke fencing in GCE (bsc#1178343) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2021-188=1 Package List: - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): fence-agents-4.6.0+git.1605185986.7b0f11c1-4.19.1 fence-agents-debuginfo-4.6.0+git.1605185986.7b0f11c1-4.19.1 fence-agents-debugsource-4.6.0+git.1605185986.7b0f11c1-4.19.1 fence-agents-devel-4.6.0+git.1605185986.7b0f11c1-4.19.1 References: https://bugzilla.suse.com/1178343 From sle-updates at lists.suse.com Fri Jan 22 04:18:20 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jan 2021 12:18:20 +0100 (CET) Subject: SUSE-RU-2021:0190-1: moderate: Recommended update for yast2 Message-ID: <20210122111820.E9618FF18@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0190-1 Rating: moderate References: #1179773 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Installer 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2 fixes the following issues: yast2 was updated to 4.2.89: - Ensure the libzypp target is initialized when downloading the skelcd packages (to verify the GPG signatures) (bsc#1179773) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-190=1 - SUSE Linux Enterprise Installer 15-SP2: zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2021-190=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): yast2-4.2.89-3.14.1 yast2-logs-4.2.89-3.14.1 - SUSE Linux Enterprise Installer 15-SP2 (aarch64 ppc64le s390x x86_64): yast2-4.2.89-3.14.1 References: https://bugzilla.suse.com/1179773 From sle-updates at lists.suse.com Fri Jan 22 07:19:26 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jan 2021 15:19:26 +0100 (CET) Subject: SUSE-RU-2021:0191-1: moderate: Recommended update for groff Message-ID: <20210122141926.D9297FF18@maintenance.suse.de> SUSE Recommended Update: Recommended update for groff ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0191-1 Rating: moderate References: #1180276 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for groff fixes the following issues: - include adjustments for reproducible builds (bsc#1180276) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-191=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): groff-1.22.3-5.3.1 groff-debuginfo-1.22.3-5.3.1 groff-debugsource-1.22.3-5.3.1 groff-full-1.22.3-5.3.1 groff-full-debuginfo-1.22.3-5.3.1 groff-full-debugsource-1.22.3-5.3.1 gxditview-1.22.3-5.3.1 gxditview-debuginfo-1.22.3-5.3.1 References: https://bugzilla.suse.com/1180276 From sle-updates at lists.suse.com Fri Jan 22 07:20:23 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jan 2021 15:20:23 +0100 (CET) Subject: SUSE-SU-2021:0192-1: critical: Security update for hawk2 Message-ID: <20210122142023.849F3FF18@maintenance.suse.de> SUSE Security Update: Security update for hawk2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0192-1 Rating: critical References: #1179998 Cross-References: CVE-2020-35458 Affected Products: SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for hawk2 fixes the following issues: hawk2 was updated to version 2.5. Security issue fixed: - Fixed another possible code execution vulnerability in the controller code (bsc#1179998). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2021-192=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2021-192=1 Package List: - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): hawk2-2.5.0+git.1611141696.64c61e0c-3.24.1 hawk2-debuginfo-2.5.0+git.1611141696.64c61e0c-3.24.1 hawk2-debugsource-2.5.0+git.1611141696.64c61e0c-3.24.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): hawk2-2.5.0+git.1611141696.64c61e0c-3.24.1 hawk2-debuginfo-2.5.0+git.1611141696.64c61e0c-3.24.1 hawk2-debugsource-2.5.0+git.1611141696.64c61e0c-3.24.1 References: https://www.suse.com/security/cve/CVE-2020-35458.html https://bugzilla.suse.com/1179998 From sle-updates at lists.suse.com Fri Jan 22 10:16:19 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jan 2021 18:16:19 +0100 (CET) Subject: SUSE-SU-2021:0194-1: moderate: Security update for stunnel Message-ID: <20210122171619.92146FF18@maintenance.suse.de> SUSE Security Update: Security update for stunnel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0194-1 Rating: moderate References: #1177580 #1178533 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for stunnel fixes the following issues: Security issue fixed: - The "redirect" option was fixed to properly handle "verifyChain = yes" (bsc#1177580). Non-security issues fixed: - Fix startup problem of the stunnel daemon (bsc#1178533) - update to 5.57: * Security bugfixes * New features - New securityLevel configuration file option. - Support for modern PostgreSQL clients - TLS 1.3 configuration updated for better compatibility. * Bugfixes - Fixed a transfer() loop bug. - Fixed memory leaks on configuration reloading errors. - DH/ECDH initialization restored for client sections. - Delay startup with systemd until network is online. - A number of testing framework fixes and improvements. - update to 5.56: - Various text files converted to Markdown format. - Support for realpath(3) implementations incompatible with POSIX.1-2008, such as 4.4BSD or Solaris. - Support for engines without PRNG seeding methods (thx to Petr Mikhalitsyn). - Retry unsuccessful port binding on configuration file reload. - Thread safety fixes in SSL_SESSION object handling. - Terminate clients on exit in the FORK threading model. - Fixup stunnel.conf handling: * Remove old static openSUSE provided stunnel.conf. * Use upstream stunnel.conf and tailor it for openSUSE using sed. * Don't show README.openSUSE when installing. - enable /etc/stunnel/conf.d - re-enable openssl.cnf Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-194=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): stunnel-5.57-3.5.1 stunnel-debuginfo-5.57-3.5.1 stunnel-debugsource-5.57-3.5.1 References: https://bugzilla.suse.com/1177580 https://bugzilla.suse.com/1178533 From sle-updates at lists.suse.com Fri Jan 22 10:18:08 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jan 2021 18:18:08 +0100 (CET) Subject: SUSE-SU-2021:0198-1: critical: Security update for hawk2 Message-ID: <20210122171808.143ACFF18@maintenance.suse.de> SUSE Security Update: Security update for hawk2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0198-1 Rating: critical References: #1179998 Cross-References: CVE-2020-35458 Affected Products: SUSE Linux Enterprise High Availability 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for hawk2 fixes the following issues: hawk2 was updated to version 2.5. Security issue fixed: - Fixed another possible code execution vulnerability in the controller code (bsc#1179998). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2021-198=1 Package List: - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): hawk2-2.5.0+git.1611141696.64c61e0c-2.36.1 hawk2-debuginfo-2.5.0+git.1611141696.64c61e0c-2.36.1 hawk2-debugsource-2.5.0+git.1611141696.64c61e0c-2.36.1 References: https://www.suse.com/security/cve/CVE-2020-35458.html https://bugzilla.suse.com/1179998 From sle-updates at lists.suse.com Fri Jan 22 10:19:00 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jan 2021 18:19:00 +0100 (CET) Subject: SUSE-SU-2021:0195-1: moderate: Security update for mutt Message-ID: <20210122171900.7EC30FF18@maintenance.suse.de> SUSE Security Update: Security update for mutt ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0195-1 Rating: moderate References: #1181221 Cross-References: CVE-2021-3181 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for mutt fixes the following issue: - CVE-2021-3181: Fixed a memory leak in recipient parsing (bsc#1181221). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-195=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): mutt-1.10.1-3.20.1 mutt-debuginfo-1.10.1-3.20.1 mutt-debugsource-1.10.1-3.20.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): mutt-doc-1.10.1-3.20.1 mutt-lang-1.10.1-3.20.1 References: https://www.suse.com/security/cve/CVE-2021-3181.html https://bugzilla.suse.com/1181221 From sle-updates at lists.suse.com Fri Jan 22 10:20:40 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jan 2021 18:20:40 +0100 (CET) Subject: SUSE-SU-2021:0196-1: moderate: Security update for mutt Message-ID: <20210122172040.34B4BFF18@maintenance.suse.de> SUSE Security Update: Security update for mutt ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0196-1 Rating: moderate References: #1181221 Cross-References: CVE-2021-3181 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for mutt fixes the following issue: - CVE-2021-3181: Fixed a memory leak in recipient parsing (bsc#1181221). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-196=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): mutt-1.10.1-55.24.1 mutt-debuginfo-1.10.1-55.24.1 mutt-debugsource-1.10.1-55.24.1 References: https://www.suse.com/security/cve/CVE-2021-3181.html https://bugzilla.suse.com/1181221 From sle-updates at lists.suse.com Fri Jan 22 10:21:43 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jan 2021 18:21:43 +0100 (CET) Subject: SUSE-SU-2021:0199-1: important: Security update for ImageMagick Message-ID: <20210122172143.2E9A2FF18@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0199-1 Rating: important References: #1179103 #1179202 #1179208 #1179212 #1179223 #1179240 #1179244 #1179260 #1179268 #1179269 #1179278 #1179281 #1179285 #1179311 #1179312 #1179313 #1179315 #1179317 #1179321 #1179322 #1179327 #1179333 #1179336 #1179338 #1179339 #1179343 #1179345 #1179346 #1179347 #1179361 #1179362 #1179397 Cross-References: CVE-2020-19667 CVE-2020-25664 CVE-2020-25665 CVE-2020-25666 CVE-2020-25674 CVE-2020-25675 CVE-2020-25676 CVE-2020-27750 CVE-2020-27751 CVE-2020-27752 CVE-2020-27753 CVE-2020-27754 CVE-2020-27755 CVE-2020-27757 CVE-2020-27759 CVE-2020-27760 CVE-2020-27761 CVE-2020-27762 CVE-2020-27763 CVE-2020-27764 CVE-2020-27765 CVE-2020-27766 CVE-2020-27767 CVE-2020-27768 CVE-2020-27769 CVE-2020-27770 CVE-2020-27771 CVE-2020-27772 CVE-2020-27773 CVE-2020-27774 CVE-2020-27775 CVE-2020-27776 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes 32 vulnerabilities is now available. Description: This update for ImageMagick fixes the following issues: - CVE-2020-19667: Fixed a stack buffer overflow in XPM coder could result in a crash (bsc#1179103). - CVE-2020-25664: Fixed a heap-based buffer overflow in PopShortPixel (bsc#1179202). - CVE-2020-25665: Fixed a heap-based buffer overflow in WritePALMImage (bsc#1179208). - CVE-2020-25666: Fixed an outside the range of representable values of type 'int' and signed integer overflow (bsc#1179212). - CVE-2020-25674: Fixed a heap-based buffer overflow in WriteOnePNGImage (bsc#1179223). - CVE-2020-25675: Fixed an outside the range of representable values of type 'long' and integer overflow (bsc#1179240). - CVE-2020-25676: Fixed an outside the range of representable values of type 'long' and integer overflow at MagickCore/pixel.c (bsc#1179244). - CVE-2020-27750: Fixed an division by zero in MagickCore/colorspace-private.h (bsc#1179260). - CVE-2020-27751: Fixed an integer overflow in MagickCore/quantum-export.c (bsc#1179269). - CVE-2020-27752: Fixed a heap-based buffer overflow in PopShortPixel in MagickCore/quantum-private.h (bsc#1179346). - CVE-2020-27753: Fixed memory leaks in AcquireMagickMemory function (bsc#1179397). - CVE-2020-27754: Fixed an outside the range of representable values of type 'long' and signed integer overflow at MagickCore/quantize.c (bsc#1179336). - CVE-2020-27755: Fixed memory leaks in ResizeMagickMemory function in ImageMagick/MagickCore/memory.c (bsc#1179345). - CVE-2020-27757: Fixed an outside the range of representable values of type 'unsigned long long' at MagickCore/quantum-private.h (bsc#1179268). - CVE-2020-27759: Fixed an outside the range of representable values of type 'int' at MagickCore/quantize.c (bsc#1179313). - CVE-2020-27760: Fixed a division by zero at MagickCore/enhance.c (bsc#1179281). - CVE-2020-27761: Fixed an outside the range of representable values of type 'unsigned long' at coders/palm.c (bsc#1179315). - CVE-2020-27762: Fixed an outside the range of representable values of type 'unsigned char' (bsc#1179278). - CVE-2020-27763: Fixed a division by zero at MagickCore/resize.c (bsc#1179312). - CVE-2020-27764: Fixed an outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c (bsc#1179317). - CVE-2020-27765: Fixed a division by zero at MagickCore/segment.c (bsc#1179311). - CVE-2020-27766: Fixed an outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c (bsc#1179361). - CVE-2020-27767: Fixed an outside the range of representable values of type 'float' at MagickCore/quantum.h (bsc#1179322). - CVE-2020-27768: Fixed an outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h (bsc#1179339). - CVE-2020-27769: Fixed an outside the range of representable values of type 'float' at MagickCore/quantize.c (bsc#1179321). - CVE-2020-27770: Fixed an unsigned offset overflowed at MagickCore/string.c (bsc#1179343). - CVE-2020-27771: Fixed an outside the range of representable values of type 'unsigned char' at coders/pdf.c (bsc#1179327). - CVE-2020-27772: Fixed an outside the range of representable values of type 'unsigned int' at coders/bmp.c (bsc#1179347). - CVE-2020-27773: Fixed a division by zero at MagickCore/gem-private.h (bsc#1179285). - CVE-2020-27774: Fixed an integer overflow at MagickCore/statistic.c (bsc#1179333). - CVE-2020-27775: Fixed an outside the range of representable values of type 'unsigned char' at MagickCore/quantum.h (bsc#1179338). - CVE-2020-27776: Fixed an outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c (bsc#1179362). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-199=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-199=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-199=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-199=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2021-199=1 - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2021-199=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-199=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-199=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-199=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2021-199=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-199=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-199=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-199=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-199=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2021-199=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-199=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2021-199=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-199=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): ImageMagick-config-6-SUSE-6.8.8.1-71.154.1 ImageMagick-config-6-upstream-6.8.8.1-71.154.1 ImageMagick-debuginfo-6.8.8.1-71.154.1 ImageMagick-debugsource-6.8.8.1-71.154.1 libMagickCore-6_Q16-1-6.8.8.1-71.154.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.154.1 libMagickWand-6_Q16-1-6.8.8.1-71.154.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.154.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): ImageMagick-config-6-SUSE-6.8.8.1-71.154.1 ImageMagick-config-6-upstream-6.8.8.1-71.154.1 ImageMagick-debuginfo-6.8.8.1-71.154.1 ImageMagick-debugsource-6.8.8.1-71.154.1 libMagickCore-6_Q16-1-6.8.8.1-71.154.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.154.1 libMagickWand-6_Q16-1-6.8.8.1-71.154.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.154.1 - SUSE OpenStack Cloud 9 (x86_64): ImageMagick-config-6-SUSE-6.8.8.1-71.154.1 ImageMagick-config-6-upstream-6.8.8.1-71.154.1 ImageMagick-debuginfo-6.8.8.1-71.154.1 ImageMagick-debugsource-6.8.8.1-71.154.1 libMagickCore-6_Q16-1-6.8.8.1-71.154.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.154.1 libMagickWand-6_Q16-1-6.8.8.1-71.154.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.154.1 - SUSE OpenStack Cloud 8 (x86_64): ImageMagick-config-6-SUSE-6.8.8.1-71.154.1 ImageMagick-config-6-upstream-6.8.8.1-71.154.1 ImageMagick-debuginfo-6.8.8.1-71.154.1 ImageMagick-debugsource-6.8.8.1-71.154.1 libMagickCore-6_Q16-1-6.8.8.1-71.154.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.154.1 libMagickWand-6_Q16-1-6.8.8.1-71.154.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.154.1 - SUSE OpenStack Cloud 7 (s390x x86_64): ImageMagick-config-6-SUSE-6.8.8.1-71.154.1 ImageMagick-config-6-upstream-6.8.8.1-71.154.1 ImageMagick-debuginfo-6.8.8.1-71.154.1 ImageMagick-debugsource-6.8.8.1-71.154.1 libMagickCore-6_Q16-1-6.8.8.1-71.154.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.154.1 libMagickWand-6_Q16-1-6.8.8.1-71.154.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.154.1 - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): ImageMagick-6.8.8.1-71.154.1 ImageMagick-debuginfo-6.8.8.1-71.154.1 ImageMagick-debugsource-6.8.8.1-71.154.1 libMagick++-6_Q16-3-6.8.8.1-71.154.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.154.1 libMagickCore-6_Q16-1-32bit-6.8.8.1-71.154.1 libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.154.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): ImageMagick-6.8.8.1-71.154.1 ImageMagick-config-6-SUSE-6.8.8.1-71.154.1 ImageMagick-config-6-upstream-6.8.8.1-71.154.1 ImageMagick-debuginfo-6.8.8.1-71.154.1 ImageMagick-debugsource-6.8.8.1-71.154.1 ImageMagick-devel-6.8.8.1-71.154.1 libMagick++-6_Q16-3-6.8.8.1-71.154.1 libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.154.1 libMagick++-devel-6.8.8.1-71.154.1 perl-PerlMagick-6.8.8.1-71.154.1 perl-PerlMagick-debuginfo-6.8.8.1-71.154.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): ImageMagick-config-6-SUSE-6.8.8.1-71.154.1 ImageMagick-config-6-upstream-6.8.8.1-71.154.1 ImageMagick-debuginfo-6.8.8.1-71.154.1 ImageMagick-debugsource-6.8.8.1-71.154.1 libMagickCore-6_Q16-1-6.8.8.1-71.154.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.154.1 libMagickWand-6_Q16-1-6.8.8.1-71.154.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.154.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): ImageMagick-config-6-SUSE-6.8.8.1-71.154.1 ImageMagick-config-6-upstream-6.8.8.1-71.154.1 ImageMagick-debuginfo-6.8.8.1-71.154.1 ImageMagick-debugsource-6.8.8.1-71.154.1 libMagickCore-6_Q16-1-6.8.8.1-71.154.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.154.1 libMagickWand-6_Q16-1-6.8.8.1-71.154.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.154.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): ImageMagick-config-6-SUSE-6.8.8.1-71.154.1 ImageMagick-config-6-upstream-6.8.8.1-71.154.1 ImageMagick-debuginfo-6.8.8.1-71.154.1 ImageMagick-debugsource-6.8.8.1-71.154.1 libMagickCore-6_Q16-1-6.8.8.1-71.154.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.154.1 libMagickWand-6_Q16-1-6.8.8.1-71.154.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.154.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): ImageMagick-config-6-SUSE-6.8.8.1-71.154.1 ImageMagick-config-6-upstream-6.8.8.1-71.154.1 ImageMagick-debuginfo-6.8.8.1-71.154.1 ImageMagick-debugsource-6.8.8.1-71.154.1 libMagickCore-6_Q16-1-6.8.8.1-71.154.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.154.1 libMagickWand-6_Q16-1-6.8.8.1-71.154.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.154.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): ImageMagick-config-6-SUSE-6.8.8.1-71.154.1 ImageMagick-config-6-upstream-6.8.8.1-71.154.1 ImageMagick-debuginfo-6.8.8.1-71.154.1 ImageMagick-debugsource-6.8.8.1-71.154.1 libMagickCore-6_Q16-1-6.8.8.1-71.154.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.154.1 libMagickWand-6_Q16-1-6.8.8.1-71.154.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.154.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): ImageMagick-config-6-SUSE-6.8.8.1-71.154.1 ImageMagick-config-6-upstream-6.8.8.1-71.154.1 ImageMagick-debuginfo-6.8.8.1-71.154.1 ImageMagick-debugsource-6.8.8.1-71.154.1 libMagickCore-6_Q16-1-6.8.8.1-71.154.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.154.1 libMagickWand-6_Q16-1-6.8.8.1-71.154.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.154.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): ImageMagick-config-6-SUSE-6.8.8.1-71.154.1 ImageMagick-config-6-upstream-6.8.8.1-71.154.1 ImageMagick-debuginfo-6.8.8.1-71.154.1 ImageMagick-debugsource-6.8.8.1-71.154.1 libMagickCore-6_Q16-1-6.8.8.1-71.154.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.154.1 libMagickWand-6_Q16-1-6.8.8.1-71.154.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.154.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): ImageMagick-config-6-SUSE-6.8.8.1-71.154.1 ImageMagick-config-6-upstream-6.8.8.1-71.154.1 ImageMagick-debuginfo-6.8.8.1-71.154.1 ImageMagick-debugsource-6.8.8.1-71.154.1 libMagickCore-6_Q16-1-6.8.8.1-71.154.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.154.1 libMagickWand-6_Q16-1-6.8.8.1-71.154.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.154.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): ImageMagick-config-6-SUSE-6.8.8.1-71.154.1 ImageMagick-config-6-upstream-6.8.8.1-71.154.1 ImageMagick-debuginfo-6.8.8.1-71.154.1 ImageMagick-debugsource-6.8.8.1-71.154.1 libMagickCore-6_Q16-1-6.8.8.1-71.154.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.154.1 libMagickWand-6_Q16-1-6.8.8.1-71.154.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.154.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): ImageMagick-config-6-SUSE-6.8.8.1-71.154.1 ImageMagick-config-6-upstream-6.8.8.1-71.154.1 ImageMagick-debuginfo-6.8.8.1-71.154.1 ImageMagick-debugsource-6.8.8.1-71.154.1 libMagickCore-6_Q16-1-6.8.8.1-71.154.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.154.1 libMagickWand-6_Q16-1-6.8.8.1-71.154.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.154.1 - HPE Helion Openstack 8 (x86_64): ImageMagick-config-6-SUSE-6.8.8.1-71.154.1 ImageMagick-config-6-upstream-6.8.8.1-71.154.1 ImageMagick-debuginfo-6.8.8.1-71.154.1 ImageMagick-debugsource-6.8.8.1-71.154.1 libMagickCore-6_Q16-1-6.8.8.1-71.154.1 libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.154.1 libMagickWand-6_Q16-1-6.8.8.1-71.154.1 libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.154.1 References: https://www.suse.com/security/cve/CVE-2020-19667.html https://www.suse.com/security/cve/CVE-2020-25664.html https://www.suse.com/security/cve/CVE-2020-25665.html https://www.suse.com/security/cve/CVE-2020-25666.html https://www.suse.com/security/cve/CVE-2020-25674.html https://www.suse.com/security/cve/CVE-2020-25675.html https://www.suse.com/security/cve/CVE-2020-25676.html https://www.suse.com/security/cve/CVE-2020-27750.html https://www.suse.com/security/cve/CVE-2020-27751.html https://www.suse.com/security/cve/CVE-2020-27752.html https://www.suse.com/security/cve/CVE-2020-27753.html https://www.suse.com/security/cve/CVE-2020-27754.html https://www.suse.com/security/cve/CVE-2020-27755.html https://www.suse.com/security/cve/CVE-2020-27757.html https://www.suse.com/security/cve/CVE-2020-27759.html https://www.suse.com/security/cve/CVE-2020-27760.html https://www.suse.com/security/cve/CVE-2020-27761.html https://www.suse.com/security/cve/CVE-2020-27762.html https://www.suse.com/security/cve/CVE-2020-27763.html https://www.suse.com/security/cve/CVE-2020-27764.html https://www.suse.com/security/cve/CVE-2020-27765.html https://www.suse.com/security/cve/CVE-2020-27766.html https://www.suse.com/security/cve/CVE-2020-27767.html https://www.suse.com/security/cve/CVE-2020-27768.html https://www.suse.com/security/cve/CVE-2020-27769.html https://www.suse.com/security/cve/CVE-2020-27770.html https://www.suse.com/security/cve/CVE-2020-27771.html https://www.suse.com/security/cve/CVE-2020-27772.html https://www.suse.com/security/cve/CVE-2020-27773.html https://www.suse.com/security/cve/CVE-2020-27774.html https://www.suse.com/security/cve/CVE-2020-27775.html https://www.suse.com/security/cve/CVE-2020-27776.html https://bugzilla.suse.com/1179103 https://bugzilla.suse.com/1179202 https://bugzilla.suse.com/1179208 https://bugzilla.suse.com/1179212 https://bugzilla.suse.com/1179223 https://bugzilla.suse.com/1179240 https://bugzilla.suse.com/1179244 https://bugzilla.suse.com/1179260 https://bugzilla.suse.com/1179268 https://bugzilla.suse.com/1179269 https://bugzilla.suse.com/1179278 https://bugzilla.suse.com/1179281 https://bugzilla.suse.com/1179285 https://bugzilla.suse.com/1179311 https://bugzilla.suse.com/1179312 https://bugzilla.suse.com/1179313 https://bugzilla.suse.com/1179315 https://bugzilla.suse.com/1179317 https://bugzilla.suse.com/1179321 https://bugzilla.suse.com/1179322 https://bugzilla.suse.com/1179327 https://bugzilla.suse.com/1179333 https://bugzilla.suse.com/1179336 https://bugzilla.suse.com/1179338 https://bugzilla.suse.com/1179339 https://bugzilla.suse.com/1179343 https://bugzilla.suse.com/1179345 https://bugzilla.suse.com/1179346 https://bugzilla.suse.com/1179347 https://bugzilla.suse.com/1179361 https://bugzilla.suse.com/1179362 https://bugzilla.suse.com/1179397 From sle-updates at lists.suse.com Fri Jan 22 10:25:45 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jan 2021 18:25:45 +0100 (CET) Subject: SUSE-SU-2021:0197-1: moderate: Security update for permissions Message-ID: <20210122172545.84E0BFF18@maintenance.suse.de> SUSE Security Update: Security update for permissions ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0197-1 Rating: moderate References: #1171883 Cross-References: CVE-2020-8025 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for permissions fixes the following issues: - Update to version 20181224: * pcp: remove no longer needed / conflicting entries (bsc#1171883, CVE-2020-8025) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-197=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): permissions-20181224-23.3.1 permissions-debuginfo-20181224-23.3.1 permissions-debugsource-20181224-23.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): permissions-zypp-plugin-20181224-23.3.1 References: https://www.suse.com/security/cve/CVE-2020-8025.html https://bugzilla.suse.com/1171883 From sle-updates at lists.suse.com Fri Jan 22 13:14:52 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Jan 2021 21:14:52 +0100 (CET) Subject: SUSE-SU-2021:0200-1: critical: Security update for hawk2 Message-ID: <20210122201452.E2379FF18@maintenance.suse.de> SUSE Security Update: Security update for hawk2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0200-1 Rating: critical References: #1179998 Cross-References: CVE-2020-35458 Affected Products: SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for hawk2 fixes the following issues: hawk2 was updated to version 2.4.0+git.1611141202.2fe6369e. Security issue fixed: - Fixed another possible code execution vulnerability in the controller code (bsc#1179998). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-200=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2021-200=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2021-200=1 Package List: - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): hawk2-2.4.0+git.1611141202.2fe6369e-3.21.1 hawk2-debuginfo-2.4.0+git.1611141202.2fe6369e-3.21.1 hawk2-debugsource-2.4.0+git.1611141202.2fe6369e-3.21.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): hawk2-2.4.0+git.1611141202.2fe6369e-3.21.1 hawk2-debuginfo-2.4.0+git.1611141202.2fe6369e-3.21.1 hawk2-debugsource-2.4.0+git.1611141202.2fe6369e-3.21.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): hawk2-2.4.0+git.1611141202.2fe6369e-3.21.1 hawk2-debuginfo-2.4.0+git.1611141202.2fe6369e-3.21.1 hawk2-debugsource-2.4.0+git.1611141202.2fe6369e-3.21.1 References: https://www.suse.com/security/cve/CVE-2020-35458.html https://bugzilla.suse.com/1179998 From sle-updates at lists.suse.com Sat Jan 23 01:55:16 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 23 Jan 2021 09:55:16 +0100 (CET) Subject: SUSE-CU-2021:27-1: Recommended update of suse/sle15 Message-ID: <20210123085516.B644BFF18@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:27-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.328 Container Release : 4.22.328 Severity : moderate Type : recommended References : 1135710 1136845 1180603 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:177-1 Released: Wed Jan 20 11:18:03 2021 Summary: Recommended update for libselinux Type: recommended Severity: moderate References: 1135710,1136845,1180603 This update for libselinux fixes the following issue: Issues addressed: - Removed check for selinux-policy package as it is not shipped in this package(bsc#1136845). - Added check that restorecond is installed and enabled - adjusted licenses of packages. All packages are under Public Domain, only selinux-tools contains a GPL-2.0 tool. From sle-updates at lists.suse.com Sat Jan 23 02:01:00 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 23 Jan 2021 10:01:00 +0100 (CET) Subject: SUSE-CU-2021:28-1: Recommended update of suse/sle15 Message-ID: <20210123090100.BF8A8FF18@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:28-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.8.2.826 Container Release : 8.2.826 Severity : moderate Type : recommended References : 1179816 1180077 1180663 1180721 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:169-1 Released: Tue Jan 19 16:18:46 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179816,1180077,1180663,1180721 This update for libsolv, libzypp, zypper fixes the following issues: libzypp was updated to 17.25.6: - Rephrase solver problem descriptions (jsc#SLE-8482) - Adapt to changed gpg2/libgpgme behavior (bsc#1180721) - Multicurl backend breaks with with unknown filesize (fixes #277) zypper was updated to 1.14.42: - Fix source-download commnds help (bsc#1180663) - man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816) - Extend apt packagemap (fixes #366) - --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077) libsolv was updated to 0.7.16; - do not ask the namespace callback for splitprovides when writing a testcase - fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes - improve choicerule generation so that package updates are prefered in more cases From sle-updates at lists.suse.com Sat Jan 23 02:01:08 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 23 Jan 2021 10:01:08 +0100 (CET) Subject: SUSE-CU-2021:29-1: Recommended update of suse/sle15 Message-ID: <20210123090108.DBAB5FF18@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:29-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.8.2.827 Container Release : 8.2.827 Severity : moderate Type : recommended References : 1172695 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:174-1 Released: Wed Jan 20 07:55:23 2021 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1172695 This update for gnutls fixes the following issue: - Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) From sle-updates at lists.suse.com Sat Jan 23 02:01:17 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 23 Jan 2021 10:01:17 +0100 (CET) Subject: SUSE-CU-2021:30-1: Security update of suse/sle15 Message-ID: <20210123090117.D0416FF18@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:30-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.8.2.829 Container Release : 8.2.829 Severity : moderate Type : security References : 1171883 CVE-2020-8025 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:197-1 Released: Fri Jan 22 15:17:42 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1171883,CVE-2020-8025 This update for permissions fixes the following issues: - Update to version 20181224: * pcp: remove no longer needed / conflicting entries (bsc#1171883, CVE-2020-8025) From sle-updates at lists.suse.com Sat Jan 23 02:02:08 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 23 Jan 2021 10:02:08 +0100 (CET) Subject: SUSE-CU-2021:31-1: Recommended update of suse/sle15 Message-ID: <20210123090208.7738BFF18@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:31-1 Container Tags : suse/sle15:15.3 , suse/sle15:15.3.13.2.77 Container Release : 13.2.77 Severity : moderate Type : recommended References : 1172695 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:174-1 Released: Wed Jan 20 07:55:23 2021 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1172695 This update for gnutls fixes the following issue: - Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) From sle-updates at lists.suse.com Mon Jan 25 10:15:26 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Jan 2021 18:15:26 +0100 (CET) Subject: SUSE-RU-2021:0202-1: moderate: Recommended update for crmsh Message-ID: <20210125171526.CD26EFF18@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0202-1 Rating: moderate References: #1177023 #1180149 #1180421 #1180424 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for crmsh fixes the following issues: - Fix for an issue when 'cluster-init' fails due to wrong declaration of netmask. (bsc#1180421) - Fix for crmsh and yast2-cluster by adding '/etc/modules-load.d/watchdog.conf' into corosync config. (bsc#1180424) - Fix for bootstrap to return more specific error messages. (bsc#1177023) - Fix for a bootstrap isue when cluster init process not protected by lock and exclude other not joinging. (bsc#1180149) - Implement to use ping to test host is reachable before joining. - Check cluster was running on init node Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2021-202=1 Package List: - SUSE Linux Enterprise High Availability 15 (noarch): crmsh-4.2.0+git.1609987436.0d3a9bf5-3.59.1 crmsh-scripts-4.2.0+git.1609987436.0d3a9bf5-3.59.1 References: https://bugzilla.suse.com/1177023 https://bugzilla.suse.com/1180149 https://bugzilla.suse.com/1180421 https://bugzilla.suse.com/1180424 From sle-updates at lists.suse.com Mon Jan 25 10:17:33 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Jan 2021 18:17:33 +0100 (CET) Subject: SUSE-RU-2021:0203-1: moderate: Recommended update for powerpc-utils Message-ID: <20210125171733.D0A87FF18@maintenance.suse.de> SUSE Recommended Update: Recommended update for powerpc-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0203-1 Rating: moderate References: #1180854 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for powerpc-utils fixes the following issues: - Add manpage for the 'drmgr' utility. (bsc#1180854 ltc#170517) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-203=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (ppc64le): powerpc-utils-1.3.7.1-5.26.1 powerpc-utils-debuginfo-1.3.7.1-5.26.1 powerpc-utils-debugsource-1.3.7.1-5.26.1 References: https://bugzilla.suse.com/1180854 From sle-updates at lists.suse.com Mon Jan 25 10:19:22 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Jan 2021 18:19:22 +0100 (CET) Subject: SUSE-RU-2021:0201-1: moderate: Recommended update for crmsh Message-ID: <20210125171922.D2CA7FF18@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0201-1 Rating: moderate References: #1177023 #1180149 #1180421 #1180424 Affected Products: SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for crmsh fixes the following issues: - Fix for an issue when 'cluster-init' fails due to wrong declaration of netmask. (bsc#1180421) - Fix for crmsh and yast2-cluster by adding '/etc/modules-load.d/watchdog.conf' into corosync config. (bsc#1180424) - Fix for bootstrap to return more specific error messages. (bsc#1177023) - Fix for a bootstrap isue when cluster init process not protected by lock and exclude other not joinging. (bsc#1180149) - Implement to use ping to test host is reachable before joining. - Check cluster was running on init node Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-201=1 Package List: - SUSE Linux Enterprise High Availability 15-SP2 (noarch): crmsh-4.2.0+git.1609987436.0d3a9bf5-5.35.1 crmsh-scripts-4.2.0+git.1609987436.0d3a9bf5-5.35.1 References: https://bugzilla.suse.com/1177023 https://bugzilla.suse.com/1180149 https://bugzilla.suse.com/1180421 https://bugzilla.suse.com/1180424 From sle-updates at lists.suse.com Mon Jan 25 10:22:35 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Jan 2021 18:22:35 +0100 (CET) Subject: SUSE-RU-2021:0204-1: moderate: Recommended update for powerpc-utils Message-ID: <20210125172235.2C331FF18@maintenance.suse.de> SUSE Recommended Update: Recommended update for powerpc-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0204-1 Rating: moderate References: #1180854 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for powerpc-utils fixes the following issues: - Add manpage for the 'drmgr' utility. (bsc#1180854 ltc#170517) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-204=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2021-204=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (ppc64le): powerpc-utils-1.3.7.1-3.27.1 powerpc-utils-debuginfo-1.3.7.1-3.27.1 powerpc-utils-debugsource-1.3.7.1-3.27.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (ppc64le): powerpc-utils-1.3.7.1-3.27.1 powerpc-utils-debuginfo-1.3.7.1-3.27.1 powerpc-utils-debugsource-1.3.7.1-3.27.1 References: https://bugzilla.suse.com/1180854 From sle-updates at lists.suse.com Mon Jan 25 13:15:20 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Jan 2021 21:15:20 +0100 (CET) Subject: SUSE-SU-2021:0210-1: important: Security update for rubygem-nokogiri Message-ID: <20210125201520.EBE9EFF18@maintenance.suse.de> SUSE Security Update: Security update for rubygem-nokogiri ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0210-1 Rating: important References: #1146578 #1180507 Cross-References: CVE-2019-5477 CVE-2020-26247 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for rubygem-nokogiri fixes the following issues: - CVE-2019-5477: Fixed a command injection vulnerability (bsc#1146578). - CVE-2020-26247: Fixed an XXE vulnerability in Nokogiri::XML::Schema (bsc#1180507). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-210=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-210=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2021-210=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): ruby2.1-rubygem-nokogiri-1.6.1-5.3.1 ruby2.1-rubygem-nokogiri-debuginfo-1.6.1-5.3.1 rubygem-nokogiri-debugsource-1.6.1-5.3.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): ruby2.1-rubygem-nokogiri-1.6.1-5.3.1 ruby2.1-rubygem-nokogiri-debuginfo-1.6.1-5.3.1 rubygem-nokogiri-debugsource-1.6.1-5.3.1 - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): ruby2.1-rubygem-nokogiri-1.6.1-5.3.1 ruby2.1-rubygem-nokogiri-debuginfo-1.6.1-5.3.1 rubygem-nokogiri-debugsource-1.6.1-5.3.1 References: https://www.suse.com/security/cve/CVE-2019-5477.html https://www.suse.com/security/cve/CVE-2020-26247.html https://bugzilla.suse.com/1146578 https://bugzilla.suse.com/1180507 From sle-updates at lists.suse.com Mon Jan 25 13:16:23 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Jan 2021 21:16:23 +0100 (CET) Subject: SUSE-RU-2021:0205-1: moderate: Recommended update for google-poppins-fonts Message-ID: <20210125201623.34727FF18@maintenance.suse.de> SUSE Recommended Update: Recommended update for google-poppins-fonts ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0205-1 Rating: moderate References: ECO-3169 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for google-poppins-fonts fixes the following issues: - Fix copyright attribution and other cleaning on specfile. (jsc#ECO-3169) - Fix url to download archive. - Create initial version. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-205=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): google-poppins-fonts-4.003-5.3.1 References: From sle-updates at lists.suse.com Mon Jan 25 13:17:13 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Jan 2021 21:17:13 +0100 (CET) Subject: SUSE-RU-2021:0207-1: moderate: Recommended update for python-websockify Message-ID: <20210125201713.1E8DAFF18@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-websockify ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0207-1 Rating: moderate References: #1163513 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-websockify fixes the following issues: - Add 'python-numpy' as requirement. (bsc#1163513) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-207=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2021-207=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): python-websockify-common-0.8.0-9.3.1 python3-websockify-0.8.0-9.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): python-websockify-common-0.8.0-9.3.1 python3-websockify-0.8.0-9.3.1 References: https://bugzilla.suse.com/1163513 From sle-updates at lists.suse.com Mon Jan 25 13:18:47 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Jan 2021 21:18:47 +0100 (CET) Subject: SUSE-RU-2021:0206-1: moderate: Recommended update for mutter Message-ID: <20210125201847.19AF2FF18@maintenance.suse.de> SUSE Recommended Update: Recommended update for mutter ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0206-1 Rating: moderate References: #1176999 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for mutter fixes the following issues: - Fixes an issue when the input devices can become unresponsive. (bsc#1176999) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-206=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-206=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): mutter-debuginfo-3.20.3-16.18.1 mutter-debugsource-3.20.3-16.18.1 mutter-devel-3.20.3-16.18.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libmutter0-3.20.3-16.18.1 libmutter0-debuginfo-3.20.3-16.18.1 mutter-3.20.3-16.18.1 mutter-data-3.20.3-16.18.1 mutter-debuginfo-3.20.3-16.18.1 mutter-debugsource-3.20.3-16.18.1 typelib-1_0-Meta-3_0-3.20.3-16.18.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): mutter-lang-3.20.3-16.18.1 References: https://bugzilla.suse.com/1176999 From sle-updates at lists.suse.com Mon Jan 25 13:20:53 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Jan 2021 21:20:53 +0100 (CET) Subject: SUSE-RU-2021:0208-1: moderate: Recommended update for rook Message-ID: <20210125202053.A6D0BFF18@maintenance.suse.de> SUSE Recommended Update: Recommended update for rook ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0208-1 Rating: moderate References: Affected Products: SUSE Enterprise Storage 7 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for rook fixes the following issues: - Update to v1.4.8 * Ceph * Update base operator image and example manifests to Ceph v15.2.7 (#6690) * Merge custom labels properly with other labels in the spec (#6720) * Uninstall cleanup ignores ceph daemon pods that are in pending state (#6719) * Orchestration is aborted and restarted if the cluster CR is updated (#6693) * Restore mon clusterIP if the service is missing in disaster recovery scenarios (#6658) * Set the RGW deployment version label (#6610) * Add privileged securityContext to CephFS provisioner (#6561) - Fix registry URL to SUSE for remaining example yaml's. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2021-208=1 Package List: - SUSE Enterprise Storage 7 (noarch): rook-ceph-helm-charts-1.4.8+git6.g5c74991a1-3.12.1 rook-k8s-yaml-1.4.8+git6.g5c74991a1-3.12.1 References: From sle-updates at lists.suse.com Mon Jan 25 13:21:42 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Jan 2021 21:21:42 +0100 (CET) Subject: SUSE-RU-2021:0211-1: important: Recommended maintenance update for libyui-qt-pkg Message-ID: <20210125202142.E7FEBFF18@maintenance.suse.de> SUSE Recommended Update: Recommended maintenance update for libyui-qt-pkg ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0211-1 Rating: important References: #1181257 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libyui-qt-pkg fixes the following issue: - Provide the missing package libyui-qt-pkg11 to the Basesystem module in SLE-15-SP2 (bsc#1181257) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-211=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-211=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64 ppc64le s390x x86_64): libyui-qt-pkg-debugsource-2.47.5-3.2.1 libyui-qt-pkg-devel-2.47.5-3.2.1 libyui-qt-pkg11-2.47.5-3.2.1 libyui-qt-pkg11-debuginfo-2.47.5-3.2.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libyui-qt-pkg-debugsource-2.47.5-3.2.1 libyui-qt-pkg-devel-2.47.5-3.2.1 libyui-qt-pkg11-2.47.5-3.2.1 libyui-qt-pkg11-debuginfo-2.47.5-3.2.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): libyui-qt-pkg-doc-2.47.5-3.2.1 References: https://bugzilla.suse.com/1181257 From sle-updates at lists.suse.com Tue Jan 26 04:15:37 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Jan 2021 12:15:37 +0100 (CET) Subject: SUSE-RU-2021:0212-1: moderate: Recommended update for fence-agents Message-ID: <20210126111537.89B58FF18@maintenance.suse.de> SUSE Recommended Update: Recommended update for fence-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0212-1 Rating: moderate References: #1175506 Affected Products: SUSE Linux Enterprise High Availability 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for fence-agents fixes the following issues: - Made it possible to disable SSL certificate verification by using --ssl-insecure (bsc#1175506) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2021-212=1 Package List: - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): fence-agents-4.0.25+git.1485179354.eb43835-4.14.1 fence-agents-debuginfo-4.0.25+git.1485179354.eb43835-4.14.1 fence-agents-debugsource-4.0.25+git.1485179354.eb43835-4.14.1 References: https://bugzilla.suse.com/1175506 From sle-updates at lists.suse.com Tue Jan 26 04:16:37 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Jan 2021 12:16:37 +0100 (CET) Subject: SUSE-RU-2021:0213-1: moderate: Recommended update for resource-agents Message-ID: <20210126111637.6C4EEFF18@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0213-1 Rating: moderate References: #1179977 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for resource-agents fixes the following issues: - A bug was fixed where the stop operation failed if /root/.profile has unexpected content (bsc#1179977) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2021-213=1 Package List: - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): ldirectord-4.3.0184.6ee15eb2-3.57.1 resource-agents-4.3.0184.6ee15eb2-3.57.1 resource-agents-debuginfo-4.3.0184.6ee15eb2-3.57.1 resource-agents-debugsource-4.3.0184.6ee15eb2-3.57.1 - SUSE Linux Enterprise High Availability 15 (noarch): monitoring-plugins-metadata-4.3.0184.6ee15eb2-3.57.1 References: https://bugzilla.suse.com/1179977 From sle-updates at lists.suse.com Tue Jan 26 04:17:36 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Jan 2021 12:17:36 +0100 (CET) Subject: SUSE-RU-2021:0214-1: moderate: Recommended update for resource-agents Message-ID: <20210126111736.89C46FF18@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0214-1 Rating: moderate References: #1179977 Affected Products: SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for resource-agents fixes the following issues: - A bug was fixed where the stop operation failed if /root/.profile has unexpected content (bsc#1179977) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2021-214=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2021-214=1 Package List: - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): ldirectord-4.3.018.a7fb5035-3.62.1 resource-agents-4.3.018.a7fb5035-3.62.1 resource-agents-debuginfo-4.3.018.a7fb5035-3.62.1 resource-agents-debugsource-4.3.018.a7fb5035-3.62.1 - SUSE Linux Enterprise High Availability 12-SP5 (noarch): monitoring-plugins-metadata-4.3.018.a7fb5035-3.62.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): ldirectord-4.3.018.a7fb5035-3.62.1 resource-agents-4.3.018.a7fb5035-3.62.1 resource-agents-debuginfo-4.3.018.a7fb5035-3.62.1 resource-agents-debugsource-4.3.018.a7fb5035-3.62.1 - SUSE Linux Enterprise High Availability 12-SP4 (noarch): monitoring-plugins-metadata-4.3.018.a7fb5035-3.62.1 References: https://bugzilla.suse.com/1179977 From sle-updates at lists.suse.com Tue Jan 26 07:16:25 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Jan 2021 15:16:25 +0100 (CET) Subject: SUSE-RU-2021:0216-1: important: Recommended update for fence-agents Message-ID: <20210126141625.04F3EFF1F@maintenance.suse.de> SUSE Recommended Update: Recommended update for fence-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0216-1 Rating: important References: #1178343 Affected Products: SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for fence-agents fixes the following issues: - Update to version 4.7.0+git.1607346448.17bd8552: * fence_mpath, fence_scsi: Improve logging for failed res/key get * fence_mpath, fence_scsi: Capture stderr in run_cmd() * build: depend on config changes to rebuild when running make after running ./configure * fence_redfish: Fix typo in help. * fence_aws: add support for IMDSv2 * spec: add pkg-config file, and set version for obsoletes to avoid failing to build on Fedora 33 * Add pkg-config file * fence_scsi: dont write key to device if it's already registered, and open file correctly to avoid using regex against end-of-file * fencing: fix run_command() to allow timeout=0 to mean forever * fencing: fix to make timeout(s)=0 be treated as forever for agents using pexpect - Fix a regression which broke fencing in GCE. [bsc#1178343] Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2021-216=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2021-216=1 Package List: - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): fence-agents-4.7.0+git.1607346448.17bd8552-3.23.1 fence-agents-debuginfo-4.7.0+git.1607346448.17bd8552-3.23.1 fence-agents-debugsource-4.7.0+git.1607346448.17bd8552-3.23.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): fence-agents-4.7.0+git.1607346448.17bd8552-3.23.1 fence-agents-debuginfo-4.7.0+git.1607346448.17bd8552-3.23.1 fence-agents-debugsource-4.7.0+git.1607346448.17bd8552-3.23.1 References: https://bugzilla.suse.com/1178343 From sle-updates at lists.suse.com Tue Jan 26 07:17:22 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Jan 2021 15:17:22 +0100 (CET) Subject: SUSE-RU-2021:0215-1: important: Recommended update for fence-agents Message-ID: <20210126141722.56D5FFF1F@maintenance.suse.de> SUSE Recommended Update: Recommended update for fence-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0215-1 Rating: important References: #1178343 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for fence-agents fixes the following issues: - Update to version 4.7.0+git.1607346448.17bd8552: * fence_mpath, fence_scsi: Improve logging for failed res/key get * fence_mpath, fence_scsi: Capture stderr in run_cmd() * build: depend on config changes to rebuild when running make after running ./configure * fence_redfish: Fix typo in help. * fence_aws: add support for IMDSv2 * spec: add pkg-config file, and set version for obsoletes to avoid failing to build on Fedora 33 * Add pkg-config file * fence_scsi: dont write key to device if it's already registered, and open file correctly to avoid using regex against end-of-file * fencing: fix run_command() to allow timeout=0 to mean forever * fencing: fix to make timeout(s)=0 be treated as forever for agents using pexpect - Fix a regression which broke fencing in GCE. [bsc#1178343] Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2021-215=1 Package List: - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): fence-agents-4.7.0+git.1607346448.17bd8552-4.22.1 fence-agents-debuginfo-4.7.0+git.1607346448.17bd8552-4.22.1 fence-agents-debugsource-4.7.0+git.1607346448.17bd8552-4.22.1 fence-agents-devel-4.7.0+git.1607346448.17bd8552-4.22.1 References: https://bugzilla.suse.com/1178343 From sle-updates at lists.suse.com Tue Jan 26 07:18:26 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Jan 2021 15:18:26 +0100 (CET) Subject: SUSE-SU-2021:0217-1: important: Security update for postgresql, postgresql12, postgresql13 Message-ID: <20210126141826.8E8E3FF1F@maintenance.suse.de> SUSE Security Update: Security update for postgresql, postgresql12, postgresql13 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0217-1 Rating: important References: #1178666 #1178667 #1178668 #1178961 #1179765 Cross-References: CVE-2020-25694 CVE-2020-25695 CVE-2020-25696 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves three vulnerabilities and has two fixes is now available. Description: This update for postgresql, postgresql12, postgresql13 fixes the following issues: Initial packaging of PostgreSQL 13: * https://www.postgresql.org/about/news/2077/ * https://www.postgresql.org/docs/13/release-13.html Changes in postgresql: - Bump postgresql major version to 13. Changes in postgresql12: - %ghost the symlinks to pg_config and ecpg. (bsc#1178961) - BuildRequire libpq5 and libecpg6 when not building them to avoid dangling symlinks in the devel package. (bsc#1179765) - Fix a DST problem in the test suite. Changes in postgresql13: - Add postgresql-icu68.patch: fix build with ICU 68 - %ghost the symlinks to pg_config and ecpg. (bsc#1178961) - BuildRequire libpq5 and libecpg6 when not building them to avoid dangling symlinks in the devel package. (bsc#1179765) Upgrade to version 13.1: * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. * CVE-2020-25694, bsc#1178667: a) Fix usage of complex connection-string parameters in pg_dump, pg_restore, clusterdb, reindexdb, and vacuumdb. b) When psql's \connect command re-uses connection parameters, ensure that all non-overridden parameters from a previous connection string are re-used. * CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from modifying specially-treated variables. * Fix recently-added timetz test case so it works when the USA is not observing daylight savings time. (obsoletes postgresql-timetz.patch) * https://www.postgresql.org/about/news/2111/ * https://www.postgresql.org/docs/13/release-13-1.html - Fix a DST problem in the test suite. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-217=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-217=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-217=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-217=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2021-217=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-217=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-217=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-217=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2021-217=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-217=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-217=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-217=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-217=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2021-217=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-217=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2021-217=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-217=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libecpg6-13.1-3.3.1 libecpg6-debuginfo-13.1-3.3.1 libpq5-13.1-3.3.1 libpq5-32bit-13.1-3.3.1 libpq5-debuginfo-13.1-3.3.1 libpq5-debuginfo-32bit-13.1-3.3.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): postgresql-13-4.7.1 postgresql-contrib-13-4.7.1 postgresql-docs-13-4.7.1 postgresql-plperl-13-4.7.1 postgresql-plpython-13-4.7.1 postgresql-pltcl-13-4.7.1 postgresql-server-13-4.7.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libecpg6-13.1-3.3.1 libecpg6-debuginfo-13.1-3.3.1 libpq5-13.1-3.3.1 libpq5-32bit-13.1-3.3.1 libpq5-debuginfo-13.1-3.3.1 libpq5-debuginfo-32bit-13.1-3.3.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): postgresql-13-4.7.1 postgresql-contrib-13-4.7.1 postgresql-docs-13-4.7.1 postgresql-plperl-13-4.7.1 postgresql-plpython-13-4.7.1 postgresql-pltcl-13-4.7.1 postgresql-server-13-4.7.1 - SUSE OpenStack Cloud 9 (x86_64): libecpg6-13.1-3.3.1 libecpg6-debuginfo-13.1-3.3.1 libpq5-13.1-3.3.1 libpq5-32bit-13.1-3.3.1 libpq5-debuginfo-13.1-3.3.1 libpq5-debuginfo-32bit-13.1-3.3.1 - SUSE OpenStack Cloud 9 (noarch): postgresql-13-4.7.1 postgresql-contrib-13-4.7.1 postgresql-docs-13-4.7.1 postgresql-plperl-13-4.7.1 postgresql-plpython-13-4.7.1 postgresql-pltcl-13-4.7.1 postgresql-server-13-4.7.1 - SUSE OpenStack Cloud 8 (noarch): postgresql-13-4.7.1 postgresql-contrib-13-4.7.1 postgresql-docs-13-4.7.1 postgresql-plperl-13-4.7.1 postgresql-plpython-13-4.7.1 postgresql-pltcl-13-4.7.1 postgresql-server-13-4.7.1 - SUSE OpenStack Cloud 8 (x86_64): libecpg6-13.1-3.3.1 libecpg6-debuginfo-13.1-3.3.1 libpq5-13.1-3.3.1 libpq5-32bit-13.1-3.3.1 libpq5-debuginfo-13.1-3.3.1 libpq5-debuginfo-32bit-13.1-3.3.1 - SUSE OpenStack Cloud 7 (s390x x86_64): libecpg6-13.1-3.3.1 libecpg6-debuginfo-13.1-3.3.1 libpq5-13.1-3.3.1 libpq5-32bit-13.1-3.3.1 libpq5-debuginfo-13.1-3.3.1 libpq5-debuginfo-32bit-13.1-3.3.1 - SUSE OpenStack Cloud 7 (noarch): postgresql-13-4.7.1 postgresql-contrib-13-4.7.1 postgresql-docs-13-4.7.1 postgresql-plperl-13-4.7.1 postgresql-plpython-13-4.7.1 postgresql-pltcl-13-4.7.1 postgresql-server-13-4.7.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): postgresql12-debugsource-12.5-3.12.3 postgresql12-devel-12.5-3.12.3 postgresql12-devel-debuginfo-12.5-3.12.3 postgresql13-debugsource-13.1-3.3.1 postgresql13-devel-13.1-3.3.1 postgresql13-devel-debuginfo-13.1-3.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (ppc64le s390x x86_64): postgresql12-server-devel-12.5-3.12.3 postgresql12-server-devel-debuginfo-12.5-3.12.3 postgresql13-server-devel-13.1-3.3.1 postgresql13-server-devel-debuginfo-13.1-3.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): postgresql-devel-13-4.7.1 postgresql-server-devel-13-4.7.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libecpg6-13.1-3.3.1 libecpg6-debuginfo-13.1-3.3.1 libpq5-13.1-3.3.1 libpq5-debuginfo-13.1-3.3.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libpq5-32bit-13.1-3.3.1 libpq5-debuginfo-32bit-13.1-3.3.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): postgresql-13-4.7.1 postgresql-contrib-13-4.7.1 postgresql-docs-13-4.7.1 postgresql-plperl-13-4.7.1 postgresql-plpython-13-4.7.1 postgresql-pltcl-13-4.7.1 postgresql-server-13-4.7.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libecpg6-13.1-3.3.1 libecpg6-debuginfo-13.1-3.3.1 libpq5-13.1-3.3.1 libpq5-debuginfo-13.1-3.3.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): postgresql-13-4.7.1 postgresql-contrib-13-4.7.1 postgresql-docs-13-4.7.1 postgresql-plperl-13-4.7.1 postgresql-plpython-13-4.7.1 postgresql-pltcl-13-4.7.1 postgresql-server-13-4.7.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libpq5-32bit-13.1-3.3.1 libpq5-debuginfo-32bit-13.1-3.3.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libecpg6-13.1-3.3.1 libecpg6-debuginfo-13.1-3.3.1 libpq5-13.1-3.3.1 libpq5-debuginfo-13.1-3.3.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): postgresql-13-4.7.1 postgresql-contrib-13-4.7.1 postgresql-docs-13-4.7.1 postgresql-plperl-13-4.7.1 postgresql-plpython-13-4.7.1 postgresql-pltcl-13-4.7.1 postgresql-server-13-4.7.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libpq5-32bit-13.1-3.3.1 libpq5-debuginfo-32bit-13.1-3.3.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libecpg6-13.1-3.3.1 libecpg6-debuginfo-13.1-3.3.1 libpq5-13.1-3.3.1 libpq5-debuginfo-13.1-3.3.1 postgresql12-12.5-3.12.3 postgresql12-contrib-12.5-3.12.3 postgresql12-contrib-debuginfo-12.5-3.12.3 postgresql12-debuginfo-12.5-3.12.3 postgresql12-debugsource-12.5-3.12.3 postgresql12-plperl-12.5-3.12.3 postgresql12-plperl-debuginfo-12.5-3.12.3 postgresql12-plpython-12.5-3.12.3 postgresql12-plpython-debuginfo-12.5-3.12.3 postgresql12-pltcl-12.5-3.12.3 postgresql12-pltcl-debuginfo-12.5-3.12.3 postgresql12-server-12.5-3.12.3 postgresql12-server-debuginfo-12.5-3.12.3 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x): postgresql13-13.1-3.3.1 postgresql13-contrib-13.1-3.3.1 postgresql13-contrib-debuginfo-13.1-3.3.1 postgresql13-debuginfo-13.1-3.3.1 postgresql13-debugsource-13.1-3.3.1 postgresql13-plperl-13.1-3.3.1 postgresql13-plperl-debuginfo-13.1-3.3.1 postgresql13-plpython-13.1-3.3.1 postgresql13-plpython-debuginfo-13.1-3.3.1 postgresql13-pltcl-13.1-3.3.1 postgresql13-pltcl-debuginfo-13.1-3.3.1 postgresql13-server-13.1-3.3.1 postgresql13-server-debuginfo-13.1-3.3.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libpq5-32bit-13.1-3.3.1 libpq5-debuginfo-32bit-13.1-3.3.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): postgresql-13-4.7.1 postgresql-contrib-13-4.7.1 postgresql-docs-13-4.7.1 postgresql-plperl-13-4.7.1 postgresql-plpython-13-4.7.1 postgresql-pltcl-13-4.7.1 postgresql-server-13-4.7.1 postgresql12-docs-12.5-3.12.3 postgresql13-docs-13.1-3.3.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libecpg6-13.1-3.3.1 libecpg6-debuginfo-13.1-3.3.1 libpq5-13.1-3.3.1 libpq5-debuginfo-13.1-3.3.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libpq5-32bit-13.1-3.3.1 libpq5-debuginfo-32bit-13.1-3.3.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): postgresql-13-4.7.1 postgresql-contrib-13-4.7.1 postgresql-docs-13-4.7.1 postgresql-plperl-13-4.7.1 postgresql-plpython-13-4.7.1 postgresql-pltcl-13-4.7.1 postgresql-server-13-4.7.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libecpg6-13.1-3.3.1 libecpg6-debuginfo-13.1-3.3.1 libpq5-13.1-3.3.1 libpq5-debuginfo-13.1-3.3.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libpq5-32bit-13.1-3.3.1 libpq5-debuginfo-32bit-13.1-3.3.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): postgresql-13-4.7.1 postgresql-contrib-13-4.7.1 postgresql-docs-13-4.7.1 postgresql-plperl-13-4.7.1 postgresql-plpython-13-4.7.1 postgresql-pltcl-13-4.7.1 postgresql-server-13-4.7.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): postgresql-13-4.7.1 postgresql-contrib-13-4.7.1 postgresql-docs-13-4.7.1 postgresql-plperl-13-4.7.1 postgresql-plpython-13-4.7.1 postgresql-pltcl-13-4.7.1 postgresql-server-13-4.7.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libecpg6-13.1-3.3.1 libecpg6-debuginfo-13.1-3.3.1 libpq5-13.1-3.3.1 libpq5-32bit-13.1-3.3.1 libpq5-debuginfo-13.1-3.3.1 libpq5-debuginfo-32bit-13.1-3.3.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libecpg6-13.1-3.3.1 libecpg6-debuginfo-13.1-3.3.1 libpq5-13.1-3.3.1 libpq5-debuginfo-13.1-3.3.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libpq5-32bit-13.1-3.3.1 libpq5-debuginfo-32bit-13.1-3.3.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): postgresql-13-4.7.1 postgresql-contrib-13-4.7.1 postgresql-docs-13-4.7.1 postgresql-plperl-13-4.7.1 postgresql-plpython-13-4.7.1 postgresql-pltcl-13-4.7.1 postgresql-server-13-4.7.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libecpg6-13.1-3.3.1 libecpg6-debuginfo-13.1-3.3.1 libpq5-13.1-3.3.1 libpq5-32bit-13.1-3.3.1 libpq5-debuginfo-13.1-3.3.1 libpq5-debuginfo-32bit-13.1-3.3.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): postgresql-13-4.7.1 postgresql-contrib-13-4.7.1 postgresql-docs-13-4.7.1 postgresql-plperl-13-4.7.1 postgresql-plpython-13-4.7.1 postgresql-pltcl-13-4.7.1 postgresql-server-13-4.7.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): libecpg6-13.1-3.3.1 libecpg6-debuginfo-13.1-3.3.1 libpq5-13.1-3.3.1 libpq5-debuginfo-13.1-3.3.1 - SUSE Enterprise Storage 5 (noarch): postgresql-13-4.7.1 postgresql-contrib-13-4.7.1 postgresql-docs-13-4.7.1 postgresql-plperl-13-4.7.1 postgresql-plpython-13-4.7.1 postgresql-pltcl-13-4.7.1 postgresql-server-13-4.7.1 - SUSE Enterprise Storage 5 (x86_64): libpq5-32bit-13.1-3.3.1 libpq5-debuginfo-32bit-13.1-3.3.1 - HPE Helion Openstack 8 (noarch): postgresql-13-4.7.1 postgresql-contrib-13-4.7.1 postgresql-docs-13-4.7.1 postgresql-plperl-13-4.7.1 postgresql-plpython-13-4.7.1 postgresql-pltcl-13-4.7.1 postgresql-server-13-4.7.1 - HPE Helion Openstack 8 (x86_64): libecpg6-13.1-3.3.1 libecpg6-debuginfo-13.1-3.3.1 libpq5-13.1-3.3.1 libpq5-32bit-13.1-3.3.1 libpq5-debuginfo-13.1-3.3.1 libpq5-debuginfo-32bit-13.1-3.3.1 References: https://www.suse.com/security/cve/CVE-2020-25694.html https://www.suse.com/security/cve/CVE-2020-25695.html https://www.suse.com/security/cve/CVE-2020-25696.html https://bugzilla.suse.com/1178666 https://bugzilla.suse.com/1178667 https://bugzilla.suse.com/1178668 https://bugzilla.suse.com/1178961 https://bugzilla.suse.com/1179765 From sle-updates at lists.suse.com Tue Jan 26 10:16:01 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Jan 2021 18:16:01 +0100 (CET) Subject: SUSE-RU-2021:0221-1: Recommended update for SUSEConnect Message-ID: <20210126171601.51CC1FF1F@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSEConnect ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0221-1 Rating: low References: Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for SUSEConnect fixes the following issue: Update to version 0.3.29 - Replace the Ruby path with the native one during build phase. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-221=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-221=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-221=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-221=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-221=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-221=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-221=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-221=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-221=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): SUSEConnect-0.3.29-7.18.2 - SUSE Manager Retail Branch Server 4.0 (x86_64): SUSEConnect-0.3.29-7.18.2 - SUSE Manager Proxy 4.0 (x86_64): SUSEConnect-0.3.29-7.18.2 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): SUSEConnect-0.3.29-7.18.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): SUSEConnect-0.3.29-7.18.2 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): SUSEConnect-0.3.29-7.18.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): SUSEConnect-0.3.29-7.18.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): SUSEConnect-0.3.29-7.18.2 - SUSE Enterprise Storage 6 (aarch64 x86_64): SUSEConnect-0.3.29-7.18.2 - SUSE CaaS Platform 4.0 (x86_64): SUSEConnect-0.3.29-7.18.2 References: From sle-updates at lists.suse.com Tue Jan 26 10:16:56 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Jan 2021 18:16:56 +0100 (CET) Subject: SUSE-SU-2021:0223-1: moderate: Security update for go1.15 Message-ID: <20210126171656.4ADB5FF1F@maintenance.suse.de> SUSE Security Update: Security update for go1.15 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0223-1 Rating: moderate References: #1175132 #1181145 #1181146 Cross-References: CVE-2021-3114 CVE-2021-3115 Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for go1.15 fixes the following issues: Go was updated to version 1.15.7 (bsc#1175132). Security issues fixed: - CVE-2021-3114: Fixed incorrect operations on the P-224 curve in crypto/elliptic (bsc#1181145). - CVE-2021-3115: Fixed a potential arbitrary code execution in the build process (bsc#1181146). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-223=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-223=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-223=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-223=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-223=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-223=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-223=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-223=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-223=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-223=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): go1.15-1.15.7-1.17.1 go1.15-doc-1.15.7-1.17.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): go1.15-1.15.7-1.17.1 go1.15-doc-1.15.7-1.17.1 - SUSE Manager Proxy 4.0 (x86_64): go1.15-1.15.7-1.17.1 go1.15-doc-1.15.7-1.17.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): go1.15-1.15.7-1.17.1 go1.15-doc-1.15.7-1.17.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): go1.15-1.15.7-1.17.1 go1.15-doc-1.15.7-1.17.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): go1.15-1.15.7-1.17.1 go1.15-doc-1.15.7-1.17.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): go1.15-1.15.7-1.17.1 go1.15-doc-1.15.7-1.17.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): go1.15-1.15.7-1.17.1 go1.15-doc-1.15.7-1.17.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): go1.15-1.15.7-1.17.1 go1.15-doc-1.15.7-1.17.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): go1.15-1.15.7-1.17.1 go1.15-doc-1.15.7-1.17.1 - SUSE CaaS Platform 4.0 (x86_64): go1.15-1.15.7-1.17.1 go1.15-doc-1.15.7-1.17.1 References: https://www.suse.com/security/cve/CVE-2021-3114.html https://www.suse.com/security/cve/CVE-2021-3115.html https://bugzilla.suse.com/1175132 https://bugzilla.suse.com/1181145 https://bugzilla.suse.com/1181146 From sle-updates at lists.suse.com Tue Jan 26 10:18:08 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Jan 2021 18:18:08 +0100 (CET) Subject: SUSE-RU-2021:0219-1: moderate: Recommended update for logrotate Message-ID: <20210126171808.0B754FF1F@maintenance.suse.de> SUSE Recommended Update: Recommended update for logrotate ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0219-1 Rating: moderate References: #1179189 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for logrotate fixes the following issues: - Fix for an issue when the service failed to start due to false alarm when using 'su' and compress. (bsc#1179189) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-219=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): logrotate-3.11.0-2.17.1 logrotate-debuginfo-3.11.0-2.17.1 logrotate-debugsource-3.11.0-2.17.1 References: https://bugzilla.suse.com/1179189 From sle-updates at lists.suse.com Tue Jan 26 10:19:07 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Jan 2021 18:19:07 +0100 (CET) Subject: SUSE-SU-2021:0224-1: moderate: Security update for nodejs8 Message-ID: <20210126171907.4122FFF1F@maintenance.suse.de> SUSE Security Update: Security update for nodejs8 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0224-1 Rating: moderate References: #1180554 Cross-References: CVE-2020-8287 Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for nodejs8 fixes the following issue: - CVE-2020-8287: Fixed an HTTP request smuggling vulnerability (bsc#1180554). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-224=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-224=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-224=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-224=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-224=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-224=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-224=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-224=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-224=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-224=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-224=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-224=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-224=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): nodejs8-8.17.0-3.42.2 nodejs8-debuginfo-8.17.0-3.42.2 nodejs8-debugsource-8.17.0-3.42.2 nodejs8-devel-8.17.0-3.42.2 npm8-8.17.0-3.42.2 - SUSE Manager Server 4.0 (noarch): nodejs8-docs-8.17.0-3.42.2 - SUSE Manager Retail Branch Server 4.0 (x86_64): nodejs8-8.17.0-3.42.2 nodejs8-debuginfo-8.17.0-3.42.2 nodejs8-debugsource-8.17.0-3.42.2 nodejs8-devel-8.17.0-3.42.2 npm8-8.17.0-3.42.2 - SUSE Manager Retail Branch Server 4.0 (noarch): nodejs8-docs-8.17.0-3.42.2 - SUSE Manager Proxy 4.0 (x86_64): nodejs8-8.17.0-3.42.2 nodejs8-debuginfo-8.17.0-3.42.2 nodejs8-debugsource-8.17.0-3.42.2 nodejs8-devel-8.17.0-3.42.2 npm8-8.17.0-3.42.2 - SUSE Manager Proxy 4.0 (noarch): nodejs8-docs-8.17.0-3.42.2 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): nodejs8-8.17.0-3.42.2 nodejs8-debuginfo-8.17.0-3.42.2 nodejs8-debugsource-8.17.0-3.42.2 nodejs8-devel-8.17.0-3.42.2 npm8-8.17.0-3.42.2 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): nodejs8-docs-8.17.0-3.42.2 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): nodejs8-8.17.0-3.42.2 nodejs8-debuginfo-8.17.0-3.42.2 nodejs8-debugsource-8.17.0-3.42.2 nodejs8-devel-8.17.0-3.42.2 npm8-8.17.0-3.42.2 - SUSE Linux Enterprise Server for SAP 15 (noarch): nodejs8-docs-8.17.0-3.42.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): nodejs8-8.17.0-3.42.2 nodejs8-debuginfo-8.17.0-3.42.2 nodejs8-debugsource-8.17.0-3.42.2 nodejs8-devel-8.17.0-3.42.2 npm8-8.17.0-3.42.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): nodejs8-docs-8.17.0-3.42.2 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): nodejs8-docs-8.17.0-3.42.2 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): nodejs8-8.17.0-3.42.2 nodejs8-debuginfo-8.17.0-3.42.2 nodejs8-debugsource-8.17.0-3.42.2 nodejs8-devel-8.17.0-3.42.2 npm8-8.17.0-3.42.2 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): nodejs8-8.17.0-3.42.2 nodejs8-debuginfo-8.17.0-3.42.2 nodejs8-debugsource-8.17.0-3.42.2 nodejs8-devel-8.17.0-3.42.2 npm8-8.17.0-3.42.2 - SUSE Linux Enterprise Server 15-LTSS (noarch): nodejs8-docs-8.17.0-3.42.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): nodejs8-8.17.0-3.42.2 nodejs8-debuginfo-8.17.0-3.42.2 nodejs8-debugsource-8.17.0-3.42.2 nodejs8-devel-8.17.0-3.42.2 npm8-8.17.0-3.42.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): nodejs8-docs-8.17.0-3.42.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): nodejs8-8.17.0-3.42.2 nodejs8-debuginfo-8.17.0-3.42.2 nodejs8-debugsource-8.17.0-3.42.2 nodejs8-devel-8.17.0-3.42.2 npm8-8.17.0-3.42.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): nodejs8-docs-8.17.0-3.42.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): nodejs8-8.17.0-3.42.2 nodejs8-debuginfo-8.17.0-3.42.2 nodejs8-debugsource-8.17.0-3.42.2 nodejs8-devel-8.17.0-3.42.2 npm8-8.17.0-3.42.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): nodejs8-docs-8.17.0-3.42.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): nodejs8-8.17.0-3.42.2 nodejs8-debuginfo-8.17.0-3.42.2 nodejs8-debugsource-8.17.0-3.42.2 nodejs8-devel-8.17.0-3.42.2 npm8-8.17.0-3.42.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): nodejs8-docs-8.17.0-3.42.2 - SUSE Enterprise Storage 6 (aarch64 x86_64): nodejs8-8.17.0-3.42.2 nodejs8-debuginfo-8.17.0-3.42.2 nodejs8-debugsource-8.17.0-3.42.2 nodejs8-devel-8.17.0-3.42.2 npm8-8.17.0-3.42.2 - SUSE Enterprise Storage 6 (noarch): nodejs8-docs-8.17.0-3.42.2 - SUSE CaaS Platform 4.0 (noarch): nodejs8-docs-8.17.0-3.42.2 - SUSE CaaS Platform 4.0 (x86_64): nodejs8-8.17.0-3.42.2 nodejs8-debuginfo-8.17.0-3.42.2 nodejs8-debugsource-8.17.0-3.42.2 nodejs8-devel-8.17.0-3.42.2 npm8-8.17.0-3.42.2 References: https://www.suse.com/security/cve/CVE-2020-8287.html https://bugzilla.suse.com/1180554 From sle-updates at lists.suse.com Tue Jan 26 10:20:11 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Jan 2021 18:20:11 +0100 (CET) Subject: SUSE-SU-2021:0222-1: moderate: Security update for go1.14 Message-ID: <20210126172011.3609AFF1F@maintenance.suse.de> SUSE Security Update: Security update for go1.14 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0222-1 Rating: moderate References: #1164903 #1181145 #1181146 Cross-References: CVE-2021-3114 CVE-2021-3115 Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for go1.14 fixes the following issues: Go was updated to version 1.14.14 (bsc#1164903). Security issues fixed: - CVE-2021-3114: Fixed incorrect operations on the P-224 curve in crypto/elliptic (bsc#1181145). - CVE-2021-3115: Fixed a potential arbitrary code execution in the build process (bsc#1181146). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-222=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-222=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-222=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-222=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-222=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-222=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-222=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-222=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-222=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-222=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-222=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): go1.14-1.14.14-1.32.1 go1.14-doc-1.14.14-1.32.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): go1.14-1.14.14-1.32.1 go1.14-doc-1.14.14-1.32.1 - SUSE Manager Proxy 4.0 (x86_64): go1.14-1.14.14-1.32.1 go1.14-doc-1.14.14-1.32.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): go1.14-1.14.14-1.32.1 go1.14-doc-1.14.14-1.32.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): go1.14-1.14.14-1.32.1 go1.14-doc-1.14.14-1.32.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): go1.14-1.14.14-1.32.1 go1.14-doc-1.14.14-1.32.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): go1.14-1.14.14-1.32.1 go1.14-doc-1.14.14-1.32.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): go1.14-1.14.14-1.32.1 go1.14-doc-1.14.14-1.32.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): go1.14-1.14.14-1.32.1 go1.14-doc-1.14.14-1.32.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): go1.14-1.14.14-1.32.1 go1.14-doc-1.14.14-1.32.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): go1.14-1.14.14-1.32.1 go1.14-doc-1.14.14-1.32.1 - SUSE CaaS Platform 4.0 (x86_64): go1.14-1.14.14-1.32.1 go1.14-doc-1.14.14-1.32.1 References: https://www.suse.com/security/cve/CVE-2021-3114.html https://www.suse.com/security/cve/CVE-2021-3115.html https://bugzilla.suse.com/1164903 https://bugzilla.suse.com/1181145 https://bugzilla.suse.com/1181146 From sle-updates at lists.suse.com Tue Jan 26 10:23:09 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Jan 2021 18:23:09 +0100 (CET) Subject: SUSE-RU-2021:0218-1: moderate: Recommended update for yast2 Message-ID: <20210126172309.73EFDFF1F@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0218-1 Rating: moderate References: #1179773 #1180858 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Installer 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for yast2 fixes the following issues: - Keep the libzypp target open to verify other packages and avoid to brake the installation. (bsc#1180858, bsc#1179773) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-218=1 - SUSE Linux Enterprise Installer 15-SP2: zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2021-218=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): yast2-4.2.90-3.17.1 yast2-logs-4.2.90-3.17.1 - SUSE Linux Enterprise Installer 15-SP2 (aarch64 ppc64le s390x x86_64): yast2-4.2.90-3.17.1 References: https://bugzilla.suse.com/1179773 https://bugzilla.suse.com/1180858 From sle-updates at lists.suse.com Tue Jan 26 10:24:16 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Jan 2021 18:24:16 +0100 (CET) Subject: SUSE-RU-2021:0220-1: moderate: Recommended update for keyutils Message-ID: <20210126172416.3300FFFB1@maintenance.suse.de> SUSE Recommended Update: Recommended update for keyutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0220-1 Rating: moderate References: #1180603 Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-220=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-220=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-220=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-220=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-220=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-220=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-220=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-220=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-220=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-220=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-220=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-220=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-220=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-220=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): keyutils-1.5.10-5.3.1 keyutils-debuginfo-1.5.10-5.3.1 keyutils-debugsource-1.5.10-5.3.1 keyutils-devel-1.5.10-5.3.1 libkeyutils1-1.5.10-5.3.1 libkeyutils1-debuginfo-1.5.10-5.3.1 - SUSE Manager Server 4.0 (x86_64): libkeyutils1-32bit-1.5.10-5.3.1 libkeyutils1-32bit-debuginfo-1.5.10-5.3.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): keyutils-1.5.10-5.3.1 keyutils-debuginfo-1.5.10-5.3.1 keyutils-debugsource-1.5.10-5.3.1 keyutils-devel-1.5.10-5.3.1 libkeyutils1-1.5.10-5.3.1 libkeyutils1-32bit-1.5.10-5.3.1 libkeyutils1-32bit-debuginfo-1.5.10-5.3.1 libkeyutils1-debuginfo-1.5.10-5.3.1 - SUSE Manager Proxy 4.0 (x86_64): keyutils-1.5.10-5.3.1 keyutils-debuginfo-1.5.10-5.3.1 keyutils-debugsource-1.5.10-5.3.1 keyutils-devel-1.5.10-5.3.1 libkeyutils1-1.5.10-5.3.1 libkeyutils1-32bit-1.5.10-5.3.1 libkeyutils1-32bit-debuginfo-1.5.10-5.3.1 libkeyutils1-debuginfo-1.5.10-5.3.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): keyutils-1.5.10-5.3.1 keyutils-debuginfo-1.5.10-5.3.1 keyutils-debugsource-1.5.10-5.3.1 keyutils-devel-1.5.10-5.3.1 libkeyutils1-1.5.10-5.3.1 libkeyutils1-debuginfo-1.5.10-5.3.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libkeyutils1-32bit-1.5.10-5.3.1 libkeyutils1-32bit-debuginfo-1.5.10-5.3.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): keyutils-1.5.10-5.3.1 keyutils-debuginfo-1.5.10-5.3.1 keyutils-debugsource-1.5.10-5.3.1 keyutils-devel-1.5.10-5.3.1 libkeyutils1-1.5.10-5.3.1 libkeyutils1-debuginfo-1.5.10-5.3.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libkeyutils1-32bit-1.5.10-5.3.1 libkeyutils1-32bit-debuginfo-1.5.10-5.3.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): keyutils-1.5.10-5.3.1 keyutils-debuginfo-1.5.10-5.3.1 keyutils-debugsource-1.5.10-5.3.1 keyutils-devel-1.5.10-5.3.1 libkeyutils1-1.5.10-5.3.1 libkeyutils1-debuginfo-1.5.10-5.3.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libkeyutils1-32bit-1.5.10-5.3.1 libkeyutils1-32bit-debuginfo-1.5.10-5.3.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): keyutils-1.5.10-5.3.1 keyutils-debuginfo-1.5.10-5.3.1 keyutils-debugsource-1.5.10-5.3.1 keyutils-devel-1.5.10-5.3.1 libkeyutils1-1.5.10-5.3.1 libkeyutils1-32bit-1.5.10-5.3.1 libkeyutils1-32bit-debuginfo-1.5.10-5.3.1 libkeyutils1-debuginfo-1.5.10-5.3.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): keyutils-1.5.10-5.3.1 keyutils-debuginfo-1.5.10-5.3.1 keyutils-debugsource-1.5.10-5.3.1 keyutils-devel-1.5.10-5.3.1 libkeyutils1-1.5.10-5.3.1 libkeyutils1-debuginfo-1.5.10-5.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): keyutils-1.5.10-5.3.1 keyutils-debuginfo-1.5.10-5.3.1 keyutils-debugsource-1.5.10-5.3.1 keyutils-devel-1.5.10-5.3.1 libkeyutils1-1.5.10-5.3.1 libkeyutils1-debuginfo-1.5.10-5.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libkeyutils1-32bit-1.5.10-5.3.1 libkeyutils1-32bit-debuginfo-1.5.10-5.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): keyutils-1.5.10-5.3.1 keyutils-debuginfo-1.5.10-5.3.1 keyutils-debugsource-1.5.10-5.3.1 keyutils-devel-1.5.10-5.3.1 libkeyutils1-1.5.10-5.3.1 libkeyutils1-debuginfo-1.5.10-5.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libkeyutils1-32bit-1.5.10-5.3.1 libkeyutils1-32bit-debuginfo-1.5.10-5.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): keyutils-1.5.10-5.3.1 keyutils-debuginfo-1.5.10-5.3.1 keyutils-debugsource-1.5.10-5.3.1 keyutils-devel-1.5.10-5.3.1 libkeyutils1-1.5.10-5.3.1 libkeyutils1-debuginfo-1.5.10-5.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libkeyutils1-32bit-1.5.10-5.3.1 libkeyutils1-32bit-debuginfo-1.5.10-5.3.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): keyutils-1.5.10-5.3.1 keyutils-debuginfo-1.5.10-5.3.1 keyutils-debugsource-1.5.10-5.3.1 keyutils-devel-1.5.10-5.3.1 libkeyutils1-1.5.10-5.3.1 libkeyutils1-debuginfo-1.5.10-5.3.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libkeyutils1-32bit-1.5.10-5.3.1 libkeyutils1-32bit-debuginfo-1.5.10-5.3.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): keyutils-1.5.10-5.3.1 keyutils-debuginfo-1.5.10-5.3.1 keyutils-debugsource-1.5.10-5.3.1 keyutils-devel-1.5.10-5.3.1 libkeyutils1-1.5.10-5.3.1 libkeyutils1-debuginfo-1.5.10-5.3.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libkeyutils1-32bit-1.5.10-5.3.1 libkeyutils1-32bit-debuginfo-1.5.10-5.3.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): keyutils-1.5.10-5.3.1 keyutils-debuginfo-1.5.10-5.3.1 keyutils-debugsource-1.5.10-5.3.1 keyutils-devel-1.5.10-5.3.1 libkeyutils1-1.5.10-5.3.1 libkeyutils1-debuginfo-1.5.10-5.3.1 - SUSE Enterprise Storage 6 (x86_64): libkeyutils1-32bit-1.5.10-5.3.1 libkeyutils1-32bit-debuginfo-1.5.10-5.3.1 - SUSE CaaS Platform 4.0 (x86_64): keyutils-1.5.10-5.3.1 keyutils-debuginfo-1.5.10-5.3.1 keyutils-debugsource-1.5.10-5.3.1 keyutils-devel-1.5.10-5.3.1 libkeyutils1-1.5.10-5.3.1 libkeyutils1-32bit-1.5.10-5.3.1 libkeyutils1-32bit-debuginfo-1.5.10-5.3.1 libkeyutils1-debuginfo-1.5.10-5.3.1 References: https://bugzilla.suse.com/1180603 From sle-updates at lists.suse.com Tue Jan 26 16:16:06 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Jan 2021 00:16:06 +0100 (CET) Subject: SUSE-SU-2021:0226-1: important: Security update for sudo Message-ID: <20210126231606.3A174FF1F@maintenance.suse.de> SUSE Security Update: Security update for sudo ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0226-1 Rating: important References: #1180684 #1180685 #1180687 #1181090 Cross-References: CVE-2021-23239 CVE-2021-23240 CVE-2021-3156 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for sudo fixes the following issues: - A Heap-based buffer overflow in sudo could be exploited to allow a user to gain root privileges [bsc#1181090,CVE-2021-3156] - It was possible for a user to test for the existence of a directory due to a Race Condition in `sudoedit` [bsc#1180684,CVE-2021-23239] - A Possible Symlink Attack vector existed in `sudoedit` if SELinux was running in permissive mode [bsc#1180685, CVE-2021-23240] - It was possible for a User to enable Debug Settings not Intended for them [bsc#1180687] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-226=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-226=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-226=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-226=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-226=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-226=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-226=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-226=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-226=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2021-226=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-226=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): sudo-1.8.20p2-3.20.1 sudo-debuginfo-1.8.20p2-3.20.1 sudo-debugsource-1.8.20p2-3.20.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): sudo-1.8.20p2-3.20.1 sudo-debuginfo-1.8.20p2-3.20.1 sudo-debugsource-1.8.20p2-3.20.1 - SUSE OpenStack Cloud 9 (x86_64): sudo-1.8.20p2-3.20.1 sudo-debuginfo-1.8.20p2-3.20.1 sudo-debugsource-1.8.20p2-3.20.1 - SUSE OpenStack Cloud 8 (x86_64): sudo-1.8.20p2-3.20.1 sudo-debuginfo-1.8.20p2-3.20.1 sudo-debugsource-1.8.20p2-3.20.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): sudo-1.8.20p2-3.20.1 sudo-debuginfo-1.8.20p2-3.20.1 sudo-debugsource-1.8.20p2-3.20.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): sudo-1.8.20p2-3.20.1 sudo-debuginfo-1.8.20p2-3.20.1 sudo-debugsource-1.8.20p2-3.20.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): sudo-1.8.20p2-3.20.1 sudo-debuginfo-1.8.20p2-3.20.1 sudo-debugsource-1.8.20p2-3.20.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): sudo-1.8.20p2-3.20.1 sudo-debuginfo-1.8.20p2-3.20.1 sudo-debugsource-1.8.20p2-3.20.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): sudo-1.8.20p2-3.20.1 sudo-debuginfo-1.8.20p2-3.20.1 sudo-debugsource-1.8.20p2-3.20.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): sudo-1.8.20p2-3.20.1 sudo-debuginfo-1.8.20p2-3.20.1 sudo-debugsource-1.8.20p2-3.20.1 - HPE Helion Openstack 8 (x86_64): sudo-1.8.20p2-3.20.1 sudo-debuginfo-1.8.20p2-3.20.1 sudo-debugsource-1.8.20p2-3.20.1 References: https://www.suse.com/security/cve/CVE-2021-23239.html https://www.suse.com/security/cve/CVE-2021-23240.html https://www.suse.com/security/cve/CVE-2021-3156.html https://bugzilla.suse.com/1180684 https://bugzilla.suse.com/1180685 https://bugzilla.suse.com/1180687 https://bugzilla.suse.com/1181090 From sle-updates at lists.suse.com Tue Jan 26 16:17:33 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Jan 2021 00:17:33 +0100 (CET) Subject: SUSE-SU-2021:0227-1: important: Security update for sudo Message-ID: <20210126231734.002F6FF1F@maintenance.suse.de> SUSE Security Update: Security update for sudo ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0227-1 Rating: important References: #1180684 #1180685 #1180687 #1181090 Cross-References: CVE-2021-23239 CVE-2021-23240 CVE-2021-3156 Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for sudo fixes the following issues: - A Heap-based buffer overflow in sudo could be exploited to allow a user to gain root privileges [bsc#1181090,CVE-2021-3156] - It was possible for a user to test for the existence of a directory due to a Race Condition in `sudoedit` [bsc#1180684,CVE-2021-23239] - A Possible Symlink Attack vector existed in `sudoedit` if SELinux was running in permissive mode [bsc#1180685, CVE-2021-23240] - It was possible for a User to enable Debug Settings not Intended for them [bsc#1180687] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-227=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-227=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-227=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-227=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-227=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-227=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-227=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-227=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-227=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-227=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2021-227=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-227=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-227=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-227=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-227=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-227=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): sudo-1.8.22-4.15.1 sudo-debuginfo-1.8.22-4.15.1 sudo-debugsource-1.8.22-4.15.1 sudo-devel-1.8.22-4.15.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): sudo-1.8.22-4.15.1 sudo-debuginfo-1.8.22-4.15.1 sudo-debugsource-1.8.22-4.15.1 sudo-devel-1.8.22-4.15.1 - SUSE Manager Proxy 4.0 (x86_64): sudo-1.8.22-4.15.1 sudo-debuginfo-1.8.22-4.15.1 sudo-debugsource-1.8.22-4.15.1 sudo-devel-1.8.22-4.15.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): sudo-1.8.22-4.15.1 sudo-debuginfo-1.8.22-4.15.1 sudo-debugsource-1.8.22-4.15.1 sudo-devel-1.8.22-4.15.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): sudo-1.8.22-4.15.1 sudo-debuginfo-1.8.22-4.15.1 sudo-debugsource-1.8.22-4.15.1 sudo-devel-1.8.22-4.15.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): sudo-1.8.22-4.15.1 sudo-debuginfo-1.8.22-4.15.1 sudo-debugsource-1.8.22-4.15.1 sudo-devel-1.8.22-4.15.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): sudo-1.8.22-4.15.1 sudo-debuginfo-1.8.22-4.15.1 sudo-debugsource-1.8.22-4.15.1 sudo-devel-1.8.22-4.15.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): sudo-1.8.22-4.15.1 sudo-debuginfo-1.8.22-4.15.1 sudo-debugsource-1.8.22-4.15.1 sudo-devel-1.8.22-4.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): sudo-1.8.22-4.15.1 sudo-debuginfo-1.8.22-4.15.1 sudo-debugsource-1.8.22-4.15.1 sudo-devel-1.8.22-4.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): sudo-1.8.22-4.15.1 sudo-debuginfo-1.8.22-4.15.1 sudo-debugsource-1.8.22-4.15.1 sudo-devel-1.8.22-4.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): sudo-1.8.22-4.15.1 sudo-debuginfo-1.8.22-4.15.1 sudo-debugsource-1.8.22-4.15.1 sudo-devel-1.8.22-4.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): sudo-1.8.22-4.15.1 sudo-debuginfo-1.8.22-4.15.1 sudo-debugsource-1.8.22-4.15.1 sudo-devel-1.8.22-4.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): sudo-1.8.22-4.15.1 sudo-debuginfo-1.8.22-4.15.1 sudo-debugsource-1.8.22-4.15.1 sudo-devel-1.8.22-4.15.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): sudo-1.8.22-4.15.1 sudo-debuginfo-1.8.22-4.15.1 sudo-debugsource-1.8.22-4.15.1 sudo-devel-1.8.22-4.15.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): sudo-1.8.22-4.15.1 sudo-debuginfo-1.8.22-4.15.1 sudo-debugsource-1.8.22-4.15.1 sudo-devel-1.8.22-4.15.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): sudo-1.8.22-4.15.1 sudo-debuginfo-1.8.22-4.15.1 sudo-debugsource-1.8.22-4.15.1 sudo-devel-1.8.22-4.15.1 - SUSE CaaS Platform 4.0 (x86_64): sudo-1.8.22-4.15.1 sudo-debuginfo-1.8.22-4.15.1 sudo-debugsource-1.8.22-4.15.1 sudo-devel-1.8.22-4.15.1 References: https://www.suse.com/security/cve/CVE-2021-23239.html https://www.suse.com/security/cve/CVE-2021-23240.html https://www.suse.com/security/cve/CVE-2021-3156.html https://bugzilla.suse.com/1180684 https://bugzilla.suse.com/1180685 https://bugzilla.suse.com/1180687 https://bugzilla.suse.com/1181090 From sle-updates at lists.suse.com Tue Jan 26 16:18:58 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Jan 2021 00:18:58 +0100 (CET) Subject: SUSE-SU-2021:0225-1: important: Security update for sudo Message-ID: <20210126231858.62637FF1F@maintenance.suse.de> SUSE Security Update: Security update for sudo ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0225-1 Rating: important References: #1180684 #1180685 #1180687 #1181090 Cross-References: CVE-2021-23239 CVE-2021-23240 CVE-2021-3156 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for sudo fixes the following issues: - A Heap-based buffer overflow in sudo could be exploited to allow a user to gain root privileges [bsc#1181090,CVE-2021-3156] - It was possible for a user to test for the existence of a directory due to a Race Condition in `sudoedit` [bsc#1180684,CVE-2021-23239] - A Possible Symlink Attack vector existed in `sudoedit` if SELinux was running in permissive mode [bsc#1180685, CVE-2021-23240] - It was possible for a User to enable Debug Settings not Intended for them [bsc#1180687] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-225=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-225=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): sudo-debuginfo-1.8.27-4.6.1 sudo-debugsource-1.8.27-4.6.1 sudo-devel-1.8.27-4.6.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): sudo-1.8.27-4.6.1 sudo-debuginfo-1.8.27-4.6.1 sudo-debugsource-1.8.27-4.6.1 References: https://www.suse.com/security/cve/CVE-2021-23239.html https://www.suse.com/security/cve/CVE-2021-23240.html https://www.suse.com/security/cve/CVE-2021-3156.html https://bugzilla.suse.com/1180684 https://bugzilla.suse.com/1180685 https://bugzilla.suse.com/1180687 https://bugzilla.suse.com/1181090 From sle-updates at lists.suse.com Tue Jan 26 19:14:51 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Jan 2021 03:14:51 +0100 (CET) Subject: SUSE-RU-2021:0228-1: moderate: Recommended update for python-kiwi Message-ID: <20210127021451.87410FF1F@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-kiwi ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0228-1 Rating: moderate References: #1179562 #1180781 Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for python-kiwi fixes the following issues: - Azure generated images are not bootable. (bsc#1180781) - Fixed validation of bool value in dracut module. - The `oem-multipath-scan` setup results in a bool variable inside of the initrd code. The variable `kiwi_oemmultipath_scan` is therefore either set to `true` or `false`. This update fixes the validation to make use of the `bool()` method provided for these type of variables. - Azure `LI/VLI` Production image boot process drops to dracut rescue shell during boot randomly (bsc#1179562) - Omit multipath module by default - The plain installation of the multipath toolkit activates the dracut multipath code. The setup if the target image runs in a multipath environment or not should however be decided explicitly in the image description via `` and not implicitly by the presence of tools - Fixed multipath disk device assignment in kiwi lib - The former lookup of the multipath mapped disk device contained a race condition. If the lookup of the device mapper files happened before multipathd has finished the initialization, kiwi continues with the unix node name and fails when the device mapper keeps a busy state on it. Now, in case of an explicit request to use multipath the lookup of the mapped device becomes a mandatory process that runs until the `DEVICE_TIMEOUT` is reached. Default timeout is set to 60 sec. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-228=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-228=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-228=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-228=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-228=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-228=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-228=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-228=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-228=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-228=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): dracut-kiwi-lib-9.21.23-3.30.2 dracut-kiwi-live-9.21.23-3.30.2 dracut-kiwi-oem-dump-9.21.23-3.30.2 dracut-kiwi-oem-repart-9.21.23-3.30.2 dracut-kiwi-overlay-9.21.23-3.30.2 kiwi-man-pages-9.21.23-3.30.2 kiwi-tools-9.21.23-3.30.2 kiwi-tools-debuginfo-9.21.23-3.30.2 pv-1.6.6-3.2.1 pv-debuginfo-1.6.6-3.2.1 pv-debugsource-1.6.6-3.2.1 python-kiwi-debugsource-9.21.23-3.30.2 python3-kiwi-9.21.23-3.30.2 - SUSE Manager Server 4.0 (x86_64): kiwi-pxeboot-9.21.23-3.30.2 - SUSE Manager Retail Branch Server 4.0 (x86_64): dracut-kiwi-lib-9.21.23-3.30.2 dracut-kiwi-live-9.21.23-3.30.2 dracut-kiwi-oem-dump-9.21.23-3.30.2 dracut-kiwi-oem-repart-9.21.23-3.30.2 dracut-kiwi-overlay-9.21.23-3.30.2 kiwi-man-pages-9.21.23-3.30.2 kiwi-pxeboot-9.21.23-3.30.2 kiwi-tools-9.21.23-3.30.2 kiwi-tools-debuginfo-9.21.23-3.30.2 pv-1.6.6-3.2.1 pv-debuginfo-1.6.6-3.2.1 pv-debugsource-1.6.6-3.2.1 python-kiwi-debugsource-9.21.23-3.30.2 python3-kiwi-9.21.23-3.30.2 - SUSE Manager Proxy 4.0 (x86_64): dracut-kiwi-lib-9.21.23-3.30.2 dracut-kiwi-live-9.21.23-3.30.2 dracut-kiwi-oem-dump-9.21.23-3.30.2 dracut-kiwi-oem-repart-9.21.23-3.30.2 dracut-kiwi-overlay-9.21.23-3.30.2 kiwi-man-pages-9.21.23-3.30.2 kiwi-pxeboot-9.21.23-3.30.2 kiwi-tools-9.21.23-3.30.2 kiwi-tools-debuginfo-9.21.23-3.30.2 pv-1.6.6-3.2.1 pv-debuginfo-1.6.6-3.2.1 pv-debugsource-1.6.6-3.2.1 python-kiwi-debugsource-9.21.23-3.30.2 python3-kiwi-9.21.23-3.30.2 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): dracut-kiwi-lib-9.21.23-3.30.2 dracut-kiwi-live-9.21.23-3.30.2 dracut-kiwi-oem-dump-9.21.23-3.30.2 dracut-kiwi-oem-repart-9.21.23-3.30.2 dracut-kiwi-overlay-9.21.23-3.30.2 kiwi-man-pages-9.21.23-3.30.2 kiwi-tools-9.21.23-3.30.2 kiwi-tools-debuginfo-9.21.23-3.30.2 pv-1.6.6-3.2.1 pv-debuginfo-1.6.6-3.2.1 pv-debugsource-1.6.6-3.2.1 python-kiwi-debugsource-9.21.23-3.30.2 python3-kiwi-9.21.23-3.30.2 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): kiwi-pxeboot-9.21.23-3.30.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): dracut-kiwi-lib-9.21.23-3.30.2 dracut-kiwi-live-9.21.23-3.30.2 dracut-kiwi-oem-dump-9.21.23-3.30.2 dracut-kiwi-oem-repart-9.21.23-3.30.2 dracut-kiwi-overlay-9.21.23-3.30.2 kiwi-man-pages-9.21.23-3.30.2 kiwi-tools-9.21.23-3.30.2 kiwi-tools-debuginfo-9.21.23-3.30.2 pv-1.6.6-3.2.1 pv-debuginfo-1.6.6-3.2.1 pv-debugsource-1.6.6-3.2.1 python-kiwi-debugsource-9.21.23-3.30.2 python3-kiwi-9.21.23-3.30.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): kiwi-pxeboot-9.21.23-3.30.2 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): dracut-kiwi-lib-9.21.23-3.30.2 dracut-kiwi-live-9.21.23-3.30.2 dracut-kiwi-oem-dump-9.21.23-3.30.2 dracut-kiwi-oem-repart-9.21.23-3.30.2 dracut-kiwi-overlay-9.21.23-3.30.2 kiwi-man-pages-9.21.23-3.30.2 kiwi-pxeboot-9.21.23-3.30.2 kiwi-tools-9.21.23-3.30.2 kiwi-tools-debuginfo-9.21.23-3.30.2 pv-1.6.6-3.2.1 pv-debuginfo-1.6.6-3.2.1 pv-debugsource-1.6.6-3.2.1 python-kiwi-debugsource-9.21.23-3.30.2 python3-kiwi-9.21.23-3.30.2 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): dracut-kiwi-lib-9.21.23-3.30.2 dracut-kiwi-live-9.21.23-3.30.2 dracut-kiwi-oem-dump-9.21.23-3.30.2 dracut-kiwi-oem-repart-9.21.23-3.30.2 dracut-kiwi-overlay-9.21.23-3.30.2 kiwi-man-pages-9.21.23-3.30.2 kiwi-tools-9.21.23-3.30.2 kiwi-tools-debuginfo-9.21.23-3.30.2 pv-1.6.6-3.2.1 pv-debuginfo-1.6.6-3.2.1 pv-debugsource-1.6.6-3.2.1 python-kiwi-debugsource-9.21.23-3.30.2 python3-kiwi-9.21.23-3.30.2 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (x86_64): kiwi-pxeboot-9.21.23-3.30.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): dracut-kiwi-lib-9.21.23-3.30.2 dracut-kiwi-live-9.21.23-3.30.2 dracut-kiwi-oem-dump-9.21.23-3.30.2 dracut-kiwi-oem-repart-9.21.23-3.30.2 dracut-kiwi-overlay-9.21.23-3.30.2 kiwi-man-pages-9.21.23-3.30.2 kiwi-tools-9.21.23-3.30.2 kiwi-tools-debuginfo-9.21.23-3.30.2 pv-1.6.6-3.2.1 pv-debuginfo-1.6.6-3.2.1 pv-debugsource-1.6.6-3.2.1 python-kiwi-debugsource-9.21.23-3.30.2 python3-kiwi-9.21.23-3.30.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): kiwi-pxeboot-9.21.23-3.30.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): dracut-kiwi-lib-9.21.23-3.30.2 dracut-kiwi-live-9.21.23-3.30.2 dracut-kiwi-oem-dump-9.21.23-3.30.2 dracut-kiwi-oem-repart-9.21.23-3.30.2 dracut-kiwi-overlay-9.21.23-3.30.2 kiwi-man-pages-9.21.23-3.30.2 kiwi-tools-9.21.23-3.30.2 kiwi-tools-debuginfo-9.21.23-3.30.2 pv-1.6.6-3.2.1 pv-debuginfo-1.6.6-3.2.1 pv-debugsource-1.6.6-3.2.1 python-kiwi-debugsource-9.21.23-3.30.2 python3-kiwi-9.21.23-3.30.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): kiwi-pxeboot-9.21.23-3.30.2 - SUSE Enterprise Storage 6 (aarch64 x86_64): dracut-kiwi-lib-9.21.23-3.30.2 dracut-kiwi-live-9.21.23-3.30.2 dracut-kiwi-oem-dump-9.21.23-3.30.2 dracut-kiwi-oem-repart-9.21.23-3.30.2 dracut-kiwi-overlay-9.21.23-3.30.2 kiwi-man-pages-9.21.23-3.30.2 kiwi-tools-9.21.23-3.30.2 kiwi-tools-debuginfo-9.21.23-3.30.2 pv-1.6.6-3.2.1 pv-debuginfo-1.6.6-3.2.1 pv-debugsource-1.6.6-3.2.1 python-kiwi-debugsource-9.21.23-3.30.2 python3-kiwi-9.21.23-3.30.2 - SUSE Enterprise Storage 6 (x86_64): kiwi-pxeboot-9.21.23-3.30.2 - SUSE CaaS Platform 4.0 (x86_64): dracut-kiwi-lib-9.21.23-3.30.2 dracut-kiwi-live-9.21.23-3.30.2 dracut-kiwi-oem-dump-9.21.23-3.30.2 dracut-kiwi-oem-repart-9.21.23-3.30.2 dracut-kiwi-overlay-9.21.23-3.30.2 kiwi-man-pages-9.21.23-3.30.2 kiwi-pxeboot-9.21.23-3.30.2 kiwi-tools-9.21.23-3.30.2 kiwi-tools-debuginfo-9.21.23-3.30.2 pv-1.6.6-3.2.1 pv-debuginfo-1.6.6-3.2.1 pv-debugsource-1.6.6-3.2.1 python-kiwi-debugsource-9.21.23-3.30.2 python3-kiwi-9.21.23-3.30.2 References: https://bugzilla.suse.com/1179562 https://bugzilla.suse.com/1180781 From sle-updates at lists.suse.com Wed Jan 27 00:07:16 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Jan 2021 08:07:16 +0100 (CET) Subject: SUSE-CU-2021:32-1: Recommended update of suse/sle15 Message-ID: <20210127070716.386EAFF1F@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:32-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.331 Container Release : 4.22.331 Severity : moderate Type : recommended References : 1180603 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) From sle-updates at lists.suse.com Wed Jan 27 00:20:06 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Jan 2021 08:20:06 +0100 (CET) Subject: SUSE-CU-2021:33-1: Recommended update of suse/sle15 Message-ID: <20210127072006.9D841FF1F@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:33-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.384 Container Release : 6.2.384 Severity : moderate Type : recommended References : 1180603 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) From sle-updates at lists.suse.com Wed Jan 27 00:26:23 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Jan 2021 08:26:23 +0100 (CET) Subject: SUSE-CU-2021:34-1: Recommended update of suse/sle15 Message-ID: <20210127072623.D3B88FF1F@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:34-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.8.2.832 Container Release : 8.2.832 Severity : moderate Type : recommended References : 1180603 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) From sle-updates at lists.suse.com Wed Jan 27 07:15:22 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Jan 2021 15:15:22 +0100 (CET) Subject: SUSE-RU-2021:0229-1: important: Recommended update for fence-agents Message-ID: <20210127141522.3509EFF1F@maintenance.suse.de> SUSE Recommended Update: Recommended update for fence-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0229-1 Rating: important References: #1178343 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 SUSE Linux Enterprise Module for SUSE Manager Server 4.0 SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for fence-agents fixes the following issues: - Fixes a regression which broke fencing in GCE. [bsc#1178343] Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2021-229=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.0-2021-229=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-229=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2021-229=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (ppc64le s390x x86_64): fence-agents-4.7.0+git.1607346448.17bd8552-7.21.1 fence-agents-debuginfo-4.7.0+git.1607346448.17bd8552-7.21.1 fence-agents-debugsource-4.7.0+git.1607346448.17bd8552-7.21.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (ppc64le s390x x86_64): fence-agents-4.7.0+git.1607346448.17bd8552-7.21.1 fence-agents-debuginfo-4.7.0+git.1607346448.17bd8552-7.21.1 fence-agents-debugsource-4.7.0+git.1607346448.17bd8552-7.21.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): fence-agents-4.7.0+git.1607346448.17bd8552-7.21.1 fence-agents-debuginfo-4.7.0+git.1607346448.17bd8552-7.21.1 fence-agents-debugsource-4.7.0+git.1607346448.17bd8552-7.21.1 fence-agents-devel-4.7.0+git.1607346448.17bd8552-7.21.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): fence-agents-4.7.0+git.1607346448.17bd8552-7.21.1 fence-agents-debuginfo-4.7.0+git.1607346448.17bd8552-7.21.1 fence-agents-debugsource-4.7.0+git.1607346448.17bd8552-7.21.1 fence-agents-devel-4.7.0+git.1607346448.17bd8552-7.21.1 References: https://bugzilla.suse.com/1178343 From sle-updates at lists.suse.com Wed Jan 27 07:16:21 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Jan 2021 15:16:21 +0100 (CET) Subject: SUSE-RU-2021:0233-1: moderate: Recommended update for systemd Message-ID: <20210127141621.1566FFF1F@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0233-1 Rating: moderate References: #1141597 #1174436 #1175458 #1177490 #1179363 #1179824 #1180225 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Installer 15-SP1 ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update for systemd fixes the following issues: - Added a timestamp to the output of the busctl monitor command (bsc#1180225) - Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824) - Improved the caching of cgroups member mask (bsc#1175458) - Fixed the dependency definition of sound.target (bsc#1179363) - Fixed a bug that could lead to a potential error, when daemon-reload is called between StartTransientUnit and scope_start() (bsc#1174436) - time-util: treat /etc/localtime missing as UTC (bsc#1141597) - Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-233=1 - SUSE Linux Enterprise Installer 15-SP1: zypper in -t patch SUSE-SLE-INSTALLER-15-SP1-2021-233=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libsystemd0-234-24.67.1 libsystemd0-debuginfo-234-24.67.1 libudev-devel-234-24.67.1 libudev1-234-24.67.1 libudev1-debuginfo-234-24.67.1 systemd-234-24.67.1 systemd-container-234-24.67.1 systemd-container-debuginfo-234-24.67.1 systemd-coredump-234-24.67.1 systemd-coredump-debuginfo-234-24.67.1 systemd-debuginfo-234-24.67.1 systemd-debugsource-234-24.67.1 systemd-devel-234-24.67.1 systemd-sysvinit-234-24.67.1 udev-234-24.67.1 udev-debuginfo-234-24.67.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): systemd-bash-completion-234-24.67.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libsystemd0-32bit-234-24.67.1 libsystemd0-32bit-debuginfo-234-24.67.1 libudev1-32bit-234-24.67.1 libudev1-32bit-debuginfo-234-24.67.1 systemd-32bit-234-24.67.1 systemd-32bit-debuginfo-234-24.67.1 - SUSE Linux Enterprise Installer 15-SP1 (aarch64 ppc64le s390x x86_64): libudev1-234-24.67.1 systemd-234-24.67.1 systemd-sysvinit-234-24.67.1 udev-234-24.67.1 References: https://bugzilla.suse.com/1141597 https://bugzilla.suse.com/1174436 https://bugzilla.suse.com/1175458 https://bugzilla.suse.com/1177490 https://bugzilla.suse.com/1179363 https://bugzilla.suse.com/1179824 https://bugzilla.suse.com/1180225 From sle-updates at lists.suse.com Wed Jan 27 07:18:00 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Jan 2021 15:18:00 +0100 (CET) Subject: SUSE-RU-2021:0230-1: moderate: Recommended update for python-Pygments Message-ID: <20210127141800.06DBBFF1F@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-Pygments ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0230-1 Rating: moderate References: #1180252 Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-Pygments fixes the following issues: - Fixed an issue when the package executes install in the uninstall rpm section. (bsc#1180252) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2021-230=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-230=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2021-230=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (noarch): python2-Pygments-2.2.0-4.3.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): python3-Pygments-2.2.0-4.3.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): python3-Pygments-2.2.0-4.3.2 References: https://bugzilla.suse.com/1180252 From sle-updates at lists.suse.com Wed Jan 27 07:19:49 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Jan 2021 15:19:49 +0100 (CET) Subject: SUSE-RU-2021:0231-1: moderate: Recommended update for apache2 Message-ID: <20210127141949.965FDFF1F@maintenance.suse.de> SUSE Recommended Update: Recommended update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0231-1 Rating: moderate References: #1180530 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for apache2 fixes the following issues: - Fix for an issue when 'gensslcert' does not set CA:True. (bsc#1180530) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-231=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-231=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): apache2-debuginfo-2.4.43-3.17.1 apache2-debugsource-2.4.43-3.17.1 apache2-devel-2.4.43-3.17.1 apache2-worker-2.4.43-3.17.1 apache2-worker-debuginfo-2.4.43-3.17.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): apache2-doc-2.4.43-3.17.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): apache2-2.4.43-3.17.1 apache2-debuginfo-2.4.43-3.17.1 apache2-debugsource-2.4.43-3.17.1 apache2-prefork-2.4.43-3.17.1 apache2-prefork-debuginfo-2.4.43-3.17.1 apache2-utils-2.4.43-3.17.1 apache2-utils-debuginfo-2.4.43-3.17.1 References: https://bugzilla.suse.com/1180530 From sle-updates at lists.suse.com Wed Jan 27 07:20:46 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Jan 2021 15:20:46 +0100 (CET) Subject: SUSE-SU-2021:0232-1: important: Security update for sudo Message-ID: <20210127142046.2429FFF1F@maintenance.suse.de> SUSE Security Update: Security update for sudo ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0232-1 Rating: important References: #1180684 #1181090 Cross-References: CVE-2021-23239 CVE-2021-3156 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for sudo fixes the following issues: - A Heap-based buffer overflow in sudo could be exploited to allow a user to gain root privileges [bsc#1181090,CVE-2021-3156] - It was possible for a user to test for the existence of a directory due to a Race Condition in `sudoedit` [bsc#1180684,CVE-2021-23239] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2021-232=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2021-232=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2021-232=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-232=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): sudo-1.8.10p3-10.29.1 sudo-debuginfo-1.8.10p3-10.29.1 sudo-debugsource-1.8.10p3-10.29.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): sudo-1.8.10p3-10.29.1 sudo-debuginfo-1.8.10p3-10.29.1 sudo-debugsource-1.8.10p3-10.29.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): sudo-1.8.10p3-10.29.1 sudo-debuginfo-1.8.10p3-10.29.1 sudo-debugsource-1.8.10p3-10.29.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): sudo-1.8.10p3-10.29.1 sudo-debuginfo-1.8.10p3-10.29.1 sudo-debugsource-1.8.10p3-10.29.1 References: https://www.suse.com/security/cve/CVE-2021-23239.html https://www.suse.com/security/cve/CVE-2021-3156.html https://bugzilla.suse.com/1180684 https://bugzilla.suse.com/1181090 From sle-updates at lists.suse.com Wed Jan 27 16:17:26 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Jan 2021 00:17:26 +0100 (CET) Subject: SUSE-RU-2021:0234-1: moderate: Recommended update for btrfsprogs Message-ID: <20210127231726.BCC62FF1F@maintenance.suse.de> SUSE Recommended Update: Recommended update for btrfsprogs ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0234-1 Rating: moderate References: #1174206 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for btrfsprogs fixes the following issues: - Add patches to fix the logical-resolve lookup process and to accept the 'ignore offsets' kernel feature. (bsc#1174206) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-234=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-234=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): btrfsprogs-debuginfo-4.5.3-26.9.1 btrfsprogs-debugsource-4.5.3-26.9.1 libbtrfs-devel-4.5.3-26.9.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): btrfsprogs-4.5.3-26.9.1 btrfsprogs-debuginfo-4.5.3-26.9.1 btrfsprogs-debugsource-4.5.3-26.9.1 libbtrfs0-4.5.3-26.9.1 libbtrfs0-debuginfo-4.5.3-26.9.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): btrfsprogs-udev-rules-4.5.3-26.9.1 References: https://bugzilla.suse.com/1174206 From sle-updates at lists.suse.com Thu Jan 28 00:06:57 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Jan 2021 08:06:57 +0100 (CET) Subject: SUSE-CU-2021:35-1: Recommended update of suse/sle15 Message-ID: <20210128070657.85362FF1F@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:35-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.332 Container Release : 4.22.332 Severity : moderate Type : recommended References : 1141597 1174436 1175458 1177490 1179363 1179824 1180225 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:233-1 Released: Wed Jan 27 12:15:33 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1141597,1174436,1175458,1177490,1179363,1179824,1180225 This update for systemd fixes the following issues: - Added a timestamp to the output of the busctl monitor command (bsc#1180225) - Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824) - Improved the caching of cgroups member mask (bsc#1175458) - Fixed the dependency definition of sound.target (bsc#1179363) - Fixed a bug that could lead to a potential error, when daemon-reload is called between StartTransientUnit and scope_start() (bsc#1174436) - time-util: treat /etc/localtime missing as UTC (bsc#1141597) - Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) From sle-updates at lists.suse.com Thu Jan 28 00:19:41 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Jan 2021 08:19:41 +0100 (CET) Subject: SUSE-CU-2021:36-1: Recommended update of suse/sle15 Message-ID: <20210128071941.4FF9CFF1F@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:36-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.386 Container Release : 6.2.386 Severity : moderate Type : recommended References : 1141597 1174436 1175458 1177490 1179363 1179824 1180225 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:233-1 Released: Wed Jan 27 12:15:33 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1141597,1174436,1175458,1177490,1179363,1179824,1180225 This update for systemd fixes the following issues: - Added a timestamp to the output of the busctl monitor command (bsc#1180225) - Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824) - Improved the caching of cgroups member mask (bsc#1175458) - Fixed the dependency definition of sound.target (bsc#1179363) - Fixed a bug that could lead to a potential error, when daemon-reload is called between StartTransientUnit and scope_start() (bsc#1174436) - time-util: treat /etc/localtime missing as UTC (bsc#1141597) - Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) From sle-updates at lists.suse.com Thu Jan 28 00:26:13 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Jan 2021 08:26:13 +0100 (CET) Subject: SUSE-CU-2021:37-1: Recommended update of suse/sle15 Message-ID: <20210128072613.12391FF1F@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:37-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.8.2.834 Container Release : 8.2.834 Severity : moderate Type : recommended References : 1141597 1174436 1175458 1177490 1179363 1179824 1180225 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:233-1 Released: Wed Jan 27 12:15:33 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1141597,1174436,1175458,1177490,1179363,1179824,1180225 This update for systemd fixes the following issues: - Added a timestamp to the output of the busctl monitor command (bsc#1180225) - Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824) - Improved the caching of cgroups member mask (bsc#1175458) - Fixed the dependency definition of sound.target (bsc#1179363) - Fixed a bug that could lead to a potential error, when daemon-reload is called between StartTransientUnit and scope_start() (bsc#1174436) - time-util: treat /etc/localtime missing as UTC (bsc#1141597) - Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) From sle-updates at lists.suse.com Thu Jan 28 07:16:47 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Jan 2021 15:16:47 +0100 (CET) Subject: SUSE-RU-2021:0235-1: moderate: Recommended update for yast2-installation-control, yast2-update, and yast2-pkg-bindings Message-ID: <20210128141647.A53E1FF1F@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-installation-control, yast2-update, and yast2-pkg-bindings ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0235-1 Rating: moderate References: #1173509 #1176275 #1176276 #1178688 SLE-14807 SLE-15184 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Installer 15-SP2 ______________________________________________________________________________ An update that has four recommended fixes and contains two features can now be installed. Description: This update for yast2, yast2-installation-control, yast2-update, and yast2-pkg-bindings fixes the following issues: yast2: - Fixed `Resolvables class` to uniquely identify the libzypp objects to avoid random failures (bsc#1178688) yast2-installation-control: - Allowing the change of vendor without user interaction. (jsc#SLE-14807, jsc#SLE-15184) yast2-pkg-bindings: - Allow filtering resolvables by RPM path, return RPM path for the product packages (bsc#1178688, bsc#1176276) - Set the previous `distro_target` option when restarting the package manager (bsc#1176275) - Expand the URL when libzypp expects it and avoid wrong repository name generated during installation. (bsc#1173509) - Allowing the change of vendor without user interaction. (jsc#SLE-14807, jsc#SLE-15184) yast2-update: - Extended the list of compatible vendors. (jsc#SLE-14807) - Fixed selecting the base product (e.g. SLES) during upgrade. (bsc#1176276, bsc#1176275) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-235=1 - SUSE Linux Enterprise Installer 15-SP2: zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2021-235=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): yast2-4.2.91-3.21.2 yast2-logs-4.2.91-3.21.2 yast2-pkg-bindings-4.2.15-3.12.2 yast2-pkg-bindings-debuginfo-4.2.15-3.12.2 yast2-pkg-bindings-debugsource-4.2.15-3.12.2 yast2-update-4.2.20-3.4.2 - SUSE Linux Enterprise Installer 15-SP2 (aarch64 ppc64le s390x x86_64): yast2-4.2.91-3.21.2 yast2-pkg-bindings-4.2.15-3.12.2 References: https://bugzilla.suse.com/1173509 https://bugzilla.suse.com/1176275 https://bugzilla.suse.com/1176276 https://bugzilla.suse.com/1178688 From sle-updates at lists.suse.com Thu Jan 28 16:16:13 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Jan 2021 00:16:13 +0100 (CET) Subject: SUSE-RU-2021:0237-1: moderate: Recommended update for habootstrap-formula Message-ID: <20210128231613.2C021FF1F@maintenance.suse.de> SUSE Recommended Update: Recommended update for habootstrap-formula ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0237-1 Rating: moderate References: #1177860 SLE-4047 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP2 SUSE Linux Enterprise Module for SAP Applications 15-SP1 SUSE Linux Enterprise Module for SAP Applications 15 ______________________________________________________________________________ An update that has one recommended fix and contains one feature can now be installed. Description: This update for drbd-formula, habootstrap-formula, iscsi-formula, saphanabootstrap-formula, sapnwbootstrap-formula fixes the following issues: drbd-formula: - Version 0.4.0 - Change `salt-formulas-configuration` requirement in SLE12 codestream to a recommendation (bsc#1177860) habootstrap-formula: - Version 0.4.0 - Change `salt-formulas-configuration` requirement in SLE12 codestream to a recommendation (bsc#1177860) - Remove lock states as this is done in `crmsh` now - Fix ssh keys management to run them once the first node is initialized - Remove `--no-overwrite-sshkey` option from the formula - `qdevice` support: it can be created when initializing a cluster when multiple nodes are joining in parallel iscsi-formula: - Change `salt-formulas-configuration` requirement in SLE12 codestream to a recommendation (bsc#1177860) saphanabootstrap-formula: - Version 0.7.0 - Change `salt-formulas-configuration` requirement in SLE12 codestream to a recommendation (bsc#1177860) - Start the `saptune` daemon service - Add requisite of HANA installation to subsequent salt states - Add support to extract and install HANA Client `sar` packages - Set the native fence mechanism usage for `CSP` as optional (jsc#SLE-4047) - Fix the HANA media extraction and installation logics when using `exe` archives - Update the SUSE Manager HANA form metadata, to show HANA form under SAP deployment group - Update SUSe Manager `form.yml` file and prevalidation state with latest changes in formula sapnwbootstrap-formula: - Version 0.6.0 - Change `salt-formulas-configuration` requirement in SLE12 codestream to a recommendation (bsc#1177860) - Add requisites of `netweaver` installation to subsequent salt states - Start the `saptune` systemd service - Fix `additional_dvds` variable usage when salt uses python 2. - The variable is filtered by `tojson` option to avoid `u` prefix in lists - Set the native fence mechanism usage for `CSP` as optional - Add instance name suffix to `socat` resources - Remove meta `resource-stickness` to the `ERS` resources group - Update the db installation template to use correctly the schema names for S/4HANA - Update the default `nw_extract_dir` `SWPM` media extraction location Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2021-237=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2021-237=1 - SUSE Linux Enterprise Module for SAP Applications 15: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-2021-237=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP2 (noarch): iscsi-formula-1.1.1-1.6.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1 (noarch): drbd-formula-0.4.0+git.1611073587.55c0dfd-1.6.1 habootstrap-formula-0.4.0+git.1611213679.df6b3fb-1.14.1 iscsi-formula-1.1.1-1.6.1 saphanabootstrap-formula-0.7.0+git.1611071677.5443549-1.12.1 sapnwbootstrap-formula-0.6.0+git.1611071663.f186586-1.12.1 - SUSE Linux Enterprise Module for SAP Applications 15 (noarch): drbd-formula-0.4.0+git.1611073587.55c0dfd-1.6.1 habootstrap-formula-0.4.0+git.1611213679.df6b3fb-1.14.1 iscsi-formula-1.1.1-1.6.1 saphanabootstrap-formula-0.7.0+git.1611071677.5443549-1.12.1 sapnwbootstrap-formula-0.6.0+git.1611071663.f186586-1.12.1 References: https://bugzilla.suse.com/1177860 From sle-updates at lists.suse.com Thu Jan 28 16:19:12 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Jan 2021 00:19:12 +0100 (CET) Subject: SUSE-RU-2021:0238-1: important: Recommended update for habootstrap-formula, iscsi-formula, salt, saphanabootstrap-formula, sapnwbootstrap-formula Message-ID: <20210128231912.E7FF5FF1F@maintenance.suse.de> SUSE Recommended Update: Recommended update for habootstrap-formula, iscsi-formula, salt, saphanabootstrap-formula, sapnwbootstrap-formula ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0238-1 Rating: important References: #1177860 ECO-1965 SLE-4047 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 ______________________________________________________________________________ An update that has one recommended fix and contains two features can now be installed. Description: This update for drbd-formula, habootstrap-formula, iscsi-formula, salt, saphanabootstrap-formula, sapnwbootstrap-formula fixes the following issues: drbd-formula: - Version 0.4.0 - Change `salt-formulas-configuration` requirement in SLE12 codestream to a recommendation (bsc#1177860) sapnwbootstrap-formula: - Version 0.6.0 - Change `salt-formulas-configuration` requirement in SLE12 codestream to a recommendation (bsc#1177860) - Add requisites of `netweaver` installation to subsequent salt states - Start the `saptune` systemd service - Fix `additional_dvds` variable usage when salt uses python 2. - The variable is filtered by `tojson` option to avoid `u` prefix in lists - Set the native fence mechanism usage for `CSP` as optional - Add instance name suffix to `socat` resources - Remove meta `resource-stickness` to the `ERS` resources group - Update the db installation template to use correctly the schema names for S/4HANA - Update the default `nw_extract_dir` `SWPM` media extraction location - Create SUSE Manager form based on latest pillar and formula data (jsc#SLE-4047) - Implement the differences between `ENSA1` and `ENSA2` versions - Add the `keepalive` configuration changes habootstrap-formula: - Version 0.4.0 - Change salt-formulas-configuration requirement in SLE12 codestream to a recommendation (bsc#1177860) - Remove lock states as this is done in `crmsh` now - Fix ssh keys management to run them once when the first node is initialized - Remove `--no-overwrite-sshkey` option from the formula - `qdevice` support: it can be created when initializing a cluster - Update the prevalidation logic to check for valid `sbd` entries (jsc#SLE-4047) - Improve Formula with form description (jsc#SLE-4047) - Update the SUSE Manager `form.yml` file and prevalidation state with latest changes in project saphanabootstrap-formula: - Version 0.7.0: - Change salt-formulas-configuration requirement in SLE12 codestream to a recommendation (bsc#1177860) - Start the `saptune` daemon service - Add requisite of hana installation to the subsequent salt states - Add support to extract and install HANA Client `sar` packages - Set the native fence mechanism usage for `CSP` as optional - Update the package version after SUSE Manager form update and extraction logic update (jsc#SLE-4047) - Fix the HANA media extraction and installation logics when using `exe` archives - Update the SUSE Manager HANA form metadata, to show HANA form under SAP deployment group - Update SUSE Manager `form.yml` file and prevalidation state with latest changes in formula - Change the default `hana_extract_dir` HANA media extraction location - Remove the copy of config files for exporters since we use `/usr/etc` iscsi-formula: - Version 1.1.1: - Change `salt-formulas-configuration` requirement in SLE12 codestream to a recommendation (bsc#1177860) - Add `iscsi-formula` to the SLES for SAP products. (jsc#ECO-1965, jsc#SLE-4047) salt: - No source code changes, just add the salt-standalone-formulas-configuration package to the SLES for SAP products. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP5: zypper in -t patch SUSE-SLE-SAP-12-SP5-2021-238=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-238=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-238=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP5 (noarch): drbd-formula-0.4.0+git.1611073587.55c0dfd-4.6.1 habootstrap-formula-0.4.0+git.1611213679.df6b3fb-4.13.1 iscsi-formula-1.1.1-4.5.1 saphanabootstrap-formula-0.7.0+git.1611071677.5443549-4.11.1 sapnwbootstrap-formula-0.6.0+git.1611071663.f186586-4.11.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): drbd-formula-0.4.0+git.1611073587.55c0dfd-4.6.1 habootstrap-formula-0.4.0+git.1611213679.df6b3fb-4.13.1 iscsi-formula-1.1.1-4.5.1 saphanabootstrap-formula-0.7.0+git.1611071677.5443549-4.11.1 sapnwbootstrap-formula-0.6.0+git.1611071663.f186586-4.11.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): drbd-formula-0.4.0+git.1611073587.55c0dfd-4.6.1 habootstrap-formula-0.4.0+git.1611213679.df6b3fb-4.13.1 iscsi-formula-1.1.1-4.5.1 saphanabootstrap-formula-0.7.0+git.1611071677.5443549-4.11.1 sapnwbootstrap-formula-0.6.0+git.1611071663.f186586-4.11.1 References: https://bugzilla.suse.com/1177860 From sle-updates at lists.suse.com Fri Jan 29 04:16:32 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Jan 2021 12:16:32 +0100 (CET) Subject: SUSE-RU-2021:0240-1: moderate: Recommended update for python-azure-agent Message-ID: <20210129111632.9FF33FFB1@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-azure-agent ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0240-1 Rating: moderate References: #1180719 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-azure-agent contains the following fix: + Recognise SLE_HPC as SLES and use the proper RDMA handler and distro specific initialization code. (bsc#1180719) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2021-240=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): python-azure-agent-2.2.49.2-7.27.3 References: https://bugzilla.suse.com/1180719 From sle-updates at lists.suse.com Fri Jan 29 04:17:35 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Jan 2021 12:17:35 +0100 (CET) Subject: SUSE-RU-2021:0239-1: moderate: Recommended update for btrfsprogs Message-ID: <20210129111735.3C2ADFF1F@maintenance.suse.de> SUSE Recommended Update: Recommended update for btrfsprogs ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0239-1 Rating: moderate References: #1174206 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for btrfsprogs fixes the following issues: - Add patches to fix the logical-resolve lookup process and to accept the 'ignore offsets' kernel feature. (bsc#1174206) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-239=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): btrfsprogs-4.19.1-8.6.2 btrfsprogs-debuginfo-4.19.1-8.6.2 btrfsprogs-debugsource-4.19.1-8.6.2 libbtrfs-devel-4.19.1-8.6.2 libbtrfs0-4.19.1-8.6.2 libbtrfs0-debuginfo-4.19.1-8.6.2 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): btrfsprogs-udev-rules-4.19.1-8.6.2 References: https://bugzilla.suse.com/1174206 From sle-updates at lists.suse.com Fri Jan 29 07:17:26 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Jan 2021 15:17:26 +0100 (CET) Subject: SUSE-SU-2021:0243-1: moderate: Security update for jackson-databind Message-ID: <20210129141726.57E89FF1F@maintenance.suse.de> SUSE Security Update: Security update for jackson-databind ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0243-1 Rating: moderate References: #1177616 #1180391 #1181118 Cross-References: CVE-2020-25649 CVE-2020-35728 CVE-2021-20190 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP2 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for jackson-databind fixes the following issues: jackson-databind was updated to 2.10.5.1: * #2589: `DOMDeserializer`: setExpandEntityReferences(false) may not prevent external entity expansion in all cases (CVE-2020-25649, bsc#1177616) * #2787 (partial fix): NPE after add mixin for enum * #2679: 'ObjectMapper.readValue("123", Void.TYPE)' throws "should never occur" Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-243=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch): jackson-databind-2.10.5.1-3.3.2 References: https://www.suse.com/security/cve/CVE-2020-25649.html https://www.suse.com/security/cve/CVE-2020-35728.html https://www.suse.com/security/cve/CVE-2021-20190.html https://bugzilla.suse.com/1177616 https://bugzilla.suse.com/1180391 https://bugzilla.suse.com/1181118 From sle-updates at lists.suse.com Fri Jan 29 07:18:37 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Jan 2021 15:18:37 +0100 (CET) Subject: SUSE-SU-2021:0245-1: important: Security update for MozillaThunderbird Message-ID: <20210129141837.CD641FF1F@maintenance.suse.de> SUSE Security Update: Security update for MozillaThunderbird ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0245-1 Rating: important References: #1181414 Cross-References: CVE-2020-15685 CVE-2020-26976 CVE-2021-23953 CVE-2021-23954 CVE-2021-23960 CVE-2021-23964 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP1 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird was updated to 78.7.0 ESR (MFSA 2021-05, bsc#1181414) * CVE-2021-23953: Fixed a Cross-origin information leakage via redirected PDF requests * CVE-2021-23954: Fixed a type confusion when using logical assignment operators in JavaScript switch statements * CVE-2020-26976: Fixed an issue where HTTPS pages could have been intercepted by a registered service worker when they should not have been * CVE-2021-23960: Fixed a use-after-poison for incorrectly redeclared JavaScript variables during GC * CVE-2021-23964: Fixed Memory safety bugs * CVE-2020-15685: Fixed an IMAP Response Injection when using STARTTLS Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP1: zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2021-245=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP1 (x86_64): MozillaThunderbird-78.7.0-3.119.1 MozillaThunderbird-debuginfo-78.7.0-3.119.1 MozillaThunderbird-debugsource-78.7.0-3.119.1 MozillaThunderbird-translations-common-78.7.0-3.119.1 MozillaThunderbird-translations-other-78.7.0-3.119.1 References: https://www.suse.com/security/cve/CVE-2020-15685.html https://www.suse.com/security/cve/CVE-2020-26976.html https://www.suse.com/security/cve/CVE-2021-23953.html https://www.suse.com/security/cve/CVE-2021-23954.html https://www.suse.com/security/cve/CVE-2021-23960.html https://www.suse.com/security/cve/CVE-2021-23964.html https://bugzilla.suse.com/1181414 From sle-updates at lists.suse.com Fri Jan 29 07:19:39 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Jan 2021 15:19:39 +0100 (CET) Subject: SUSE-RU-2021:0244-1: moderate: Recommended update for openssl-1_0_0 Message-ID: <20210129141939.27C1AFF1F@maintenance.suse.de> SUSE Recommended Update: Recommended update for openssl-1_0_0 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0244-1 Rating: moderate References: #1180777 #1180959 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for openssl-1_0_0 fixes the following issues: - Add declaration of BN_secure_new() function needed by other packages. (bsc#1180777) - Add FIPS elliptic curve key check necessary for FIPS 140-2 certification. (bsc#1180959) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-244=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-244=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-244=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-244=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-244=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-244=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): openssl-1_0_0-doc-1.0.2p-3.33.1 - SUSE OpenStack Cloud Crowbar 9 (x86_64): libopenssl-1_0_0-devel-1.0.2p-3.33.1 libopenssl1_0_0-1.0.2p-3.33.1 libopenssl1_0_0-32bit-1.0.2p-3.33.1 libopenssl1_0_0-debuginfo-1.0.2p-3.33.1 libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.33.1 libopenssl1_0_0-hmac-1.0.2p-3.33.1 libopenssl1_0_0-hmac-32bit-1.0.2p-3.33.1 openssl-1_0_0-1.0.2p-3.33.1 openssl-1_0_0-debuginfo-1.0.2p-3.33.1 openssl-1_0_0-debugsource-1.0.2p-3.33.1 - SUSE OpenStack Cloud 9 (noarch): openssl-1_0_0-doc-1.0.2p-3.33.1 - SUSE OpenStack Cloud 9 (x86_64): libopenssl-1_0_0-devel-1.0.2p-3.33.1 libopenssl1_0_0-1.0.2p-3.33.1 libopenssl1_0_0-32bit-1.0.2p-3.33.1 libopenssl1_0_0-debuginfo-1.0.2p-3.33.1 libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.33.1 libopenssl1_0_0-hmac-1.0.2p-3.33.1 libopenssl1_0_0-hmac-32bit-1.0.2p-3.33.1 openssl-1_0_0-1.0.2p-3.33.1 openssl-1_0_0-debuginfo-1.0.2p-3.33.1 openssl-1_0_0-debugsource-1.0.2p-3.33.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-3.33.1 openssl-1_0_0-debuginfo-1.0.2p-3.33.1 openssl-1_0_0-debugsource-1.0.2p-3.33.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libopenssl-1_0_0-devel-1.0.2p-3.33.1 libopenssl1_0_0-1.0.2p-3.33.1 libopenssl1_0_0-debuginfo-1.0.2p-3.33.1 libopenssl1_0_0-hmac-1.0.2p-3.33.1 openssl-1_0_0-1.0.2p-3.33.1 openssl-1_0_0-debuginfo-1.0.2p-3.33.1 openssl-1_0_0-debugsource-1.0.2p-3.33.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): openssl-1_0_0-doc-1.0.2p-3.33.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libopenssl1_0_0-32bit-1.0.2p-3.33.1 libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.33.1 libopenssl1_0_0-hmac-32bit-1.0.2p-3.33.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-3.33.1 libopenssl1_0_0-1.0.2p-3.33.1 libopenssl1_0_0-debuginfo-1.0.2p-3.33.1 libopenssl1_0_0-hmac-1.0.2p-3.33.1 openssl-1_0_0-1.0.2p-3.33.1 openssl-1_0_0-debuginfo-1.0.2p-3.33.1 openssl-1_0_0-debugsource-1.0.2p-3.33.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libopenssl1_0_0-32bit-1.0.2p-3.33.1 libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.33.1 libopenssl1_0_0-hmac-32bit-1.0.2p-3.33.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): openssl-1_0_0-doc-1.0.2p-3.33.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libopenssl-1_0_0-devel-1.0.2p-3.33.1 libopenssl1_0_0-1.0.2p-3.33.1 libopenssl1_0_0-debuginfo-1.0.2p-3.33.1 libopenssl1_0_0-hmac-1.0.2p-3.33.1 openssl-1_0_0-1.0.2p-3.33.1 openssl-1_0_0-debuginfo-1.0.2p-3.33.1 openssl-1_0_0-debugsource-1.0.2p-3.33.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libopenssl1_0_0-32bit-1.0.2p-3.33.1 libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.33.1 libopenssl1_0_0-hmac-32bit-1.0.2p-3.33.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): openssl-1_0_0-doc-1.0.2p-3.33.1 References: https://bugzilla.suse.com/1180777 https://bugzilla.suse.com/1180959 From sle-updates at lists.suse.com Fri Jan 29 07:20:53 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Jan 2021 15:20:53 +0100 (CET) Subject: SUSE-SU-2021:0241-1: important: Security update for MozillaFirefox Message-ID: <20210129142053.86911FF1F@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0241-1 Rating: important References: #1181414 Cross-References: CVE-2020-26976 CVE-2021-23953 CVE-2021-23954 CVE-2021-23960 CVE-2021-23964 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.7.0 ESR (MFSA 2021-04, bsc#1181414) * CVE-2021-23953: Fixed a Cross-origin information leakage via redirected PDF requests * CVE-2021-23954: Fixed a type confusion when using logical assignment operators in JavaScript switch statements * CVE-2020-26976: Fixed an issue where HTTPS pages could have been intercepted by a registered service worker when they should not have been * CVE-2021-23960: Fixed a use-after-poison for incorrectly redeclared JavaScript variables during GC * CVE-2021-23964: Fixed Memory safety bugs Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-241=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-241=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-241=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-241=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2021-241=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-241=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-241=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-241=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2021-241=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-241=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-241=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-241=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-241=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2021-241=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-241=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2021-241=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-241=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): MozillaFirefox-78.7.0-112.45.1 MozillaFirefox-debuginfo-78.7.0-112.45.1 MozillaFirefox-debugsource-78.7.0-112.45.1 MozillaFirefox-devel-78.7.0-112.45.1 MozillaFirefox-translations-common-78.7.0-112.45.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): MozillaFirefox-78.7.0-112.45.1 MozillaFirefox-debuginfo-78.7.0-112.45.1 MozillaFirefox-debugsource-78.7.0-112.45.1 MozillaFirefox-devel-78.7.0-112.45.1 MozillaFirefox-translations-common-78.7.0-112.45.1 - SUSE OpenStack Cloud 9 (x86_64): MozillaFirefox-78.7.0-112.45.1 MozillaFirefox-debuginfo-78.7.0-112.45.1 MozillaFirefox-debugsource-78.7.0-112.45.1 MozillaFirefox-devel-78.7.0-112.45.1 MozillaFirefox-translations-common-78.7.0-112.45.1 - SUSE OpenStack Cloud 8 (x86_64): MozillaFirefox-78.7.0-112.45.1 MozillaFirefox-debuginfo-78.7.0-112.45.1 MozillaFirefox-debugsource-78.7.0-112.45.1 MozillaFirefox-devel-78.7.0-112.45.1 MozillaFirefox-translations-common-78.7.0-112.45.1 - SUSE OpenStack Cloud 7 (s390x x86_64): MozillaFirefox-78.7.0-112.45.1 MozillaFirefox-debuginfo-78.7.0-112.45.1 MozillaFirefox-debugsource-78.7.0-112.45.1 MozillaFirefox-devel-78.7.0-112.45.1 MozillaFirefox-translations-common-78.7.0-112.45.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-78.7.0-112.45.1 MozillaFirefox-debugsource-78.7.0-112.45.1 MozillaFirefox-devel-78.7.0-112.45.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): MozillaFirefox-78.7.0-112.45.1 MozillaFirefox-debuginfo-78.7.0-112.45.1 MozillaFirefox-debugsource-78.7.0-112.45.1 MozillaFirefox-devel-78.7.0-112.45.1 MozillaFirefox-translations-common-78.7.0-112.45.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): MozillaFirefox-78.7.0-112.45.1 MozillaFirefox-debuginfo-78.7.0-112.45.1 MozillaFirefox-debugsource-78.7.0-112.45.1 MozillaFirefox-devel-78.7.0-112.45.1 MozillaFirefox-translations-common-78.7.0-112.45.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): MozillaFirefox-78.7.0-112.45.1 MozillaFirefox-debuginfo-78.7.0-112.45.1 MozillaFirefox-debugsource-78.7.0-112.45.1 MozillaFirefox-devel-78.7.0-112.45.1 MozillaFirefox-translations-common-78.7.0-112.45.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.7.0-112.45.1 MozillaFirefox-debuginfo-78.7.0-112.45.1 MozillaFirefox-debugsource-78.7.0-112.45.1 MozillaFirefox-devel-78.7.0-112.45.1 MozillaFirefox-translations-common-78.7.0-112.45.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.7.0-112.45.1 MozillaFirefox-debuginfo-78.7.0-112.45.1 MozillaFirefox-debugsource-78.7.0-112.45.1 MozillaFirefox-devel-78.7.0-112.45.1 MozillaFirefox-translations-common-78.7.0-112.45.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.7.0-112.45.1 MozillaFirefox-debuginfo-78.7.0-112.45.1 MozillaFirefox-debugsource-78.7.0-112.45.1 MozillaFirefox-devel-78.7.0-112.45.1 MozillaFirefox-translations-common-78.7.0-112.45.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): MozillaFirefox-78.7.0-112.45.1 MozillaFirefox-debuginfo-78.7.0-112.45.1 MozillaFirefox-debugsource-78.7.0-112.45.1 MozillaFirefox-devel-78.7.0-112.45.1 MozillaFirefox-translations-common-78.7.0-112.45.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): MozillaFirefox-78.7.0-112.45.1 MozillaFirefox-debuginfo-78.7.0-112.45.1 MozillaFirefox-debugsource-78.7.0-112.45.1 MozillaFirefox-devel-78.7.0-112.45.1 MozillaFirefox-translations-common-78.7.0-112.45.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): MozillaFirefox-78.7.0-112.45.1 MozillaFirefox-debuginfo-78.7.0-112.45.1 MozillaFirefox-debugsource-78.7.0-112.45.1 MozillaFirefox-devel-78.7.0-112.45.1 MozillaFirefox-translations-common-78.7.0-112.45.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): MozillaFirefox-78.7.0-112.45.1 MozillaFirefox-debuginfo-78.7.0-112.45.1 MozillaFirefox-debugsource-78.7.0-112.45.1 MozillaFirefox-devel-78.7.0-112.45.1 MozillaFirefox-translations-common-78.7.0-112.45.1 - HPE Helion Openstack 8 (x86_64): MozillaFirefox-78.7.0-112.45.1 MozillaFirefox-debuginfo-78.7.0-112.45.1 MozillaFirefox-debugsource-78.7.0-112.45.1 MozillaFirefox-devel-78.7.0-112.45.1 MozillaFirefox-translations-common-78.7.0-112.45.1 References: https://www.suse.com/security/cve/CVE-2020-26976.html https://www.suse.com/security/cve/CVE-2021-23953.html https://www.suse.com/security/cve/CVE-2021-23954.html https://www.suse.com/security/cve/CVE-2021-23960.html https://www.suse.com/security/cve/CVE-2021-23964.html https://bugzilla.suse.com/1181414 From sle-updates at lists.suse.com Fri Jan 29 07:21:56 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Jan 2021 15:21:56 +0100 (CET) Subject: SUSE-SU-2021:14609-1: important: Security update for MozillaFirefox Message-ID: <20210129142156.0DE27FF1F@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14609-1 Rating: important References: #1181414 Cross-References: CVE-2020-26976 CVE-2021-23953 CVE-2021-23954 CVE-2021-23960 CVE-2021-23964 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.7.0 ESR (MFSA 2021-04, bsc#1181414) * CVE-2021-23953: Fixed a Cross-origin information leakage via redirected PDF requests * CVE-2021-23954: Fixed a type confusion when using logical assignment operators in JavaScript switch statements * CVE-2020-26976: Fixed an issue where HTTPS pages could have been intercepted by a registered service worker when they should not have been * CVE-2021-23960: Fixed a use-after-poison for incorrectly redeclared JavaScript variables during GC * CVE-2021-23964: Fixed Memory safety bugs Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-MozillaFirefox-14609=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-MozillaFirefox-14609=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (x86_64): MozillaFirefox-78.7.0-78.114.1 MozillaFirefox-translations-common-78.7.0-78.114.1 MozillaFirefox-translations-other-78.7.0-78.114.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64): MozillaFirefox-debuginfo-78.7.0-78.114.1 References: https://www.suse.com/security/cve/CVE-2020-26976.html https://www.suse.com/security/cve/CVE-2021-23953.html https://www.suse.com/security/cve/CVE-2021-23954.html https://www.suse.com/security/cve/CVE-2021-23960.html https://www.suse.com/security/cve/CVE-2021-23964.html https://bugzilla.suse.com/1181414 From sle-updates at lists.suse.com Fri Jan 29 10:16:20 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Jan 2021 18:16:20 +0100 (CET) Subject: SUSE-SU-2021:0246-1: important: Security update for MozillaFirefox Message-ID: <20210129171620.3C70CFF1F@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0246-1 Rating: important References: #1181414 Cross-References: CVE-2020-26976 CVE-2021-23953 CVE-2021-23954 CVE-2021-23960 CVE-2021-23964 Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.7.0 ESR (MFSA 2021-04, bsc#1181414) * CVE-2021-23953: Fixed a Cross-origin information leakage via redirected PDF requests * CVE-2021-23954: Fixed a type confusion when using logical assignment operators in JavaScript switch statements * CVE-2020-26976: Fixed an issue where HTTPS pages could have been intercepted by a registered service worker when they should not have been * CVE-2021-23960: Fixed a use-after-poison for incorrectly redeclared JavaScript variables during GC * CVE-2021-23964: Fixed Memory safety bugs Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-246=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-246=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-246=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-246=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-246=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-246=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2021-246=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-246=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-246=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-246=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): MozillaFirefox-78.7.0-3.128.2 MozillaFirefox-debuginfo-78.7.0-3.128.2 MozillaFirefox-debugsource-78.7.0-3.128.2 MozillaFirefox-devel-78.7.0-3.128.2 MozillaFirefox-translations-common-78.7.0-3.128.2 MozillaFirefox-translations-other-78.7.0-3.128.2 - SUSE Manager Retail Branch Server 4.0 (x86_64): MozillaFirefox-78.7.0-3.128.2 MozillaFirefox-debuginfo-78.7.0-3.128.2 MozillaFirefox-debugsource-78.7.0-3.128.2 MozillaFirefox-devel-78.7.0-3.128.2 MozillaFirefox-translations-common-78.7.0-3.128.2 MozillaFirefox-translations-other-78.7.0-3.128.2 - SUSE Manager Proxy 4.0 (x86_64): MozillaFirefox-78.7.0-3.128.2 MozillaFirefox-debuginfo-78.7.0-3.128.2 MozillaFirefox-debugsource-78.7.0-3.128.2 MozillaFirefox-devel-78.7.0-3.128.2 MozillaFirefox-translations-common-78.7.0-3.128.2 MozillaFirefox-translations-other-78.7.0-3.128.2 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): MozillaFirefox-78.7.0-3.128.2 MozillaFirefox-debuginfo-78.7.0-3.128.2 MozillaFirefox-debugsource-78.7.0-3.128.2 MozillaFirefox-devel-78.7.0-3.128.2 MozillaFirefox-translations-common-78.7.0-3.128.2 MozillaFirefox-translations-other-78.7.0-3.128.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.7.0-3.128.2 MozillaFirefox-debuginfo-78.7.0-3.128.2 MozillaFirefox-debugsource-78.7.0-3.128.2 MozillaFirefox-devel-78.7.0-3.128.2 MozillaFirefox-translations-common-78.7.0-3.128.2 MozillaFirefox-translations-other-78.7.0-3.128.2 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): MozillaFirefox-78.7.0-3.128.2 MozillaFirefox-debuginfo-78.7.0-3.128.2 MozillaFirefox-debugsource-78.7.0-3.128.2 MozillaFirefox-devel-78.7.0-3.128.2 MozillaFirefox-translations-common-78.7.0-3.128.2 MozillaFirefox-translations-other-78.7.0-3.128.2 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.7.0-3.128.2 MozillaFirefox-debuginfo-78.7.0-3.128.2 MozillaFirefox-debugsource-78.7.0-3.128.2 MozillaFirefox-devel-78.7.0-3.128.2 MozillaFirefox-translations-common-78.7.0-3.128.2 MozillaFirefox-translations-other-78.7.0-3.128.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): MozillaFirefox-78.7.0-3.128.2 MozillaFirefox-debuginfo-78.7.0-3.128.2 MozillaFirefox-debugsource-78.7.0-3.128.2 MozillaFirefox-devel-78.7.0-3.128.2 MozillaFirefox-translations-common-78.7.0-3.128.2 MozillaFirefox-translations-other-78.7.0-3.128.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): MozillaFirefox-78.7.0-3.128.2 MozillaFirefox-debuginfo-78.7.0-3.128.2 MozillaFirefox-debugsource-78.7.0-3.128.2 MozillaFirefox-devel-78.7.0-3.128.2 MozillaFirefox-translations-common-78.7.0-3.128.2 MozillaFirefox-translations-other-78.7.0-3.128.2 - SUSE Enterprise Storage 6 (aarch64 x86_64): MozillaFirefox-78.7.0-3.128.2 MozillaFirefox-debuginfo-78.7.0-3.128.2 MozillaFirefox-debugsource-78.7.0-3.128.2 MozillaFirefox-devel-78.7.0-3.128.2 MozillaFirefox-translations-common-78.7.0-3.128.2 MozillaFirefox-translations-other-78.7.0-3.128.2 - SUSE CaaS Platform 4.0 (x86_64): MozillaFirefox-78.7.0-3.128.2 MozillaFirefox-debuginfo-78.7.0-3.128.2 MozillaFirefox-debugsource-78.7.0-3.128.2 MozillaFirefox-devel-78.7.0-3.128.2 MozillaFirefox-translations-common-78.7.0-3.128.2 MozillaFirefox-translations-other-78.7.0-3.128.2 References: https://www.suse.com/security/cve/CVE-2020-26976.html https://www.suse.com/security/cve/CVE-2021-23953.html https://www.suse.com/security/cve/CVE-2021-23954.html https://www.suse.com/security/cve/CVE-2021-23960.html https://www.suse.com/security/cve/CVE-2021-23964.html https://bugzilla.suse.com/1181414 From sle-updates at lists.suse.com Fri Jan 29 13:16:36 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Jan 2021 21:16:36 +0100 (CET) Subject: SUSE-RU-2021:0247-1: moderate: Recommended update for lvm2 Message-ID: <20210129201636.6B50BFF1F@maintenance.suse.de> SUSE Recommended Update: Recommended update for lvm2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:0247-1 Rating: moderate References: #1177533 #1179326 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for lvm2 fixes the following issues: - The destination Logical Volume has a wrong `read_ahead` setting. (bsc#1179326) When moving extents from one physical volume to another (`pmove`), the destination Logical Volume (`LV`) has a wrong `read_ahead` setting. - Fix the changelog entry for bsc#1177533 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-247=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-247=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-247=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-247=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-247=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-247=1 - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2021-247=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2021-247=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): device-mapper-1.02.149-9.51.1 device-mapper-32bit-1.02.149-9.51.1 device-mapper-debuginfo-1.02.149-9.51.1 device-mapper-debuginfo-32bit-1.02.149-9.51.1 lvm2-2.02.180-9.51.1 lvm2-debuginfo-2.02.180-9.51.1 lvm2-debugsource-2.02.180-9.51.1 - SUSE OpenStack Cloud 9 (x86_64): device-mapper-1.02.149-9.51.1 device-mapper-32bit-1.02.149-9.51.1 device-mapper-debuginfo-1.02.149-9.51.1 device-mapper-debuginfo-32bit-1.02.149-9.51.1 lvm2-2.02.180-9.51.1 lvm2-debuginfo-2.02.180-9.51.1 lvm2-debugsource-2.02.180-9.51.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): device-mapper-devel-1.02.149-9.51.1 lvm2-debuginfo-2.02.180-9.51.1 lvm2-debugsource-2.02.180-9.51.1 lvm2-devel-2.02.180-9.51.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): device-mapper-1.02.149-9.51.1 device-mapper-debuginfo-1.02.149-9.51.1 lvm2-2.02.180-9.51.1 lvm2-debuginfo-2.02.180-9.51.1 lvm2-debugsource-2.02.180-9.51.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): device-mapper-32bit-1.02.149-9.51.1 device-mapper-debuginfo-32bit-1.02.149-9.51.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): device-mapper-1.02.149-9.51.1 device-mapper-debuginfo-1.02.149-9.51.1 lvm2-2.02.180-9.51.1 lvm2-debuginfo-2.02.180-9.51.1 lvm2-debugsource-2.02.180-9.51.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): device-mapper-32bit-1.02.149-9.51.1 device-mapper-debuginfo-32bit-1.02.149-9.51.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): device-mapper-1.02.149-9.51.1 device-mapper-debuginfo-1.02.149-9.51.1 lvm2-2.02.180-9.51.1 lvm2-debuginfo-2.02.180-9.51.1 lvm2-debugsource-2.02.180-9.51.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): device-mapper-32bit-1.02.149-9.51.1 device-mapper-debuginfo-32bit-1.02.149-9.51.1 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): lvm2-clvm-2.02.180-9.51.1 lvm2-clvm-debuginfo-2.02.180-9.51.1 lvm2-cmirrord-2.02.180-9.51.1 lvm2-cmirrord-debuginfo-2.02.180-9.51.1 lvm2-debuginfo-2.02.180-9.51.1 lvm2-debugsource-2.02.180-9.51.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): lvm2-clvm-2.02.180-9.51.1 lvm2-clvm-debuginfo-2.02.180-9.51.1 lvm2-cmirrord-2.02.180-9.51.1 lvm2-cmirrord-debuginfo-2.02.180-9.51.1 lvm2-debuginfo-2.02.180-9.51.1 lvm2-debugsource-2.02.180-9.51.1 References: https://bugzilla.suse.com/1177533 https://bugzilla.suse.com/1179326 From sle-updates at lists.suse.com Sat Jan 30 00:01:33 2021 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 30 Jan 2021 08:01:33 +0100 (CET) Subject: SUSE-CU-2021:38-1: Recommended update of suse/sles12sp5 Message-ID: <20210130070133.84ABCFD0A@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:38-1 Container Tags : suse/sles12sp5:6.5.125 , suse/sles12sp5:latest Container Release : 6.5.125 Severity : moderate Type : recommended References : 1180777 1180959 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:244-1 Released: Fri Jan 29 09:46:42 2021 Summary: Recommended update for openssl-1_0_0 Type: recommended Severity: moderate References: 1180777,1180959 This update for openssl-1_0_0 fixes the following issues: - Add declaration of BN_secure_new() function needed by other packages. (bsc#1180777) - Add FIPS elliptic curve key check necessary for FIPS 140-2 certification. (bsc#1180959)